Date: Mon, 20 May 2002 12:25:58 -0500 From: Damon Anton Permezel <dap@damon.com> To: Peter Pentchev <roam@ringlet.net> Cc: freebsd-qa@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: 4.6-* sendmail misfeatures Message-ID: <20020520122558.F962@damon.com> In-Reply-To: <20020520191546.D349@straylight.oblivion.bg>; from roam@ringlet.net on Mon, May 20, 2002 at 07:15:46PM %2B0300 References: <20020520105154.E962@damon.com> <20020520191546.D349@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
It is not a matter of a timeout. The "A ?" come back fine. `dig' and 'nslookup' both resolve the name -- there is no timeout. `ping' works, for example. Because sendmail "correctly" (aka: anal-retentively) adheres to a protocol, it flags this as an error, and doesn't attempt to try the "A ?" query. This means that the outgoing mail sits in the queue forever. This is not a particularly useful default behavior. I have no control over austinenergy.com's DNS. It has nothing to do with my ISP. I am my own ISP, which is why I spent some time looking into this failure, to determine if it was a problem on my end. It is, because I installed a broken sendmail. The success of the internet has often been attributed in part to the philosophy stated in RFC 791. I quote: "The implementation of a protocol must be robust. Each implementation must expect to interoperate with others created by different individuals. .... In general, an implementation must be conservative in its sending behavior, and liberal in its receiving behavior." Burying a "we are correct" manifesto in some README and enforcing a default "correct" behavior results in breaking email connectivity. It would be better to, perhaps, default to working, which I would prefer over it being silently, secretly and smugly "correct". If there really is a need to convert the world, syslog warning entries might be a less unfriendly way to alert the unwashed masses of the egregious violations of "correctness". Cheers, Damon. On Mon, May 20, 2002 at 07:15:46PM +0300, Peter Pentchev wrote: > On Mon, May 20, 2002 at 10:51:54AM -0500, Damon Anton Permezel wrote: > > Since upgrading from 4.5 to 4.6-*, I have had problems exchanging > > email with a correspondent at "austinenergy.com". It shows up as: > > > > % echo hi | mail -v no.such.user@austinenergy.com > > austinenergy.com: Name server timeout > > no.such.user@austinenergy.com... Transient parse error -- message queued for future delivery > > no.such.user@austinenergy.com... queued > > > > I have tracked this down to the fact that sendmail is using a IPv6-style > > lookup request. It is a "AAAA ?" rather than a "A ?" (in tcpdump-esque). > > [CC'd to -qa; this seems to be a usability problem, we are in a release > code freeze, which mostly makes it a QA problem.] > > What exactly is the tcpdump output that you have been getting? > It seems to me that, at least from my end, it is a simple matter > of a timeout - the nameserver for austinenergy.com is listed > from the gTLD servers as bolt.electric.austin.tx.us, and the nameservers > for electric.austin.tx.us seem to not reply to any requests at all: > nslookup, dig, dnsip, dnsipq all return either a timeout or > a 'connection refused', which is mostly synonymous to a timeout. > > The fact that you see an AAAA query from sendmail is due to its (correct) > behavior of trying an AAAA query before an A one, so as to prefer an IPv6 > AAAA record to an IPv4 A record. The fact that sendmail does not even > try an A query is due to its (correctly) assuming that something is wrong > with the server - temporarily - because it received a SERVFAIL response. > The SERVFAIL response (which means exactly as it says, a server failure, > which is assumed to be a temporary condition) is returned by either your > FreeBSD system's resolver library, or your ISP's nameserver, simply > because, well, because the server failed (see above about the timeouts). > > > Further investigation dug up this manifesto in the sendmail README: > > > > When attempting to canonify a hostname, some broken name > > servers will return SERVFAIL (a temporary failure) on T_AAAA > > (IPv6) lookups. If you want to excuse this behavior, include > > WorkAroundBrokenAAAA in ResolverOptions. However, instead, > > we recommend catching the problem and reporting it to the > > name server administrator so we can rid the world of broken > > name servers. > > > > So, in violation of the networking "be liberal in what you accept and > > conservative in what you produce", sendmail in it's new form will have many > > perplexed sysadmins spending lots of time tracking down these mysterious > > failures. > > > > I suggest that the version of sendmail configs shipped with FreeBSD > > should default to having WorkAroundBrokenAAAA set by default. > > Just a question: have you tried it with this option, and did it work? > That is, did you get a response to an A query that you did not get > to an AAAA? Once again, can you post some tcpdump output? > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 > This sentence contradicts itself - or rather - well, no, actually it doesn't! -- -- Damon Permezel dap@damon.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020520122558.F962>