From owner-freebsd-hackers Tue Dec 31 21:21: 0 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4355437B401; Tue, 31 Dec 2002 21:20:59 -0800 (PST) Received: from puffin.mail.pas.earthlink.net (puffin.mail.pas.earthlink.net [207.217.120.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6B1243EA9; Tue, 31 Dec 2002 21:20:58 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0102.cvx22-bradley.dialup.earthlink.net ([209.179.198.102] helo=mindspring.com) by puffin.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 18TbJJ-0004WK-00; Tue, 31 Dec 2002 21:20:58 -0800 Message-ID: <3E127A6A.15C1F300@mindspring.com> Date: Tue, 31 Dec 2002 21:19:38 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Gregory Neil Shapiro Cc: Peter Much , hackers@FreeBSD.ORG Subject: Re: sendmail: how to get the named of FreeBSD4.7 standards compliant? References: <20030101044404.B1197@disp.oper.dinoex.org> <15890.29165.709918.3780@horsey.gshapiro.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a49c259e4e72800f06676abed988605cbd387f7b89c61deb1d350badd9bab72f9c350badd9bab72f9c Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Gregory Neil Shapiro wrote: > pmc> While it is true that the said sendmail-option solves the problem > pmc> (if sendmail is new enough to understand it), I could nowhere find > pmc> information on how to fix the bug in the nameserver - that is, > pmc> in the nameserver that is packaged with FreeBSD 4.4 or 4.7. > > FreeBSD's nameserver is fine. The problem is the remote nameserver > authorative for the domain in question. That nameserver is incorrectly > returning SERVFAIL instead of NODATA (or possibly NXDOMAIN) for AAAA > queries. Nothing needs to be fixed in FreeBSD's nameserver. However, it's possible to address the problem by placing a caching-only nameserver between you and the nameserver with the problem, and hitting the local nameserver, and letting it recurse only if the data isn't in cache. This will address the second and subsequent requests, but the first one will still take however long it takes the proxy request to time out, before the cache is loaded (and converts the SERVFAIL into a NODATA, but only for AAAA or A6 requests that receive no response or a SERVFAIL response). It's also possible to rip out IPv6 support entirely, which is what the people who won't fix their nameserver software are tacitly recommending. It's also possible to achieve the same effect by creating a proxy that rejects all IPv6 address requests immediately with NODATA (or NXDOMAIN), which has the benefit of still screwing up IPv6 deployment, but without mutilating all the applications. I would be real tempted to automatically generate complaint email to the technical contact in the whois database for all AAAA/A6 requests that fail that way, instead, if the delay bthered me (which it doesn't). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message