From owner-freebsd-net@FreeBSD.ORG Wed Feb 13 19:23:51 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3C6B16A418; Wed, 13 Feb 2008 19:23:51 +0000 (UTC) (envelope-from Jinmei_Tatuya@isc.org) Received: from mon.jinmei.org (mon.jinmei.org [IPv6:2001:4f8:3:36::162]) by mx1.freebsd.org (Postfix) with ESMTP id C99B413C455; Wed, 13 Feb 2008 19:23:51 +0000 (UTC) (envelope-from Jinmei_Tatuya@isc.org) Received: from dhcp-182.sql1.isc.org (unknown [IPv6:2001:4f8:3:bb:217:f2ff:fee0:a91f]) by mon.jinmei.org (Postfix) with ESMTP id B84B133C59; Wed, 13 Feb 2008 11:23:50 -0800 (PST) Date: Wed, 13 Feb 2008 11:23:50 -0800 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: d@delphij.net In-Reply-To: <47B2488D.70707@delphij.net> <47B2591D.4000703@delphij.net> References: <47B2488D.70707@delphij.net> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.0 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org, ume@FreeBSD.org Subject: Re: Strange resolver behavior X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2008 19:23:51 -0000 At Tue, 12 Feb 2008 17:31:57 -0800, Xin LI wrote: > It looks like that certain (mis)configuration by the baidu.com DNS > administrators has caused this, but I have no clue why our resolver > would return NXDOMAIN after it gets a positive response? (Yes, I know > that _ is not appropriate for domain names :) (I've read the entire thread, but since there still seems to be some confusion, so I'm responding to the very original post of the thread). This problem is not related to the "_". The fundamental problem is, as Edwin already pointed out, (one of) the authoritative server(s) of the shifen.com zone returns NOTIMP for MX of ps_other.a.shifen.com (this is a non-compliant behavior; see RFC4074 - though the main focus of this RFC is AAAA, not MX). So, what should have happened is: > > Received 127 bytes from 127.0.0.1#53 in 0 ms > [delphij@charlie] ~> host ps_other.a.shifen.com > ps_other.a.shifen.com has address 202.108.22.46 So far, fine. > Host ps_other.a.shifen.com not found: 3(NXDOMAIN) At this point host first queried for MX of ps_other.a.shifen.com. This failed with NOTIMP or SERVFAIL (the latter would be returned from a caching server). If your /etc/resolv.conf contains a "domain" or "search" directive (which I guess is the case), (recent versions of) host then tried the same query using the specified domain name(s), e.g., ps_other.a.shifen.com.isc.org. This normally resulted in an NXDOMAIN error, which you saw as the final output. You should be able to see this process by "host -v dict.baidu.com". It should also be noted that this is irrelevant to the "resolver" implementation in libc. The host command uses its own parser of /etc/resolv.conf and resolution routine and doesn't rely on the libc version of resolver. Finally, one thing I still don't understand is this symptom: > Em... That's fine I think, it does not seem to be the MX to cause the > problem, though. I have tried to visit 'dict.baidu.com' in Firefox and > it told me that the name can not resolve. tcpdump indicates that the > server has respond the A RR but resolver still queries AAAA... As far as I can see, there's no problem in resolving AAAA (although the response is negative) unlike the MX case. Can you show the exact output of tcpdump? --- JINMEI, Tatuya Internet Systems Consortium, Inc.