TYPE=ANY and missing records

Kevin Darcy kcd at daimlerchrysler.com
Wed Nov 24 02:40:24 UTC 1999 

greg_mcdermid at my-deja.com wrote:

> In article <383A0F6D.5101A86A at daimlerchrysler.com>,
>   Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> > Barry Margolin wrote:
> >
> > > In article <812q76$36d$1 at nnrp1.deja.com>,  <greg_mcdermid at my-
> deja.com> wrote:
> > > >Problem is that any requests with TYPE=ANY seem
> > > >to only return the NS records - which is not good
> > > >as sendmail only requests ANY, then A (most
> > > >domains don't have an A record for their domain),
> > > >thus the mail simply queues up.
> >
> > I just did a quick test, and, for me, sendmail (8.9.0) seems to be
> doing ANY/A/MX,
> > so I'm surprised you're having a problem unless you have
> misconfigured your
> > sendmail to not use MX records.
> >
>
> Well I am not sure whether or not I misconfigured? I have run the debug
> options on sendmail and get this output for one of the messages:
> __________________________________________________
>
> Running IAA03233 (sequence 2 of 4)
> dns_getcanonname(bdw.com.au, trymx=1)
> dns_getcanonname: trying bdw.com.au. (ANY)
> ;; res_querydomain(bdw.com.au, , 1, 255)
> ;; res_query(bdw.com.au., 1, 255)
> ;; res_mkquery(0, bdw.com.au., 1, 255)
> ;; res_send()
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64178
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      bdw.com.au, type = ANY, class = IN
> ;; Querying server (# 1) address = 144.55.34.9
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64178
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 3
> ;;      bdw.com.au, type = ANY, class = IN
> bdw.com.au.             1h37m13s IN NS  ns.bdw.com.au.
> bdw.com.au.             1h37m13s IN NS  oznet.ozemail.com.au.
> bdw.com.au.             1h37m13s IN NS  oznet02.ozemail.com.au.
> bdw.com.au.             1h45m58s IN SOA  ns.bdw.com.au.
> root.bdw.com.au. (
>                                         1999060602      ; serial
>                                         1H              ; refresh
>                                         30M             ; retry
>                                         2w6d            ; expiry
>                                         12H )           ; minimum
>
> bdw.com.au.             1h37m13s IN NS  ns.bdw.com.au.
> bdw.com.au.             1h37m13s IN NS  oznet.ozemail.com.au.
> bdw.com.au.             1h37m13s IN NS  oznet02.ozemail.com.au.
> ns.bdw.com.au.          2h23m24s IN A   203.27.30.240
> oznet.ozemail.com.au.   40m16s IN A     203.2.193.124
> oznet02.ozemail.com.au.  23h57m28s IN A  203.2.192.124
>         YES
> dns_getcanonname: trying bdw.com.au. (A)
> ;; res_querydomain(bdw.com.au, , 1, 1)
> ;; res_query(bdw.com.au., 1, 1)
> ;; res_mkquery(0, bdw.com.au., 1, 1)
> ;; res_send()
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64179
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      bdw.com.au, type = A, class = IN
> ;; Querying server (# 1) address = <my dns1>
> server rejected query:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64179
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      bdw.com.au, type = A, class = IN
> ;; Querying server (# 2) address = <my dns2>
> server rejected query:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64179
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      bdw.com.au, type = A, class = IN
> ;; Querying server (# 3) address = <my dns3>
> server rejected query:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64179
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      bdw.com.au, type = A, class = IN
> ;; res_query: send error
>         NO: errno=110, h_errno=2
> <xxxx at bdw.com.au>... bdw.com.au: Name server timeout
> <xxxx at bdw.com.au>... Transient parse error -- message queued for future
> delivery
>
> __________________________________________________
>
> You will see here that the first lookup is for TYPE=ANY, which fails to
> find any MX records (they are not in cache) - I can live with this. The
> second match it tries is for a TYPE=A record. Unfortunately this
> organisation doesn't have any A records defined for it's domain. At
> this point the code (sendmail 8.8.8/domain.c) doesn't check TYPE=MX
> records as it falls out with the h_errno=2 (SERVFAIL). The bit of code
> from domain.c under dns_getcanonname() looks like:
>
> if (errno == ECONNREFUSED || h_errno == TRY_AGAIN)
> {
>     /* the name server seems to be down */
>     h_errno = TRY_AGAIN;
>     *statp = EX_TEMPFAIL;
>     return FALSE;
> }
>
> h_errno has the value 2, which is the same for TRY_AGAIN. BUT we
> haven't done a check for the MX records, which is the 3rd pass! Is this
> by design or simply an oversight? This would only happen if you use a
> forwarding DNS (my situation) or need to go through a firewall to get
> to any external DNS (again my situation). Or is there something else I
> am missing?? I am also using Microsoft DNS for both my internal domain
> and to handle forwarding for external domains.

            Your DNS servers are returning SERVFAIL for your A RR queries,
and sendmail is giving up on the whole DNS subsystem temporarily. Is there
any reason to think an MX query will succeed where an A query failed? I'd
look more closely at the DNS configurations on your forwarders: they need
to be able to accept and resolve recursive queries from the box running
sendmail. Sorry, but I've never worked with Microsoft DNS, so I don't know
exactly how you would go about verifying this.


- Kevin

More information about the bind-users mailing list