Date: Thu, 9 Jan 2003 03:15:45 +0100 From: Peter Much <pmc@citylink.dinoex.sub.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: Peter Much <pmc@citylink.dinoex.sub.org>, Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: sendmail: how to get the named of FreeBSD4.7 standards compliant? Message-ID: <20030109031545.A80293@disp.oper.dinoex.org> In-Reply-To: <3E1C971C.7581F3BD@mindspring.com>; from tlambert2@mindspring.com on Wed, Jan 08, 2003 at 01:24:44PM -0800 References: <no.id> <20030101181330.C8233@disp.oper.dinoex.org> <3E134659.78028611@mindspring.com> <20030106173652.A495@disp.oper.dinoex.org> <3E1A1336.9F535670@mindspring.com> <20030108000930.A512@disp.oper.dinoex.org> <3E1C971C.7581F3BD@mindspring.com>
index | next in thread | previous in thread | raw e-mail
! > Exactly. And when this is not found, then the resolver will
! > inplicitly issue another query for the unqualified name.
! >
! > And it is even worse with sendmail, because sendmail does quite
! > interesting things there - like switching off RES_DEFNAMES -
! > so this one will definitely not add the local domain.
!
! This is broken in 2 ways:
Hmm... possibly.
! 1) The default names option in the standard resolver will prevent
! another query for the unqualified name, since unqualified names
! are supposed to get the local domain name, unconditionally.
I'm sorry, my named.log shows it the other way round - as does
the debug mode of nslookup:
--------------------------------------------------------------------
$ nslookup
Default Server: localhost.oper.dinoex.org
Address: 127.0.0.1
> set debug
> wurz [defnames is set by default]
Server: localhost.oper.dinoex.org
Address: 127.0.0.1
;; res_nmkquery(QUERY, wurz.oper.dinoex.org, IN, A)
------------
Got answer:
HEADER:
opcode = QUERY, id = 56443, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
wurz.oper.dinoex.org, type = A, class = IN
AUTHORITY RECORDS:
-> oper.dinoex.org
ttl = 3600 (1H)
origin = disp-e.oper.dinoex.org [this is localhost]
mail addr = admin.disp.oper.dinoex.org [this is me]
serial = 20011217
refresh = 3600 (1H)
retry = 900 (15M)
expire = 3600000 (5w6d16h)
minimum ttl = 3600 (1H)
------------
;; res_nmkquery(QUERY, wurz, IN, A)
timeout [here it starts dialing out!]
------------
Got answer:
HEADER:
opcode = QUERY, id = 56444, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
wurz, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 10800 (3H)
origin = A.ROOT-SERVERS.NET
mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2003010801
refresh = 1800 (30M)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 86400 (1D)
------------
*** localhost.oper.dinoex.org can't find wurz: Non-existent host/domain
> set nodefnames
> wurz
Server: localhost.oper.dinoex.org
Address: 127.0.0.1
;; res_nmkquery(QUERY, wurz, IN, A)
------------
Got answer:
HEADER:
opcode = QUERY, id = 56445, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
wurz, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 10701 (2h58m21s)
origin = A.ROOT-SERVERS.NET
mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2003010801
refresh = 1800 (30M)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 86400 (1D)
------------
*** localhost.oper.dinoex.org can't find wurz: Non-existent host/domain
----------------------------------------------------------
! 2) It's possible to change the resolver flags in sendmail by
! adding lines to the M4 file source code. You need to look
! at the source tree and read cf/README.
Been there, done it, got the t-shirt. I walked thru the whole
code there, only to find lots of niceies like the following
- from daemon.c:
-----------------------------------------------------
if (host[0] == '[')
{
[some stuff deleted]
}
else
{
/* contortion to get around SGI cc complaints */
{
p = &host[strlen(host) - 1];
hp = sm_gethostbyname(host, family);
if (hp == NULL && *p == '.')
{
# if NAMED_BIND
int oldopts = _res.options;
_res.options &= ~(RES_DEFNAMES|RES_DNSRCH);
# endif /* NAMED_BIND */
*p = '\0';
hp = sm_gethostbyname(host, family);
*p = '.';
# if NAMED_BIND
_res.options = oldopts;
# endif /* NAMED_BIND */
}
}
-----------------------------------------------------
Now this looks correct, because the second call to
sm_gethostbyname hits only on FQDNs with terminating dot
- but then sm_gethostbyname() in conf.c will not care
about the resolver-flags at all and will shorten all
unresolveable hostnames that do not have a terminating
dot to their first component and retry with that.
So even if we have a full qualified hostname with
terminating dot, it will end up with a resolver query
for the first name component - and that gets treated
just like in the debug log above.
Now, as far as I am considered, I think I have had enough of this
stuff. I have understood from the code why it behaves the way it
does, have learned a bit about name resolution, and now either
have to live with it the way it is, or change the code in a way
I like.
rgds,
PMc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030109031545.A80293>