From owner-freebsd-stable Thu Jan 18 21:47:24 2001 Delivered-To: freebsd-stable@freebsd.org Received: from mindcrime.bit0.com (mindcrime.bit0.com [216.7.69.69]) by hub.freebsd.org (Postfix) with ESMTP id F2DC737B400 for ; Thu, 18 Jan 2001 21:47:05 -0800 (PST) Received: from localhost (mandrews@localhost) by mindcrime.bit0.com (8.11.1/8.11.1) with ESMTP id f0J5gdK01636 for ; Fri, 19 Jan 2001 00:42:39 -0500 (EST) (envelope-from mandrews@bit0.com) Date: Fri, 19 Jan 2001 00:42:39 -0500 (EST) From: Mike Andrews To: Subject: RE: Weird sporadic DNS resolution problems In-Reply-To: <4.2.2.20010118195152.013cf218@marble.sentex.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 18 Jan 2001, Mike Tancsa wrote: > At 04:50 PM 1/18/2001 -0800, David Schwartz wrote: > > > The simple response is that there's no way to determine > > definitively where > >the mail is supposed to go. 'supercom.ca' is a great example. There is no > >way to determine where mail to that domain is supposed to go, and it's much > >better that it not work than simply guess. > > > > Let me put this question another way: How can you tell the difference > >between a 'permanently' misconfigured site and one with a transient error? > >Do you want mail to be sent to the wrong place because of transient errors? > > > Yes, it certainly makes sense to me. One problem is explaining it to > customers. What I _dont_ understand is the different behavior. If more > sites were running the same rev of BIND that FreeBSD does now, then the > offending site would fix the issue. i.e. why does LINUX and its sendmail > and BIND work when FreeBSD and its BIND do not... Or why is LINUX 'broken' > and FreeBSD being more 'correct'. You could substitute "FreeBSD 4.1" in place of "Linux" above as well. Basically you hit on the real problem for us here. We all agree that the root cause of the problem is some sites are too damn stupid to set their nameservers up correctly. It would be nice if they all went to Bind 8.2.3 or Bind 9 and were forced to fix their problem. Unfortunately, this is the real world and people are likely to stay stupid, even when you tell them that their nameserver is broken -- they just don't care. Even more unfortunately and more importantly to me, we have customers that don't understand that it's the other people that are stupid, because "it worked before you upgraded, and they didn't change anything, therefore it must be your (my) problem and not theirs." That's what Mike Tancsa and myself are up against, and that's why I started this silly thread. :) Perhaps in the past Sendmail didn't know authoritatively where to send the mail... and might have had to take a guess. Makes sense. It guessed right in every case I know of, but I can see where it could get it wrong. I think what it boils down to is that FreeBSD 4.1 used to allow us to shoot ourselves in the foot there, something in the 4.1.1 and 4.2 releases won't let us shoot ourselves in the foot, and Mike and I want to be allowed to shoot ourselves in the foot if we so choose. It does make me feel slightly more sane to know that I'm not the only one... I did just do some digging around and found something interesting. I checked some old archived email to see what the exact date this problem started for us was. I compared that to FreeBSD release notes, commit logs, and UPDATING.TXT, to try to figure out if the culprit might be Bind or Sendmail. Turns out I guessed wrong: 03-Jul-2000: Bind upgraded to 8.2.3-T5B in RELENG_4 27-Jul-2000: FreeBSD 4.1-RELEASE 27-Aug-2000: Sendmail upgraded from 8.9.3 to 8.11.0 in RELENG_4 09-Sep-2000: PROBLEM STARTS after a make world from today's RELENG_4 27-Sep-2000: FreeBSD 4.1.1-RELEASE 02-Nov-2000: Bind upgraded to 8.2.3-T6B in RELENG_4 This certainly suggests that the culprit is Sendmail, not Bind. Which of course annoys me because I've been assuming this was a Bind issue up until now... heh. But it does explain why tweaking Bind's negative caching params didn't help. Maybe it'll help someone else track things down better than I've been able to. Short term, though, I liked the suggestion about stuffing an entry in /etc/hosts to work around the broken domains' DNS problems, and that does work for me for now. So at least I have an ugly workaround.. much less ugly than restarted named every few hours though. Next, I'm going to start comparing the sendmail.cf files built from my old 8.9.3 .mc file and my current 8.11.x .mc file and see if any big differences jump out at me... Mike Andrews * mandrews@dcr.net * mandrews@bit0.com * http://www.bit0.com VP, sysadmin, & network guy, Digital Crescent Inc, Frankfort KY Internet access for Frankfort, Lexington, Louisville and surrounding counties www.fark.com: If it's not news, it's Fark. (Or something like that.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message