DNS gives different host_map_lookup results to Sendmail

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Wed Jul 31 17:25:47 UTC 2002 

Rob Boler <rob.boler at milton-keynes.gov.uk> wrote:

> PLEASE IGNORE MY PREVIOUS "Sendmail interaction with DNS" MESSAGE
> (some lines had corrupted characters).


> Could someone help please?

> We are trying to send an e-mail from our Unix (AIX) machine to a
> remote, external organisation (jeakinsweir). The e-mail should be
> routed out (by sendmail) from the Unix machine via Windows NT.
> Sometimes the mail succeeds in getting out, but sometimes it fails and
> is left in mailq on the AIX machine.

> We think we have found a work-around by doing:
> "nslookup -querytype=MX jeakinsweir.co.uk xxx.xxx.xxx.xxx"
> immediately prior to typing
> "sendmail -q -v"
> to force the mail out (where xxx.xxx.xxx.xxx is the IP address of our
> NT DNS server. Note that this is the only nameserver listed in
> /etc/resolv.conf on our AIX machine). We have been told that by doing
> the nslookup, the required data is put into the cache of the NT DNS
> server, for sendmail to use. However, we cannot understand why a
> similar thing sometimes does not appear to happen with the DNS query
> that sendmail generates internally.

> Regarding specific examples, we have captured debug info from
> sendmail, extracts of which are shown below. We cannot understand why
> there is a different "host_map_lookup" line, and we think that the
> difference is a significant indication of the eventual success or
> failure of the sendmail attempt. Note that the NT DNS server shown in
> the lines:
> ";; Querying server (# 1) address = xxx.xxx.xxx.xxx"
> is the same one as used in the nslookup command noted above. It is
> significant, we suspect, that the successful example returns some MX
> records, whereas the failure does not.

> Can anyone shed some light on this please?

> EXAMPLE OF SUCCESS: MAIL GOES OUT
> host_map_lookup(jeakinsweir.co.uk) => getcanonname(jeakinsweir.co.uk),
> trying dns
> dns_getcanonname(jeakinsweir.co.uk, trymx=1)
> dns_getcanonname: trying jeakinsweir.co.uk. (ANY)
> ;; res_nquerydomain(jeakinsweir.co.uk, , 1, 255)
> ;; res_query(jeakinsweir.co.uk., 1, 255)
> ;; res_nmkquery(QUERY, jeakinsweir.co.uk., IN, ANY)
> ;; res_send()
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 71
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      jeakinsweir.co.uk, type = ANY, class = IN
> ;; Querying server (# 1) address = xxx.xxx.xxx.xxx
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 71
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 4
> ;;      jeakinsweir.co.uk, type = ANY, class = IN
> jeakinsweir.co.uk.      4h1m22s IN MX   15
> lpmail-gw.webleicester.co.uk.
> jeakinsweir.co.uk.      4h1m22s IN MX   20
> ntmail-gw.webleicester.co.uk.
> jeakinsweir.co.uk.      4h1m22s IN MX   5 mail.jeakinsweir.co.uk.
> jeakinsweir.co.uk.      4h1m22s IN MX   10
> nwmail-gw.webleicester.co.uk.
> jeakinsweir.co.uk.      4h1m22s IN NS   ns1.webleicester.co.uk.
> jeakinsweir.co.uk.      4h1m22s IN NS   ns2.webleicester.co.uk.
> jeakinsweir.co.uk.      4h1m22s IN NS   ns1.webleicester.co.uk.

> EXAMPLE OF FAILURE: MAIL IS LEFT IN mailq
> host_map_lookup(jeakinsweir.co.uk) =>
> dns_getcanonname(jeakinsweir.co.uk, trymx=1)
> dns_getcanonname: trying jeakinsweir.co.uk. (ANY)
> ;; res_nquerydomain(jeakinsweir.co.uk, , 1, 255)
> ;; res_query(jeakinsweir.co.uk., 1, 255)
> ;; res_nmkquery(QUERY, jeakinsweir.co.uk., IN, ANY)
> ;; res_send()
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48849
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;;      jeakinsweir.co.uk, type = ANY, class = IN
> ;; Querying server (# 1) address = xxx.xxx.xxx.xxx
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48849
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
> ;;      jeakinsweir.co.uk, type = ANY, class = IN
> jeakinsweir.co.uk.      3h29m33s IN NS  ns1.webleicester.co.uk.
> jeakinsweir.co.uk.      3h29m33s IN NS  ns2.webleicester.co.uk.
> jeakinsweir.co.uk.      3h29m33s IN NS  ns2.webleicester.co.uk.
> jeakinsweir.co.uk.      3h29m33s IN NS  ns1.webleicester.co.uk.


I would replace the NT DNS with a reliable functional one. 

One suggestion is to keep the hardware but replace the software with
OpenBSD and bind-9  

In addition you should install ( or make available) at least one 
more nameserver to have as "spare" , also make the spare listed
in /etc/resolv.conf




-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list