BIND 9.1.0 and Sendmail 8.9.3 on Solaris 2.7?

Mike Tancsa mike at sentex.net
Fri Feb 2 01:43:16 UTC 2001


At 07:38 PM 2/1/01 -0600, Mike Miller wrote:

>We are having the same problem here too.  I am running sendmail 8.11.2 and
>bind 8.2.2p7.  From what I have read in the last couple of days and from
>other posts in this group it sounds like many of the 'problem' domains are
>incorrectly set up.  If anyone has any more information please share!!


Here are the bits from this list (discussed last week), from FreeBSD stable 
and the work around (on FreeBSD anyway)

--------------------------------------------------------

Also, note this from 8.11.2 (to be MFC'ed to RELENG_4 in the near future):

  When attempting to canonify a hostname, some broken name servers will
  return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.  If you
  want to excuse this behavior, compile sendmail with
  -D_FFR_WORKAROUND_BROKEN_NAMESERVERS.  However, instead, we recommend 
catching
  the problem and reporting it to the name server administrator so we can rid
  the world of broken name servers.

You can do this in your FreeBSD build by adding this to /etc/make.conf:

SENDMAIL_CFLAGS=-D_FFR_WORKAROUND_BROKEN_NAMESERVERS

On Sun, Jan 28, 2001, Mike Atkinson wrote:
 > ----- Original Message -----
 > From: "Dirk Meyer" <dirk.meyer at dinoex.sub.org>
 > >
 > > Please tweak the lines in the sendmail port:
 > > files/site.config.m4 to build without NETINET6 or without TCPWRAPPERS.
 >
 > Removing the NETINET6 lines from files/site.config.m4 seems to have
 > corrected the problem.

This seems to be the explanation:

$ dig supercom.ca. aaaa

; <<>> DiG 8.1 <<>> supercom.ca. aaaa
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      supercom.ca, type = AAAA, class = IN


8.12 will most likely have a workaround for this (as usual sendmail
provides a workaround for almost every broken configuration...)

         New ResolverOptions setting: WorkAroundBrokenAAAA.  When
                 attempting to canonify a hostname, some broken nameservers
                 will return SERVFAIL (a temporary failure) on T_AAAA (IPv6)
                 lookups.  If you want to excuse this behavior, use this new
                 flag.  Suggested by Chris Foote of SE Network Access and
                 Mark Roth of the University of Illinois at
                 Urbana-Champaign.




>-- Leonard
>
>At 05:12 PM 2/1/2001, Mike Tancsa wrote:
>>At 04:08 PM 2/1/01 -0800, Leonard Hermens wrote:
>>>We are getting the following message for a valid domain lookup (as
>>>confirmed with a lookup using "host"):
>>>
>>>Feb  1 13:43:55 lew sendmail[12301]: NAA12301: ruleset=check_mail,
>>>arg1=<iamperson at validdomain.com>, relay=ns.potlatchcorp.com [128.2.30.31],
>>>reject=501 <iamperson at validdomain.com>... Sender domain must exist
>>
>>         ---Mike









>Mike
>
>On Thu, 1 Feb 2001, Leonard Hermens wrote:
>
> >
> > Hi,
> >
> > I am running BIND 9.1.0 and Sendmail 8.9.3 on Solaris 2.7. (Details below)
> >
> > We are getting the following message for a valid domain lookup (as
> > confirmed with a lookup using "host"):
> >
> > Feb  1 13:43:55 lew sendmail[12301]: NAA12301: ruleset=check_mail,
> > arg1=<iamperson at validdomain.com>, relay=ns.potlatchcorp.com [128.2.30.31],
> > reject=501 <iamperson at validdomain.com>... Sender domain must exist
> >
> > Sometimes, but not always, we can run a "host" lookup on a domain name and
> > then sendmail will receive the email, but in the meantime, a lot of email
> > is being rejected apparently at random.
> >
> > Is sendmail 8.9.3 incompatible with BIND 9.1.0 or do I need to do 
> something
> > special to ensure that sendmail can use the resolver?  I know that this 
> may
> > not be an issue with BIND per se, but I would like to hear if anyone is
> > having an issue with this or not.
> >
> > -- Leonard
> >
> > Details:
> >
> > BIND 9.1.0 is built with gcc version 2.95.2 with default configuration.
> >
> > /etc/resolv.conf contains:
> > domain potlatchcorp.com
> > nameserver 127.0.0.1
> >
> > ------------------------------------------
> > /etc/named.conf contains:
> > options {
> >       directory "/var/namedb";
> >       pid-file "named.pid";
> >       allow-query { any; };
> >       forward only;
> >       forwarders {128.2.30.32;};            // NT box
> > };
> >
> > zone "." { type hint; file "root.hint"; };
> >
> > zone "0.0.127.in-addr.arpa" {
> >       type master;
> >       file "localhost.rev";
> >       notify no;
> > };
> >
> > zone "potlatchcorp.com" {
> >       type slave;
> >       file "potlatchcorp.com.bak";
> >       masters { 128.2.30.32; };
> > };
> >
> > zone "2.128.in-addr.arpa" {
> >       type slave;
> >       file "2.128.in-addr.arpa.bak";
> >       masters { 128.2.30.32; };
> > };
> >
> > --------------------------------------------
> >
> > Sendmail 8.9.3 configurations:
> >
> > divert(0)
> > VERSIONID(`@(#)lew.potlatchcorp.com.m4  8.9.3 (Berkeley) 10/29/1999')
> > FEATURE(access_db, dbm /etc/mail/access)dnl
> > FEATURE(use_cw_file)dnl
> >
> > divert(0)dnl
> > VERSIONID(`@(#)lew.potlatchcorp.com.mc   8.9.3 (Berkeley) 10/29/1999')
> > OSTYPE(solaris2)dnl
> > DOMAIN(lew.potlatchcorp.com)dnl
> > FEATURE(relay_entire_domain)dnl
> > MAILER(local)dnl
> > MAILER(smtp)dnl
> > define(`confME_TOO')dnl
> >
> > --------------------------------------------
> >
> >



More information about the bind-users mailing list