Date: Wed, 01 Jan 2003 11:49:45 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Peter Much <pmc@citylink.dinoex.sub.org> Cc: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: sendmail: how to get the named of FreeBSD4.7 standards compliant? Message-ID: <3E134659.78028611@mindspring.com> References: <no.id> <20030101181330.C8233@disp.oper.dinoex.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Much wrote: > 6. Then it asks the nameserver for the "AAAA" record of > "gate-e.oper.dinoex.org" (which does not exist - the > nameserver answers by sending the zonefile header (seems > ok?). Then sendmail asks again for the "AAAA" record of > "gate-e" (without domain). Now the local nameserver does > not answer, but tries to propagate the query up! > If there is an outbound connection active, this query will > go out to some internet forwarder (or possibly the root > nameservers), and from there likely return as not existing - > then the mail will be delivered. But if there is currently > no outbound connection available, then this query will > return with SERVFAIL, and then sendmail does put the mail > into "deferred" state. > > Background: This environment should be configured to use > an internet connection for internet-relevant things, but to > work flawlessly without such a connection as long as matters > do concern only systems within the LAN. This is called a "split horizon DNS", and you need to run two DNS servers, one interior, and one exterior, both authoritative for your domain, in order for this to work. The problem is that you are forwarding a request that should be local, and you are doing it because your local server does not pass the authority test for your local domain. I have been told that BIND 9 can solve this problem with two different "views"; however, I do not believe it. I wrote a BCP RFC for this, which ended up not getting published, as I did not push it on the promise that the views would solve the problem, and arrive much sooner than they did. I believe it is still available from: ftp://ftp.whistle.com/pub/terry/drafts/draft-lambert-dns-split-00.txt > Yes, Ted, I understand well. And I see a lot of workarounds "Terry", not "Ted". 8-). > Another matter is: this stuff is obviously creating network > traffic and load on the root nameservers. What good for? To replace the IPv4 traffic entirely, eventually. > ! I would be real tempted to automatically generate complaint > ! email to the technical contact in the whois database for all > ! AAAA/A6 requests that fail that way, instead, if the delay > ! bthered me (which it doesn't). > > Well, in this case that technical contact would be me, and > that's why I'm asking. ;-)) The easist answer to that is to find DNS software that responds correctly, and tell them to change software. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E134659.78028611>