Sendmail-8.14.7 doesn't work with MS DNS in IPv4 network
Pavel Timofeev
timp87 at gmail.com
Tue Aug 6 12:47:45 UTC 2013
I know about WorkAroundBrokenAAAA. I used default system configuration
of sendmail so WorkAroundBrokenAAAA was set by default.
2013/8/6 Pavel Timofeev <timp87 at gmail.com>:
> Hello!
>
> I found a problem in new FreeBSD 9.2-{BETA2,RC1} which uses Sendmail-8.14.7.
> If you try to send email from FreeBSD 9.2 in IPv4 network with MS DNS
> you won't receive it.
> But in same time email passes from FreeBSD 9.1-RELEASE which uses
> Sendmail-8.14.5.
>
> It's because of two things.
>
> First thing: Sendmail behaviour changed between these two releases
> when it tries to resolve mx server name. For example, I did `echo foo
> | mail timp at xxx.ru`.
>
> Sendmail-8.14.5's tcpdump output:
> 14:30:45.061950 IP 10.0.2.15.30979 > hercules.xxx.ru.domain: 62684+
> MX? xxx.ru. (24)
> 14:30:45.063064 IP hercules.xxx.ru.domain > 10.0.2.15.30979: 62684*
> 1/0/1 MX kalmar.xxx.ru. 10 (63)
> 14:30:45.063624 IP 10.0.2.15.39212 > hercules.xxx.ru.domain: 62685+
> AAAA? kalmar.xxx.ru. (31)
> 14:30:45.064460 IP hercules.xxx.ru.domain > 10.0.2.15.39212: 62685* 0/1/0 (82)
> 14:30:45.064766 IP 10.0.2.15.44381 > hercules.xxx.ru.domain: 62686+ A?
> kalmar.xxx.ru. (31)
> 14:30:45.065530 IP hercules.xxx.ru.domain > 10.0.2.15.44381: 62686*
> 1/0/0 A 192.168.31.190 (47)
> 14:30:45.066014 IP 10.0.2.15.42197 > hercules.xxx.ru.domain: 62687+ A?
> kalmar.xxx.ru. (31)
> 14:30:45.066810 IP hercules.xxx.ru.domain > 10.0.2.15.42197: 62687*
> 1/0/0 A 192.168.31.190 (47)
> 14:30:45.071833 IP 10.0.2.15.23534 > hercules.xxx.ru.domain: 62688+
> PTR? 15.2.0.10.in-addr.arpa. (40)
>
>
> Sendmail-8.14.7's tcpdump output:
> 14:59:50.793338 IP reticulum.xxx.ru.19032 > hercules.xxx.ru.domain:
> 53417+ AAAA? xxx.ru. (24) [13/98]
> 14:59:50.793662 IP hercules.xxx.ru.domain > reticulum.xxx.ru.19032:
> 53417* 0/1/0 (75)
> 14:59:50.793696 IP reticulum.xxx.ru.55299 > hercules.xxx.ru.domain:
> 53418+ A? xxx.ru. (24)
> 14:59:50.794087 IP hercules.xxx.ru.domain > reticulum.xxx.ru.55299:
> 53418* 7/0/0 A 192.168.2.11, A 192.168.2.12, A 192.168.41.4, A
> 192.168.14.12, A 192.168.34.100, A 192.168.34.110, A 192.168.44.19 (136)
> 14:59:50.973445 IP reticulum.xxx.ru.29244 > hercules.xxx.ru.domain:
> 53419+ MX? xxx.ru. (24)
> 14:59:50.973754 IP hercules.xxx.ru.domain > reticulum.xxx.ru.29244:
> 53419* 1/0/1 MX kalmar.xxx.ru. 10 (63)
> 14:59:50.974061 IP reticulum.xxx.ru.56461 > hercules.xxx.ru.domain:
> 53420+ AAAA? kalmar.xxx.ru. (31)
> 14:59:50.974340 IP hercules.xxx.ru.domain > reticulum.xxx.ru.56461:
> 53420* 0/1/0 (82)
> 14:59:50.974570 IP reticulum.xxx.ru.28332 > hercules.xxx.ru.domain:
> 53421+ AAAA? kalmar.xxx.ru. (31)
> 14:59:50.974887 IP hercules.xxx.ru.domain > reticulum.xxx.ru.28332:
> 53421* 0/1/0 (82)
> 14:59:50.974919 IP reticulum.xxx.ru.21453 > hercules.xxx.ru.domain:
> 53422+ AAAA? kalmar. (24)
> 14:59:50.975290 IP hercules.xxx.ru.domain > reticulum.xxx.ru.21453:
> 53422 ServFail 0/0/0 (24)
> 14:59:50.975314 IP reticulum.xxx.ru.63038 > hercules.xxx.ru.domain:
> 53422+ AAAA? kalmar. (24)
> 14:59:50.975674 IP hercules.xxx.ru.domain > reticulum.xxx.ru.63038:
> 53422 ServFail 0/0/0 (24)
> 14:59:50.975749 IP reticulum.xxx.ru.38393 > hercules.xxx.ru.domain:
> 53423+ AAAA? kalmar.xxx.ru. (31)
> 14:59:50.976105 IP hercules.xxx.ru.domain > reticulum.xxx.ru.38393:
> 53423* 0/1/0 (82)
> 14:59:50.976176 IP reticulum.xxx.ru.45558 > hercules.xxx.ru.domain:
> 53424+ AAAA? kalmar. (24)
> 14:59:50.976483 IP hercules.xxx.ru.domain > reticulum.xxx.ru.45558:
> 53424 ServFail 0/0/0 (24)
> 14:59:50.976512 IP reticulum.xxx.ru.45297 > hercules.xxx.ru.domain:
> 53424+ AAAA? kalmar. (24)
> 14:59:50.976864 IP hercules.xxx.ru.domain > reticulum.xxx.ru.45297:
> 53424 ServFail 0/0/0 (24)
>
>
> All of them asked MX and got it - kalmar.xxx.ru. Then they went to
> resolve kalmar.xxx.ru.
> Sendmail-8.14.5 asked one time for 'AAAA kalmar.xxx.ru.' and then went
> to ask 'A kalmar.xxx.ru.'.
> But Sendmail-8.15.7 asked several times for 'AAAA kalmar.xxx.ru.' and
> then went to ask 'AAAA kalmar.' Without xxx.ru at then end, just
> servername. What for? I don't know. This is change.
> And yes, sendmail ignored ADDITIONAL SECTION from MX record and tried
> to resolve mx server name independently.
>
>
>
> Second thing: Sendmail-8.15.7 doesn't work with MS DNS in IPv4 network.
> MS DNS answers SERVFAIL on 'AAAA kalmar.'
> But BIND answers NXDOMAIN on same query.
> In case of SERVFAIL answer Sendmail never goes to ask for any A
> records. It tries to resolve 'AAAA kalmar.' again and again.
> In case of NXDOMAIN answer Sendmail goes to ask for A record and no problem.
> I checked it, set BIND server as DNS server for this test host.
>
> In my network there are only MS DNS servers.
> I tried to install sendmail-8.14.5 on FreeBSD 9.2-RC1 and got no
> problem with email.
> I tried to use ip6addrctl. No effect.
>
> So what we gonna do? There will be so many crying persons in
> mailinglist after 9.2-RELEASE I think)
>
> P.S. here is russian version small discussion
> http://ru-freebsd.livejournal.com/226451.html
More information about the freebsd-stable
mailing list