bind9 + host command issue in FreeBSD-5.4

tpeixoto at tpeixoto at
Tue Feb 21 04:42:10 PST 2006

Hi Doug,

first of all I want to thank you for your reply.

The domain I referred before belongs to a bank in Brazil and usually it's
hard to get anything from those guys so I've found a workaround and put
their 'MX' IP in our mailertable and now it worked fine.
Also, I've tried many things like:

1) define(`confBIND_OPTS', `WorkAroundBrokenAAAA') in (seems
default in FreeBSD) - didn't help;
2) disable IPv6 in sendmail. It stopped listening IPv6 but didn't stop
asking for AAAA records;

I couldn't find a way to stop sendmail from trying to get AAAA records and
I cannot reboot this server to disable IPv6 in kernel so I'm gonna stick
with this workaround until the guys from that domain correct it.

About the host command, I know it's only a tool for quick use, not for
debugging, and it seems to ask for AAAA record even if you specify '-t a',

# host -t a has address
Host not found: 2(SERVFAIL)

18762+ A? (49)
18762 1/2/2 (141)
42313+ AAAA? (49)
42313 ServFail 0/0/0 (49)
40925+ MX? (49)
40925 0/0/0 (49)

Best regards,

tpeixoto at wrote:
> >> Hello all!
> >>
> >> I am not sure if this is the right place to discuss this issue
>For future reference, the bind-users list at ISC is probably a better forum,
>but this is as good as any.  :)
> >> but I am
> >> experiencing strange behaviour with bind9 + host command with some
> >> that bind are _not_ authoritative
>I assume you mean domains for which you are not authoritative, in other
>words, domains you have no control over.
> >> as the following example:
> >>
> >> # uname -a
> >> FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed
> >> Feb  1 22:18:04 BRST 2006
> >> root at  i386
> >>
> >> # named -v
> >> BIND 9.3.1
>When 5.5-RELEASE comes out (or better yet, 6.1-RELEASE) you should seriously
>consider upgrading. If you are doing anything mission critical that depends
>on DNS, BIND 9.3.2 is going to be an improvement for you.
> >> # host
> >> has address
> >> Host not found: 2(SERVFAIL)
>The second line is caused because there is no AAAA record for that hostname,
>and by default host always queries for one. You can see that things are fine
>with the hostname itself by using 'host -t a', or by using dig as you did
>below. FYI, if you need to do any kind of serious DNS debugging, dig is
>always the best tool to use. The host command is best for simple lookups
>when you just need the answer.
> >> That's the problem! host command replies with SERVFAIL. This also causes
> >> sendmail to raise "host name lookup failure" and not deliver the
>sendmail does not use the host command. The most likely cause for this
>failure is that the A record for has a 0
>second TTL, which is not only stupid, it's extremely unfriendly. It's also
>possible that your system has IPv6 support enabled, but you don't have IPv6
>connectivity, and/or your sendmail is configured to use (or prefer) IPv6
>addresses. Also, if you have any input into the operation of this zone,
>suggest that they increase the TTL, and add an MX record for that hostname
>(even if it points to itself).

More information about the freebsd-net mailing list