BIND / Sendmail and Bad Referrals

Mark Andrews Mark_Andrews at isc.org
Sat Jun 25 02:48:12 UTC 2005 

> I am trying to track down and understand the behaviour for sendmail
> with domains that have 'bad' referrals / sub delegations.
> 
> e.g. the domains 
> rona.ca, banquelaurentienne.ca, laurentianbank.ca
> 
> These all have somewhat odd DNS setups, in that they have as MX
> records which are subdomains as well as hosts.
> 
> [smarthost1]# host -tns rona.ca
> rona.ca name server ns2.rona.ca.
> rona.ca name server ns1.rona.ca.
> [smarthost1]# host -tmx rona.ca ns1.rona.ca
> Using domain server:
> Name: ns1.rona.ca
> Address: 216.94.232.103#53
> Aliases: 
> 
> rona.ca mail is handled by 20 draco.rona.ca.
> rona.ca mail is handled by 10 merlin.rona.ca.
> [smarthost1]# 
> 
> 
> [smarthost1]# dig merlin.rona.ca @ns1.rona.ca
> 
> ; <<>> DiG 9.3.1 <<>> merlin.rona.ca @ns1.rona.ca
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59213
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;merlin.rona.ca.                        IN      A
> 
> ;; ANSWER SECTION:
> merlin.rona.ca.         5       IN      A       209.47.3.183
> 
> ;; AUTHORITY SECTION:
> merlin.rona.ca.         3600    IN      NS      link2.rona.ca.
> merlin.rona.ca.         3600    IN      NS      link1.rona.ca.
> 
> ;; ADDITIONAL SECTION:
> link1.rona.ca.          3600    IN      A       207.61.124.213
> link2.rona.ca.          3600    IN      A       209.47.3.143
> 
> ;; Query time: 79 msec
> ;; SERVER: 216.94.232.103#53(216.94.232.103)
> ;; WHEN: Fri Jun 24 15:13:18 2005
> ;; MSG SIZE  rcvd: 120
> 
> [smarthost1]# dig merlin.rona.ca @link1.rona.ca   
> 
> ; <<>> DiG 9.3.1 <<>> merlin.rona.ca @link1.rona.ca
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17366
> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;merlin.rona.ca.                        IN      A
> 
> ;; ANSWER SECTION:
> merlin.rona.ca.         5       IN      A       207.61.124.253
> 
> ;; Query time: 16 msec
> ;; SERVER: 207.61.124.213#53(207.61.124.213)
> ;; WHEN: Fri Jun 24 15:13:32 2005
> ;; MSG SIZE  rcvd: 48
> 
> [smarthost1]# 
> 
> Its not technically LAME (I think because it does respond
> authoritatively), because the name servers 
> link1.rona.ca.          3600    IN      A       207.61.124.213
> link2.rona.ca.          3600    IN      A       209.47.3.143
> 
> respond with aa, but there is no Authority section. I guess BIND wants
> the equiv of having
> merlin.rona.ca.    3600  IN NS link1.rona.ca.
> merlin.rona.ca.    3600  IN NS link2.rona.ca.
> 
> in there, but it seems it is not.
> 
> Sendmail however treats this as if it is LAME (it seems LAME to me as
> well) and complains it cannot lookup up the address 
> 
> Jun 24 00:35:14 smarthost1 sm-mta[71327]: j5NDZB0m008277:
> to=<XXXXX at rona.ca>, delay=15:00:03, xdelay=00:00:00, mailer=esmtp,
> pri=1
> 5421309, relay=draco.rona.ca., dsn=4.0.0, stat=Deferred: Name server:
> draco.rona.ca.: host name lookup failure
> 
> Is this sendmail being too picky ?    Neither qmail nor postfix seem
> to care much about this.
> This is 
> Sendmail 8.13.3/8.13.3 on FreeBSD 5.4
> 
>         ---Mike
> 
> --------------------------------------------------------
> Mike Tancsa, Sentex communications http://www.sentex.net
> Providing Internet Access since 1994
> mike at sentex.net, (http://www.tancsa.com)

	link1.rona.ca is returning the wrong SOA record.   The zone
	is merlin.rona.ca yet it is claiming that it is rona.ca.  Named
	correctly detects this misconfiguration and marks the server
	as lame.

	Similarly for link2.

	Mark

; <<>> DiG 9.3.2prerelease <<>> AAAA merlin.rona.ca. +norec @link1.rona.ca.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21126
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;merlin.rona.ca.			IN	AAAA

;; AUTHORITY SECTION:
rona.ca.		86400	IN	SOA	rona.ca. administrator.rona.ca. 998545544 28800 7200 604800 86400

;; Query time: 259 msec
;; SERVER: 207.61.124.213#53(207.61.124.213)
;; WHEN: Sat Jun 25 12:44:58 2005
;; MSG SIZE  rcvd: 106

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list