bind9 + host command issue in FreeBSD-5.4
tpeixoto at widesoft.com.br
tpeixoto at widesoft.com.br
Tue Feb 21 04:42:10 PST 2006
first of all I want to thank you for your reply.
The domain I referred before belongs to a bank in Brazil and usually it's
hard to get anything from those guys so I've found a workaround and put
their 'MX' IP in our mailertable and now it worked fine.
Also, I've tried many things like:
1) define(`confBIND_OPTS', `WorkAroundBrokenAAAA') in sendmail.mc (seems
default in FreeBSD) - didn't help;
2) disable IPv6 in sendmail. It stopped listening IPv6 but didn't stop
asking for AAAA records;
I couldn't find a way to stop sendmail from trying to get AAAA records and
I cannot reboot this server to disable IPv6 in kernel so I'm gonna stick
with this workaround until the guys from that domain correct it.
About the host command, I know it's only a tool for quick use, not for
debugging, and it seems to ask for AAAA record even if you specify '-t a',
# host -t a cauexcnt001smtp.unibanco.com.br.
cauexcnt001smtp.unibanco.com.br has address 184.108.40.206
Host cauexcnt001smtp.unibanco.com.br not found: 2(SERVFAIL)
18762+ A? cauexcnt001smtp.unibanco.com.br. (49)
18762 1/2/2 (141)
42313+ AAAA? cauexcnt001smtp.unibanco.com.br. (49)
42313 ServFail 0/0/0 (49)
40925+ MX? cauexcnt001smtp.unibanco.com.br. (49)
40925 0/0/0 (49)
tpeixoto at widesoft.com.br wrote:
> >> Hello all!
> >> I am not sure if this is the right place to discuss this issue
>For future reference, the bind-users list at ISC is probably a better forum,
>but this is as good as any. :)
> >> but I am
> >> experiencing strange behaviour with bind9 + host command with some
> >> that bind are _not_ authoritative
>I assume you mean domains for which you are not authoritative, in other
>words, domains you have no control over.
> >> as the following example:
> >> # uname -a
> >> FreeBSD server2.mydomain.com.br 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed
> >> Feb 1 22:18:04 BRST 2006
> >> root at server2.mydomain.com.br:/usr/src/sys/i386/compile/SERVER2 i386
> >> # named -v
> >> BIND 9.3.1
>When 5.5-RELEASE comes out (or better yet, 6.1-RELEASE) you should seriously
>consider upgrading. If you are doing anything mission critical that depends
>on DNS, BIND 9.3.2 is going to be an improvement for you.
> >> # host cauexcnt001smtp.unibanco.com.br.
> >> cauexcnt001smtp.unibanco.com.br has address 220.127.116.11
> >> Host cauexcnt001smtp.unibanco.com.br not found: 2(SERVFAIL)
>The second line is caused because there is no AAAA record for that hostname,
>and by default host always queries for one. You can see that things are fine
>with the hostname itself by using 'host -t a', or by using dig as you did
>below. FYI, if you need to do any kind of serious DNS debugging, dig is
>always the best tool to use. The host command is best for simple lookups
>when you just need the answer.
> >> That's the problem! host command replies with SERVFAIL. This also causes
> >> sendmail to raise "host name lookup failure" and not deliver the
>sendmail does not use the host command. The most likely cause for this
>failure is that the A record for cauexcnt001smtp.unibanco.com.br has a 0
>second TTL, which is not only stupid, it's extremely unfriendly. It's also
>possible that your system has IPv6 support enabled, but you don't have IPv6
>connectivity, and/or your sendmail is configured to use (or prefer) IPv6
>addresses. Also, if you have any input into the operation of this zone,
>suggest that they increase the TTL, and add an MX record for that hostname
>(even if it points to itself).
More information about the freebsd-net