Drifting OT (was Re: FW: "no data known" vrs "host not found" )

admjcd admjcd at VOLPE.DOT.GOV
Wed Apr 3 14:33:27 UTC 2002


The ANY querys only fail from our local DNS servers not from any others on the internet including the ones at army.mil also there are several other domains that return this error intermittently. So is it more of an DNS error on which side? I found this about DNS from:

http://archives.neohapsis.com/archives/bind/2001/0036.html

818. [bug] Certain pathological responses to ANY queries could 
                        cause an assertion failure. [RT #1218] 

Does this fit my puzzle here?


From: James Griffin [mailto:agriffin at cpcug.org] 
Sent: Wednesday, April 03, 2002 8:31 AM
Cc: comp-protocols-dns-bind at isc.org
Subject: Drifting OT (was Re: FW: "no data known" vrs "host not found")



Kevin Darcy wrote:
> 
> Will Yardley wrote:
> 
> > In article <a8ch5j$afb at pub3.rc.vix.com>, Barry Margolin wrote:
> >
> > > Sendmail has traditionally done an ANY query so that it can get 
> > > look up the MX and A records in one query, rather than first doing 
> > > an MX query and then an A query if that fails.
> > >
> > > I'm not sure if this is a configurable option or it has changed in 
> > > recent versions.
> >
> > i could well be wrong, but i think this changed as of 8.10 or 8.11.
> 
> I believe sendmail uses ANY queries up through 8.11.
> 

Correct.  Just ran a test and checked the query log with sendmail-8.11.6-3.

$ /usr/sbin/sendmail webmaster at www.gsa.gov < /dev/null

Produces the following:

Apr 03 07:54:43.723 client 127.0.0.1#1207: query: www.gsa.gov IN ANY Apr 03 07:54:43.803 client 127.0.0.1#1207: query: www.wip.gsa.gov IN ANY Apr 03 07:54:44.026 client 127.0.0.1#1207: query: www.wip.gsa.gov IN MX Apr 03 07:54:44.078 client 127.0.0.1#1207: query: www.wip.gsa.gov IN ANY Apr 03 07:54:44.178 client 127.0.0.1#1207: query: www.wip.gsa.gov IN A

Interesting that it took five queries!  Have to look into that, I guess.

I also found an interesting DNS/sendmail interaction that I had not expected.

On my test lan, I have a machine corinth.athena.inc. that sometimes runs an http/s server but not mail servers.  In the athena.inc. zone were:
   athena.inc. CNAME corinth.athena.inc.
   athena.inc. MX 5 sparta.athena.inc.
   along with the usual A RRs.

sendmail on sparta was configured to accept mail, but only for the FQDN sparta.athena.inc. and localhost.  It was not configured to accept mail for the domain athena.inc.  As a result, mail to <mailbox>@athena.inc would bounce (after 3 days) as undeliverable - athena.inc. Not Responding.  Which of course was true since there is no MTA running on corinth.athena.inc.  

The solution is to add a "sendmail alias" for athena.inc. to the appropriate sendmail configuration file ('access' in this case).  Now sendmail would accept the MX RR as a source for information rather than ignoring it and using the chain of athena.inc. ->CNAME
->corinth.athena.inc. ->A ->192.168.1.3 -.No MTA connection refused.

FWIW



More information about the bind-users mailing list