From owner-freebsd-net@FreeBSD.ORG Tue Feb 21 12:42:10 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5508D16A420 for ; Tue, 21 Feb 2006 12:42:10 +0000 (GMT) (envelope-from tpeixoto@widesoft.com.br) Received: from smtp-gw.widesoft.com.br (carbono.widesoft.com.br [200.246.206.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 892AE43D48 for ; Tue, 21 Feb 2006 12:42:07 +0000 (GMT) (envelope-from tpeixoto@widesoft.com.br) Received: from www.widemail.com.br (grants.widesoft.com.br [172.26.100.1]) by smtp-gw.widesoft.com.br (Postfix) with ESMTP id F01DB43CF1; Tue, 21 Feb 2006 09:39:10 -0300 (BRT) Received: from 200.230.201.250 (SquirrelMail authenticated user tpeixoto) by www.widemail.com.br with HTTP; Tue, 21 Feb 2006 09:42:08 -0300 (BRT) Message-ID: <64734.200.230.201.250.1140525728.squirrel@www.widemail.com.br> Date: Tue, 21 Feb 2006 09:42:08 -0300 (BRT) From: tpeixoto@widesoft.com.br To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: bind9 + host command issue in FreeBSD-5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2006 12:42:10 -0000 Hi Doug, first of all I want to thank you for your reply. The domain I referred before belongs to a bank in Brazil and usually it's hard to get anything from those guys so I've found a workaround and put their 'MX' IP in our mailertable and now it worked fine. Also, I've tried many things like: 1) define(`confBIND_OPTS', `WorkAroundBrokenAAAA') in sendmail.mc (seems default in FreeBSD) - didn't help; 2) disable IPv6 in sendmail. It stopped listening IPv6 but didn't stop asking for AAAA records; I couldn't find a way to stop sendmail from trying to get AAAA records and I cannot reboot this server to disable IPv6 in kernel so I'm gonna stick with this workaround until the guys from that domain correct it. About the host command, I know it's only a tool for quick use, not for debugging, and it seems to ask for AAAA record even if you specify '-t a', see: # host -t a cauexcnt001smtp.unibanco.com.br. cauexcnt001smtp.unibanco.com.br has address 200.174.81.243 Host cauexcnt001smtp.unibanco.com.br not found: 2(SERVFAIL) 18762+ A? cauexcnt001smtp.unibanco.com.br. (49) 18762 1/2/2 (141) 42313+ AAAA? cauexcnt001smtp.unibanco.com.br. (49) 42313 ServFail 0/0/0 (49) 40925+ MX? cauexcnt001smtp.unibanco.com.br. (49) 40925 0/0/0 (49) Best regards, Tobias. tpeixoto@widesoft.com.br wrote: > >> Hello all! > >> > >> I am not sure if this is the right place to discuss this issue > >For future reference, the bind-users list at ISC is probably a better forum, >but this is as good as any. :) > > >> but I am > >> experiencing strange behaviour with bind9 + host command with some domains > >> that bind are _not_ authoritative > >I assume you mean domains for which you are not authoritative, in other >words, domains you have no control over. > > >> as the following example: > >> > >> # uname -a > >> FreeBSD server2.mydomain.com.br 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed > >> Feb 1 22:18:04 BRST 2006 > >> root@server2.mydomain.com.br:/usr/src/sys/i386/compile/SERVER2 i386 > >> > >> # named -v > >> BIND 9.3.1 > >When 5.5-RELEASE comes out (or better yet, 6.1-RELEASE) you should seriously >consider upgrading. If you are doing anything mission critical that depends >on DNS, BIND 9.3.2 is going to be an improvement for you. > > >> # host cauexcnt001smtp.unibanco.com.br. > >> cauexcnt001smtp.unibanco.com.br has address 200.174.81.116 > >> Host cauexcnt001smtp.unibanco.com.br not found: 2(SERVFAIL) > >The second line is caused because there is no AAAA record for that hostname, >and by default host always queries for one. You can see that things are fine >with the hostname itself by using 'host -t a', or by using dig as you did >below. FYI, if you need to do any kind of serious DNS debugging, dig is >always the best tool to use. The host command is best for simple lookups >when you just need the answer. > > >> That's the problem! host command replies with SERVFAIL. This also causes > >> sendmail to raise "host name lookup failure" and not deliver the messages. > >sendmail does not use the host command. The most likely cause for this >failure is that the A record for cauexcnt001smtp.unibanco.com.br has a 0 >second TTL, which is not only stupid, it's extremely unfriendly. It's also >possible that your system has IPv6 support enabled, but you don't have IPv6 >connectivity, and/or your sendmail is configured to use (or prefer) IPv6 >addresses. Also, if you have any input into the operation of this zone, >suggest that they increase the TTL, and add an MX record for that hostname >(even if it points to itself). >