TYPE=ANY and missing records

greg_mcdermid at my-deja.com greg_mcdermid at my-deja.com
Wed Nov 24 02:00:48 UTC 1999


In article <383A0F6D.5101A86A at daimlerchrysler.com>,
  Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> Barry Margolin wrote:
>
> > In article <812q76$36d$1 at nnrp1.deja.com>,  <greg_mcdermid at my-
deja.com> wrote:
> > >Problem is that any requests with TYPE=ANY seem
> > >to only return the NS records - which is not good
> > >as sendmail only requests ANY, then A (most
> > >domains don't have an A record for their domain),
> > >thus the mail simply queues up.
>
> I just did a quick test, and, for me, sendmail (8.9.0) seems to be
doing ANY/A/MX,
> so I'm surprised you're having a problem unless you have
misconfigured your
> sendmail to not use MX records.
>

Well I am not sure whether or not I misconfigured? I have run the debug
options on sendmail and get this output for one of the messages:
__________________________________________________

Running IAA03233 (sequence 2 of 4)
dns_getcanonname(bdw.com.au, trymx=1)
dns_getcanonname: trying bdw.com.au. (ANY)
;; res_querydomain(bdw.com.au, , 1, 255)
;; res_query(bdw.com.au., 1, 255)
;; res_mkquery(0, bdw.com.au., 1, 255)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64178
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;	bdw.com.au, type = ANY, class = IN
;; Querying server (# 1) address = 144.55.34.9
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64178
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 3
;;	bdw.com.au, type = ANY, class = IN
bdw.com.au.		1h37m13s IN NS	ns.bdw.com.au.
bdw.com.au.		1h37m13s IN NS	oznet.ozemail.com.au.
bdw.com.au.		1h37m13s IN NS	oznet02.ozemail.com.au.
bdw.com.au.		1h45m58s IN SOA  ns.bdw.com.au.
root.bdw.com.au. (
					1999060602	; serial
					1H		; refresh
					30M		; retry
					2w6d		; expiry
					12H )		; minimum

bdw.com.au.		1h37m13s IN NS	ns.bdw.com.au.
bdw.com.au.		1h37m13s IN NS	oznet.ozemail.com.au.
bdw.com.au.		1h37m13s IN NS	oznet02.ozemail.com.au.
ns.bdw.com.au.		2h23m24s IN A	203.27.30.240
oznet.ozemail.com.au.	40m16s IN A	203.2.193.124
oznet02.ozemail.com.au.  23h57m28s IN A  203.2.192.124
	YES
dns_getcanonname: trying bdw.com.au. (A)
;; res_querydomain(bdw.com.au, , 1, 1)
;; res_query(bdw.com.au., 1, 1)
;; res_mkquery(0, bdw.com.au., 1, 1)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64179
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;	bdw.com.au, type = A, class = IN
;; Querying server (# 1) address = <my dns1>
server rejected query:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64179
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;	bdw.com.au, type = A, class = IN
;; Querying server (# 2) address = <my dns2>
server rejected query:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64179
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;	bdw.com.au, type = A, class = IN
;; Querying server (# 3) address = <my dns3>
server rejected query:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64179
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;	bdw.com.au, type = A, class = IN
;; res_query: send error
	NO: errno=110, h_errno=2
<xxxx at bdw.com.au>... bdw.com.au: Name server timeout
<xxxx at bdw.com.au>... Transient parse error -- message queued for future
delivery

__________________________________________________

You will see here that the first lookup is for TYPE=ANY, which fails to
find any MX records (they are not in cache) - I can live with this. The
second match it tries is for a TYPE=A record. Unfortunately this
organisation doesn't have any A records defined for it's domain. At
this point the code (sendmail 8.8.8/domain.c) doesn't check TYPE=MX
records as it falls out with the h_errno=2 (SERVFAIL). The bit of code
from domain.c under dns_getcanonname() looks like:

if (errno == ECONNREFUSED || h_errno == TRY_AGAIN)
{
    /* the name server seems to be down */
    h_errno = TRY_AGAIN;
    *statp = EX_TEMPFAIL;
    return FALSE;
}

h_errno has the value 2, which is the same for TRY_AGAIN. BUT we
haven't done a check for the MX records, which is the 3rd pass! Is this
by design or simply an oversight? This would only happen if you use a
forwarding DNS (my situation) or need to go through a firewall to get
to any external DNS (again my situation). Or is there something else I
am missing?? I am also using Microsoft DNS for both my internal domain
and to handle forwarding for external domains.

> > If you're querying a caching server, an ANY query will return
whatever
> > happens to be in the cache for the name.  If the NS records are
already in
> > the cache (because you've looked up something within the domain),
they'll
> > be returned.  The caching server can't tell whether its information
is
> > complete without performing another recursive query, so the
alternative
> > would be for all ANY queries to force recursion, rather than using
the
> > cache, which would not be good.
>
> Well, theoretically, named could keep track of whether anything
relevant has been
> removed from the cache since the last ANY query for a given name, so
in the worst
> case you'd only be recursing as often as the least-persistent
matching RR times
> out (since it'd refresh the TTL's on everything else). That would be
quite a bit
> of coding, I imagine, and I doubt anyone thinks it's worth the effort.
>
> > Applications should generally *not* use ANY queries unless they
know for a
> > fact that they're querying an authoritative server rather than a
caching
> > server (i.e. they implement their own full resolver, rather than
using a
> > stub resolver)..
>
> Not to disagree, but I think sendmail is an exception to that general
rule, for
> performance reasons.1. it usually only runs on machines which are
capable of
> running their own nameserver, and it's really cheap to send a query
and response
> over a local interface as long as no recursion is involved. 2.  the
names sendmail
> queries tend to "cluster", which makes for very good cache hit
ratios. 3. sendmail
> cares about multiple RR types (A & MX, to a lesser extent CNAME), so
if it can
> often get answers for both types with a single query (even from a
> non-authoritative server), then that is a win, even if occasionally
the first
> query is wasted and it has to fallback to RR-specific queries anyway.
>
> - Kevin
>
>

Regards,

Greg McDermid


Sent via Deja.com http://www.deja.com/
Before you buy.


More information about the bind-users mailing list