BIND / Sendmail and Bad Referrals

Mike Tancsa mike at sentex.net
Fri Jun 24 19:44:53 UTC 2005 

I am trying to track down and understand the behaviour for sendmail
with domains that have 'bad' referrals / sub delegations.

e.g. the domains 
rona.ca, banquelaurentienne.ca, laurentianbank.ca

These all have somewhat odd DNS setups, in that they have as MX
records which are subdomains as well as hosts.

[smarthost1]# host -tns rona.ca
rona.ca name server ns2.rona.ca.
rona.ca name server ns1.rona.ca.
[smarthost1]# host -tmx rona.ca ns1.rona.ca
Using domain server:
Name: ns1.rona.ca
Address: 216.94.232.103#53
Aliases: 

rona.ca mail is handled by 20 draco.rona.ca.
rona.ca mail is handled by 10 merlin.rona.ca.
[smarthost1]# 


[smarthost1]# dig merlin.rona.ca @ns1.rona.ca

; <<>> DiG 9.3.1 <<>> merlin.rona.ca @ns1.rona.ca
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59213
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;merlin.rona.ca.                        IN      A

;; ANSWER SECTION:
merlin.rona.ca.         5       IN      A       209.47.3.183

;; AUTHORITY SECTION:
merlin.rona.ca.         3600    IN      NS      link2.rona.ca.
merlin.rona.ca.         3600    IN      NS      link1.rona.ca.

;; ADDITIONAL SECTION:
link1.rona.ca.          3600    IN      A       207.61.124.213
link2.rona.ca.          3600    IN      A       209.47.3.143

;; Query time: 79 msec
;; SERVER: 216.94.232.103#53(216.94.232.103)
;; WHEN: Fri Jun 24 15:13:18 2005
;; MSG SIZE  rcvd: 120

[smarthost1]# dig merlin.rona.ca @link1.rona.ca   

; <<>> DiG 9.3.1 <<>> merlin.rona.ca @link1.rona.ca
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17366
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;merlin.rona.ca.                        IN      A

;; ANSWER SECTION:
merlin.rona.ca.         5       IN      A       207.61.124.253

;; Query time: 16 msec
;; SERVER: 207.61.124.213#53(207.61.124.213)
;; WHEN: Fri Jun 24 15:13:32 2005
;; MSG SIZE  rcvd: 48

[smarthost1]# 

Its not technically LAME (I think because it does respond
authoritatively), because the name servers 
link1.rona.ca.          3600    IN      A       207.61.124.213
link2.rona.ca.          3600    IN      A       209.47.3.143

respond with aa, but there is no Authority section. I guess BIND wants
the equiv of having
merlin.rona.ca.    3600  IN NS link1.rona.ca.
merlin.rona.ca.    3600  IN NS link2.rona.ca.

in there, but it seems it is not.

Sendmail however treats this as if it is LAME (it seems LAME to me as
well) and complains it cannot lookup up the address 

Jun 24 00:35:14 smarthost1 sm-mta[71327]: j5NDZB0m008277:
to=<XXXXX at rona.ca>, delay=15:00:03, xdelay=00:00:00, mailer=esmtp,
pri=1
5421309, relay=draco.rona.ca., dsn=4.0.0, stat=Deferred: Name server:
draco.rona.ca.: host name lookup failure

Is this sendmail being too picky ?    Neither qmail nor postfix seem
to care much about this.
This is 
Sendmail 8.13.3/8.13.3 on FreeBSD 5.4

        ---Mike

--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
mike at sentex.net, (http://www.tancsa.com)

More information about the bind-users mailing list