BIND / Sendmail and Bad Referrals
Mike Tancsa
mike at sentex.net
Mon Jun 27 02:54:57 UTC 2005
At 10:24 PM 26/06/2005, Mark Andrews wrote:
> > At 10:48 PM 24/06/2005, Mark Andrews wrote:
> >
> > > link1.rona.ca is returning the wrong SOA record. The zone
> > > is merlin.rona.ca yet it is claiming that it is rona.ca. Named
> > > correctly detects this misconfiguration and marks the server
> > > as lame.
> > >
> > > Similarly for link2.
> > >
> > > Mark
> > >
> > >; <<>> DiG 9.3.2prerelease <<>> AAAA merlin.rona.ca. +norec
> @link1.rona.ca.
> > >; (1 server found)
> > >;; global options: printcmd
> > >;; Got answer:
> > >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21126
> > >;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > >
> > >;; QUESTION SECTION:
> > >;merlin.rona.ca. IN AAAA
> > >
> > >;; AUTHORITY SECTION:
> > >rona.ca. 86400 IN SOA rona.ca.
> > >administrator.rona.ca. 998545544 28800 7200 604800 86400
> > >
> > >;; Query time: 259 msec
> > >;; SERVER: 207.61.124.213#53(207.61.124.213)
> > >;; WHEN: Sat Jun 25 12:44:58 2005
> > >;; MSG SIZE rcvd: 106
> >
> >
> > There seems to be very different results using FreeBSD with INET6 and
> > without. With INET6, sendmail complains as I mentioned in the opening
> > thread. However, with INET6 disabled in the kernel, mail flows fine to
> this
> > site ?
> >
> > ---Mike
>
> Because it doesn't make the AAAA queries and hence doesn't see
> that link1.rona.ca and link2.rona.ca are misconfigured.
But should not
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
workaround such issues in sendmail ? It appears its not working in this case.
BTW, thank your help on this. I think I need to do some more research as
to better understand the process of what exactly sendmail is asking. I am
trying to understand this well enough so I can explain to the customer with
confidence why there is an issue with their configuration, and why it is a
good idea for their DNS server not to be configured this way.
In terms of reproducing such a misconfiguration, how would one even do it ?
---Mike
More information about the bind-users
mailing list