From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 09:25:37 2010 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E7551065674 for ; Tue, 12 Oct 2010 09:25:37 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id EA0C98FC14 for ; Tue, 12 Oct 2010 09:25:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id o9C95xK1026962; Tue, 12 Oct 2010 20:06:00 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 12 Oct 2010 20:05:59 +1100 (EST) From: Ian Smith To: Eugene Grosbein In-Reply-To: <4CB2AF28.30309@rdtc.ru> Message-ID: <20101012152857.X2036@sola.nimnet.asn.au> References: <4CB2AF28.30309@rdtc.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: net@freebsd.org Subject: Re: strange resolver behavour X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2010 09:25:37 -0000 On Mon, 11 Oct 2010, Eugene Grosbein wrote: > Hi! > > FreeBSD 8.1-STABLE: > > # host koin-nkz.com. > koin-nkz.com has address 62.231.164.101 > Host koin-nkz.com not found: 3(NXDOMAIN) > > This domain does not have MX records but NXDOMAIN seems to wrong return > code to me. Think about MTA that does look-up for MX first, > obtains NXDOMAIN and rejects mail. If a domain has no MX server, how's an MTA supposed to do mail with it? sola% host koin-nkz.com koin-nkz.com has address 62.231.164.101 Host koin-nkz.com not found: 2(SERVFAIL) I consistently get SERVFAIL for this one's MX server from here. Only querying its nameserver/s directly gets the proper (negative) answer: sola% dig +short koin-nkz.com ns ns.mtw.ru. ns1.mtw.ru. sola% dig +short @ns.mtw.ru koin-nkz.com 62.231.164.101 sola% dig +short @ns.mtw.ru koin-nkz.com mx sola% dig @ns.mtw.ru koin-nkz.com mx ; <<>> DiG 9.3.4-P1 <<>> @ns.mtw.ru koin-nkz.com mx ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12266 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;koin-nkz.com. IN MX ;; AUTHORITY SECTION: koin-nkz.com. 43200 IN NS ns.mtw.ru. koin-nkz.com. 43200 IN NS ns1.mtw.ru. ;; ADDITIONAL SECTION: ns.mtw.ru. 43200 IN A 194.135.30.55 ns1.mtw.ru. 43200 IN A 193.124.133.210 ;; Query time: 397 msec ;; SERVER: 194.135.30.55#53(194.135.30.55) ;; WHEN: Tue Oct 12 15:35:10 2010 ;; MSG SIZE rcvd: 103 Further, checking RDNS: sola% dig +short koin-nkz.com 62.231.164.101 sola% host 62.231.164.101 101.164.231.62.in-addr.arpa domain name pointer 62-231-164-101.rdtc.ru. sola% host 62-231-164-101.rdtc.ru. Host 62-231-164-101.rdtc.ru not found: 3(NXDOMAIN) But RDNS probably really only matters for the MX (when it gets one :) > tcpdump shows that after MX look-up failure resolver adds my local > domain suffix from /etc/resolv.conf's "search" clause and > goes to my local DNS server looking for MX record for > 'koin-nkz.com.my.ru.' that does not exists. Hence, NXDOMAIN. > > Is it a bug in our resolver? Well perhaps - but it works right when the proper DNS records exist. > I've tested 6.4-STABLE and 7.3-STABLE, same effect. Yes, same on the last 5-STABLE. > I've also tested 4.11-STABLE and it works correctly - no wrong > suffix addition, no NXDOMAIN. > > Eugene Grosbein cheers, Ian