DNS and sendmail again

Thu Apr 19 17:17:54 UTC 2001

tedaldi at zi.unizh.ch wrote:

> peter at icke-reklam.ipsec.nu.invalid wrote:
>
> : P. Tedaldi <tedaldi at zi.unizh.ch> wrote:
> : > we got complaints from some domains, that e-mail sent to our mailhost
> : > gets refused with 451 xxx at somedomain.ch... Sender domain must resolve
> : > This error message comes from the check_mail ruleset of sendmail (8.9.3)
> : > if it canot resolve the senders domain. It does this by consulting
> : > the host map which results in a dns question
> : > somedomain.ch type=ANY,class=IN
> : > (I checked with iptrace).
> : >
> : > I tried to reproduce the problem with nslookup and found the following:
> : > nslookup -type=any somedomain.ch
> : > results in an answer with only the NS and the corresponding A records
> : > for the nameserver serving somedomain.ch (let's call it dns1.otherdomain.ch)
> : > while
> : > nslookup -type=mx somedomain.ch
> : > results in an answer containing the MX record for somedomain.ch which is
> : > only in defined in dns1.otherdomain.ch.
>
> : > Why is there a different result for type=any ? Obviously the nameserver
> : > does no recursion on the NS records in the case of type=any while it does
> : > in the case of type=mx. Why ?
>
> : > Maybe it is the setup of somedomain.ch, ist this valid ?
>
> : > - The namserver of the authority of the "ch" domain contains:
> : >   somedomain.ch NS dns1.otherdomain.ch
> : >   somedomain.ch NS dns2.otherdomain.ch
>
> : >   otherdomain.ch NS dns1.otherdomain.ch
> : >   otherdomain.ch NS dns2.otherdomain.ch
>
> : >   dns1.otherdomain.ch A (ip address)
> : >   dns2.otherdomain.ch A (ip address)
> : >
> : > - The nameservers of the autority of the somedomain.ch (dns1.otherdomain.ch):
>
> : >   somedomain.ch NS dns1.otherdomain.ch
> : >   somedomain.ch NS dns2.otherdomain.ch
> : >   somedomain.ch SOA ......
>
> : >   somedomain.ch MX mx.otherdomain.ch
>
> : >   otherdomain.ch NS dns1.otherdomain.ch
> : >   otherdomain.ch NS dns2.otherdomain.ch
> : >   otherdomain.ch SOA ...
>
> : >   dns1.otherdomain.ch A (ip address)
> : >   dns2.otherdomain.ch A (ip address)
> : >
> : >   mx.otherdomain.ch A (ip address)
> : >
> : > Is it valid to have a delegated subdomain name (somedomain.ch) as the name of
> : > the MX domain or put another way, does the name somedomain.ch belong to the
> : > authority of "ch" which has it delegated or somedomain.ch as the authority
> : > of the domain "somedomain.ch" ?
>
> : > I have not found an answer in the books available to me.
> : >
> : > Thanks for your help
>
> : Sorry, but we probably cannoty help for two reasons :
>
> : 1 - wrong group ( this is about BIND)
>
> Yes, the question is about BIND. Why do i not get the MX record when i
> ask with nslookup type=any in the nameserver configuration outlined ?
> Sendmail was mentioned only to document that this is a real problem
> and not an academic exercise.

If the nameserver didn't happen to have the MX record cached, then it wouldn't
return it in response to a QTYPE=* query. When you queried QTYPE=MX explicitly,
though, it recursed to get you the answer.

- Kevin