From owner-freebsd-stable@FreeBSD.ORG  Mon Aug  5 12:59:31 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 704E5D53
 for <freebsd-stable@freebsd.org>; Mon,  5 Aug 2013 12:59:31 +0000 (UTC)
 (envelope-from timp87@gmail.com)
Received: from mail-ve0-x232.google.com (mail-ve0-x232.google.com
 [IPv6:2607:f8b0:400c:c01::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2A8FC2C18
 for <freebsd-stable@freebsd.org>; Mon,  5 Aug 2013 12:59:31 +0000 (UTC)
Received: by mail-ve0-f178.google.com with SMTP id ox1so2993620veb.37
 for <freebsd-stable@freebsd.org>; Mon, 05 Aug 2013 05:59:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:cc
 :content-type; bh=HqoUwsSEKGB7C4dJ7e2SIjXFC3Kt0JW4yeL4O5w4gXo=;
 b=a8LGvAL7BpbD3mx4VC1WRnnBqxQCt2acUy+LrWIzhACWxO+kIhLO3uTPTVznoNCDud
 8M/aGHcX93ZoMMq4L+I+rTU9jrmXfaDZn0EB9H5Id8Bxy42CfFQ30EG0h5kqMvPcw5yi
 hs3IgYUdKz3EhQhvQ9sxGz503fm/15xn7r1f9vwHRvEQhGm0KnC8pSAfAJ1LXFoFlI+M
 4c/RCqHNuxeboVkr7UXZpKzXerk5W8VpI9PiQwZWL/ZA+HN5HwlviWWOn8CfpyakQtRM
 6BkcR6/2l1RBqDj3juiSlfSVYoA0zJs5xvoOyx2tte4OREX3uyPlYlhm4huxyRMBGREQ
 +mCA==
MIME-Version: 1.0
X-Received: by 10.220.205.67 with SMTP id fp3mr5878721vcb.43.1375707569973;
 Mon, 05 Aug 2013 05:59:29 -0700 (PDT)
Received: by 10.52.38.134 with HTTP; Mon, 5 Aug 2013 05:59:29 -0700 (PDT)
In-Reply-To: <CAAoTqft-NM6JMn6sgTNFJ-T1294s+crycb8Q+Pc8Fb-q9T4Ryw@mail.gmail.com>
References: <CAAoTqfvmsYc=fE9AZyzf9GKBtbazdu+3jmD5TjhMqQHDnrtrkw@mail.gmail.com>
 <CAAoTqfsftjLQMLZpnwtPJYV2gKEn3kumYVycKroi5+aEbjEoJQ@mail.gmail.com>
 <CAAoTqftbCS_g45e6m9tXhR0wc3Q5-9kWmUDCANX597h8DRQakg@mail.gmail.com>
 <CAAoTqfuqYkgHg9--wev8Qji7fVvDVB-BVdP1hO=KD4SfuP-RXw@mail.gmail.com>
 <CAAoTqftW2KJtQnZpk=DV6snXyu21agdaX_8ku0+623FDVW71gw@mail.gmail.com>
 <CAAoTqfv_XAwCUkBh4WFhdNTEe7wZ4_Sbpis3OCacUrwoT-p4NA@mail.gmail.com>
 <20130802102100.GA11138@eris.bzerk.org>
 <CAAoTqfu7n9j9V=H4Af2oTka=aS_UqKwkMCxE=AJM9i3GqXbLbA@mail.gmail.com>
 <CAAoTqfsm+CXk70zqALxtQQL-nO1NvkfE6OgJiU0DcexM6PfE9g@mail.gmail.com>
 <CAAoTqfvGfLcZK4F-bbajMYcqxV__rszq_FGF-NzWc1TTgPBDBw@mail.gmail.com>
 <CAAoTqft-NM6JMn6sgTNFJ-T1294s+crycb8Q+Pc8Fb-q9T4Ryw@mail.gmail.com>
Date: Mon, 5 Aug 2013 16:59:29 +0400
Message-ID: <CAAoTqfuvv=_ofiJpfvQqJFOHxqLURV40kavYR3J9hdD2dTYDtw@mail.gmail.com>
Subject: Re: Strange sendmail behaviour after upgrade to 9.1-BETA2
From: Pavel Timofeev <timp87@gmail.com>
Cc: freebsd-stable@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Aug 2013 12:59:31 -0000

Another DNS (not MS) server answers NXDomain instead of SERVFAIL on
'AAAA? kalmar.' query.
And then sendmail asks for A. Email works

There are two ways obviously:
1. Change sendmail behaviour, i.e. make it ask for A record just after
first query for AAAA. Like in 9.1-RELEASE.
2. Make MS DNS answer NXDomain instead of SERVFAIL on AAAA of kalmar.
Is it possible at all? =)


2013/8/5 Pavel Timofeev <timp87@gmail.com>:
> Hmm. SERVFAIL comes because of not full dns name. Kalmar. instead of
> kalmar.ocs.ru.
>
> 2013/8/5 Pavel Timofeev <timp87@gmail.com>:
>> Got some new info. I read this
>> https://lists.isc.org/pipermail/bind-users/2006-August/063528.html
>> Perhaps, the problem because our MS DNS server returns SERVFAIL on AAAA query.
>> It happens in case of often AAAA queries. It's 9.2-RC1:
>> ....
>> 14:59:50.973445 IP reticulum.xxx.ru.29244 > hercules.xxx.ru.domain:
>> 53419+ MX? xxx.ru. (24)
>> 14:59:50.973754 IP hercules.xxx.ru.domain > reticulum.xxx.ru.29244:
>> 53419* 1/0/1 MX kalmar.xxx.ru. 10 (63)
>> 14:59:50.974061 IP reticulum.xxx.ru.56461 > hercules.xxx.ru.domain:
>> 53420+ AAAA? kalmar.xxx.ru. (31)
>> 14:59:50.974340 IP hercules.xxx.ru.domain > reticulum.xxx.ru.56461:
>> 53420* 0/1/0 (82)
>> 14:59:50.974570 IP reticulum.xxx.ru.28332 > hercules.xxx.ru.domain:
>> 53421+ AAAA? kalmar.xxx.ru. (31)
>> 14:59:50.974887 IP hercules.xxx.ru.domain > reticulum.xxx.ru.28332:
>> 53421* 0/1/0 (82)
>> 14:59:50.974919 IP reticulum.xxx.ru.21453 > hercules.xxx.ru.domain:
>> 53422+ AAAA? kalmar. (24)
>> 14:59:50.975290 IP hercules.xxx.ru.domain > reticulum.xxx.ru.21453:
>> 53422 ServFail 0/0/0 (24)
>> ....
>> At third time MS DNS returned SERVFAIL. Why sendmail asks AAAA for 3 times?
>> Something wrong with bind libraries? I think if there was no SERVFAIL
>> on AAAA it would ask for A record then.
>>
>> The opposite situation on 9.1-RELEASE. Here sendmail asks AAAA only
>> for 1 time. Then it asks A.
>> ...
>> 14:30:45.061950 IP 10.0.2.15.30979 > hercules.xxx.ru.domain: 62684+
>> MX? xxx.ru. (24)
>> 14:30:45.063064 IP hercules.xxx.ru.domain > 10.0.2.15.30979: 62684*
>> 1/0/1 MX kalmar.xxx.ru. 10 (63)
>> 14:30:45.063624 IP 10.0.2.15.39212 > hercules.xxx.ru.domain: 62685+
>> AAAA? kalmar.xxx.ru. (31)
>> 14:30:45.064460 IP hercules.xxx.ru.domain > 10.0.2.15.39212: 62685* 0/1/0 (82)
>> 14:30:45.064766 IP 10.0.2.15.44381 > hercules.xxx.ru.domain: 62686+ A?
>> kalmar.xxx.ru. (31)
>> 14:30:45.065530 IP hercules.xxx.ru.domain > 10.0.2.15.44381: 62686*
>> 1/0/0 A 192.168.31.190 (47)
>> ...
>>
>> I will continue investigation.
>>
>>
>>
>> 2013/8/4 Pavel Timofeev <timp87@gmail.com>:
>>> Same thing on RELENG/9.2
>>>
>>> 2013/8/3 Pavel Timofeev <timp87@gmail.com>:
>>>> 2013/8/2 Ruben de Groot <mail25@bzerk.org>:
>>>>> On Wed, Jul 31, 2013 at 04:54:08PM +0400, Pavel Timofeev typed:
>>>>>> I've just installed new fresh 9.2-BETA2 amd64 on another machine.
>>>>>> Same behaviour - Sendmail asks DNS only for AAAA record of mx server.
>>>>>> We don't use IPv6 in our company.
>>>>>>
>>>>>> 2013/7/31 Pavel Timofeev <timp87@gmail.com>:
>>>>>> > I wanted to say that sendmail asks only AAAA (IPv6) record of mx
>>>>>> > server, but not A (IPv4).
>>>>>> > Any ideas?
>>>>>> >
>>>>>> > 2013/7/31 Pavel Timofeev <timp87@gmail.com>:
>>>>>> >> Looks like my sendmail uses only IPv6 to resolve mx server dns name to
>>>>>> >> ip address.
>>>>>> >>
>>>>>> >> 14:59:50.793338 IP reticulum.xxx.ru.19032 > hercules.xxx.ru.domain:
>>>>>> >> 53417+ AAAA? xxx.ru. (24)
>>>>>> >>                                                    [13/98]
>>>>>> >> 14:59:50.793662 IP hercules.xxx.ru.domain > reticulum.xxx.ru.19032:
>>>>>> >> 53417* 0/1/0 (75)
>>>>>> >> 14:59:50.793696 IP reticulum.xxx.ru.55299 > hercules.xxx.ru.domain:
>>>>>> >> 53418+ A? xxx.ru. (24)
>>>>>
>>>>> Here it is definately asking an A record.
>>>>
>>>> And? It's not A record of mx server.
>>>>
>>>>>> >> 14:59:50.794087 IP hercules.xxx.ru.domain > reticulum.xxx.ru.55299:
>>>>>> >> 53418* 7/0/0 A 192.168.2.11, A 192.168.2.12, A 192.168.41.4, A
>>>>>> >> 192.168.14.12, A 192.168.34.100, A 192.168.34.110, A 192.168.44.19
>>>>>> >>  (136)
>>>>>
>>>>> And here is the reply. The quetion is more why is it repeating the same
>>>>> query (below) over and over.
>>>>
>>>> Yes, reply about xxx.ru, not about mx server's IP which is kalmar.xxx.ru
>>>>
>>>>>
>>>>> Ruben
>>>>>
>>>>>> >> 14:59:50.973445 IP reticulum.xxx.ru.29244 > hercules.xxx.ru.domain:
>>>>>> >> 53419+ MX? xxx.ru. (24)
>>>>>> >> 14:59:50.973754 IP hercules.xxx.ru.domain > reticulum.xxx.ru.29244:
>>>>>> >> 53419* 1/0/1 MX kalmar.xxx.ru. 10 (63)
>>>>>> >> 14:59:50.974061 IP reticulum.xxx.ru.56461 > hercules.xxx.ru.domain:
>>>>>> >> 53420+ AAAA? kalmar.xxx.ru. (31)
>>>>>> >> 14:59:50.974340 IP hercules.xxx.ru.domain > reticulum.xxx.ru.56461:
>>>>>> >> 53420* 0/1/0 (82)
>>>>>> >> 14:59:50.974570 IP reticulum.xxx.ru.28332 > hercules.xxx.ru.domain:
>>>>>> >> 53421+ AAAA? kalmar.xxx.ru. (31)
>>>>>> >> 14:59:50.974887 IP hercules.xxx.ru.domain > reticulum.xxx.ru.28332:
>>>>>> >> 53421* 0/1/0 (82)
>>>>>> >> 14:59:50.974919 IP reticulum.xxx.ru.21453 > hercules.xxx.ru.domain:
>>>>>> >> 53422+ AAAA? kalmar. (24)
>>>>>> >> 14:59:50.975290 IP hercules.xxx.ru.domain > reticulum.xxx.ru.21453:
>>>>>> >> 53422 ServFail 0/0/0 (24)
>>>>>> >> 14:59:50.975314 IP reticulum.xxx.ru.63038 > hercules.xxx.ru.domain:
>>>>>> >> 53422+ AAAA? kalmar. (24)
>>>>>> >> 14:59:50.975674 IP hercules.xxx.ru.domain > reticulum.xxx.ru.63038:
>>>>>> >> 53422 ServFail 0/0/0 (24)
>>>>>> >> 14:59:50.975749 IP reticulum.xxx.ru.38393 > hercules.xxx.ru.domain:
>>>>>> >> 53423+ AAAA? kalmar.xxx.ru. (31)
>>>>>> >> 14:59:50.976105 IP hercules.xxx.ru.domain > reticulum.xxx.ru.38393:
>>>>>> >> 53423* 0/1/0 (82)
>>>>>> >> 14:59:50.976176 IP reticulum.xxx.ru.45558 > hercules.xxx.ru.domain:
>>>>>> >> 53424+ AAAA? kalmar. (24)
>>>>>> >> 14:59:50.976483 IP hercules.xxx.ru.domain > reticulum.xxx.ru.45558:
>>>>>> >> 53424 ServFail 0/0/0 (24)
>>>>>> >> 14:59:50.976512 IP reticulum.xxx.ru.45297 > hercules.xxx.ru.domain:
>>>>>> >> 53424+ AAAA? kalmar. (24)
>>>>>> >> 14:59:50.976864 IP hercules.xxx.ru.domain > reticulum.xxx.ru.45297:
>>>>>> >> 53424 ServFail 0/0/0 (24)
>>>>>> >>
>>>>>> >> How to force it to use IPv4?
>>>>>> _______________________________________________
>>>>>> freebsd-stable@freebsd.org mailing list
>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>>>>>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"