From owner-freebsd-hackers Thu Jan 9 10: 5:40 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 217CE37B401; Thu, 9 Jan 2003 10:05:36 -0800 (PST) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BC9143F43; Thu, 9 Jan 2003 10:05:33 -0800 (PST) (envelope-from pmc@citylink.dinoex.sub.org) Received: from net2.dinoex.sub.org (uucp@net2.dinoex.de [212.184.201.182]) by net2.dinoex.sub.org (8.12.6/8.12.6) with ESMTP id h09I4l0k008266; Thu, 9 Jan 2003 19:04:49 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) X-Authentication-Warning: net2.dinoex.sub.org: Host uucp@net2.dinoex.de [212.184.201.182] claimed to be net2.dinoex.sub.org Received: from citylink.dinoex.sub.org (uucp@localhost) by net2.dinoex.sub.org (8.12.6/8.12.6/Submit) with UUCP id h09I4kBc008264; Thu, 9 Jan 2003 19:04:46 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: from citylink.dinoex.sub.de by citylink.dinoex.sub.org (8.8.5/PMuch-B3b) with ESMTP id SAA00382; Thu, 9 Jan 2003 18:40:40 +0100 (CET) Received: from gate.oper.dinoex.org (localhost [127.0.0.1]) by citylink.dinoex.sub.de (8.12.6/8.12.6) with ESMTP id h09HfGDm000273; Thu, 9 Jan 2003 18:41:17 +0100 (CET) (envelope-from pmc@disp.oper.dinoex.org) Received: from disp.oper.dinoex.org (disp-e [192.168.98.5]) by gate.oper.dinoex.org (8.12.6/8.12.6) with ESMTP id h09HdHax000259; Thu, 9 Jan 2003 18:39:18 +0100 (CET) (envelope-from pmc@disp.oper.dinoex.org) Received: (from pmc@localhost) by disp.oper.dinoex.org (8.11.6/8.11.6) id h092FkZ81467; Thu, 9 Jan 2003 03:15:46 +0100 (CET) (envelope-from pmc) Date: Thu, 9 Jan 2003 03:15:45 +0100 From: Peter Much To: Terry Lambert Cc: Peter Much , Gregory Neil Shapiro , hackers@FreeBSD.ORG Subject: Re: sendmail: how to get the named of FreeBSD4.7 standards compliant? Message-ID: <20030109031545.A80293@disp.oper.dinoex.org> References: <20030101181330.C8233@disp.oper.dinoex.org> <3E134659.78028611@mindspring.com> <20030106173652.A495@disp.oper.dinoex.org> <3E1A1336.9F535670@mindspring.com> <20030108000930.A512@disp.oper.dinoex.org> <3E1C971C.7581F3BD@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3E1C971C.7581F3BD@mindspring.com>; from tlambert2@mindspring.com on Wed, Jan 08, 2003 at 01:24:44PM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ! > Exactly. And when this is not found, then the resolver will ! > inplicitly issue another query for the unqualified name. ! > ! > And it is even worse with sendmail, because sendmail does quite ! > interesting things there - like switching off RES_DEFNAMES - ! > so this one will definitely not add the local domain. ! ! This is broken in 2 ways: Hmm... possibly. ! 1) The default names option in the standard resolver will prevent ! another query for the unqualified name, since unqualified names ! are supposed to get the local domain name, unconditionally. I'm sorry, my named.log shows it the other way round - as does the debug mode of nslookup: -------------------------------------------------------------------- $ nslookup Default Server: localhost.oper.dinoex.org Address: 127.0.0.1 > set debug > wurz [defnames is set by default] Server: localhost.oper.dinoex.org Address: 127.0.0.1 ;; res_nmkquery(QUERY, wurz.oper.dinoex.org, IN, A) ------------ Got answer: HEADER: opcode = QUERY, id = 56443, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: wurz.oper.dinoex.org, type = A, class = IN AUTHORITY RECORDS: -> oper.dinoex.org ttl = 3600 (1H) origin = disp-e.oper.dinoex.org [this is localhost] mail addr = admin.disp.oper.dinoex.org [this is me] serial = 20011217 refresh = 3600 (1H) retry = 900 (15M) expire = 3600000 (5w6d16h) minimum ttl = 3600 (1H) ------------ ;; res_nmkquery(QUERY, wurz, IN, A) timeout [here it starts dialing out!] ------------ Got answer: HEADER: opcode = QUERY, id = 56444, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: wurz, type = A, class = IN AUTHORITY RECORDS: -> (root) ttl = 10800 (3H) origin = A.ROOT-SERVERS.NET mail addr = NSTLD.VERISIGN-GRS.COM serial = 2003010801 refresh = 1800 (30M) retry = 900 (15M) expire = 604800 (1W) minimum ttl = 86400 (1D) ------------ *** localhost.oper.dinoex.org can't find wurz: Non-existent host/domain > set nodefnames > wurz Server: localhost.oper.dinoex.org Address: 127.0.0.1 ;; res_nmkquery(QUERY, wurz, IN, A) ------------ Got answer: HEADER: opcode = QUERY, id = 56445, rcode = NXDOMAIN header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: wurz, type = A, class = IN AUTHORITY RECORDS: -> (root) ttl = 10701 (2h58m21s) origin = A.ROOT-SERVERS.NET mail addr = NSTLD.VERISIGN-GRS.COM serial = 2003010801 refresh = 1800 (30M) retry = 900 (15M) expire = 604800 (1W) minimum ttl = 86400 (1D) ------------ *** localhost.oper.dinoex.org can't find wurz: Non-existent host/domain ---------------------------------------------------------- ! 2) It's possible to change the resolver flags in sendmail by ! adding lines to the M4 file source code. You need to look ! at the source tree and read cf/README. Been there, done it, got the t-shirt. I walked thru the whole code there, only to find lots of niceies like the following - from daemon.c: ----------------------------------------------------- if (host[0] == '[') { [some stuff deleted] } else { /* contortion to get around SGI cc complaints */ { p = &host[strlen(host) - 1]; hp = sm_gethostbyname(host, family); if (hp == NULL && *p == '.') { # if NAMED_BIND int oldopts = _res.options; _res.options &= ~(RES_DEFNAMES|RES_DNSRCH); # endif /* NAMED_BIND */ *p = '\0'; hp = sm_gethostbyname(host, family); *p = '.'; # if NAMED_BIND _res.options = oldopts; # endif /* NAMED_BIND */ } } ----------------------------------------------------- Now this looks correct, because the second call to sm_gethostbyname hits only on FQDNs with terminating dot - but then sm_gethostbyname() in conf.c will not care about the resolver-flags at all and will shorten all unresolveable hostnames that do not have a terminating dot to their first component and retry with that. So even if we have a full qualified hostname with terminating dot, it will end up with a resolver query for the first name component - and that gets treated just like in the debug log above. Now, as far as I am considered, I think I have had enough of this stuff. I have understood from the code why it behaves the way it does, have learned a bit about name resolution, and now either have to live with it the way it is, or change the code in a way I like. rgds, PMc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message