Date: Wed, 9 Jan 2013 15:44:35 +0000 From: Ben Morrow <ben@morrow.me.uk> To: freebsd-stable@freebsd.org Subject: Re: sendmail vs ipv6 broken after upgrade to 9.1 Message-ID: <20130109154435.GA81164@anubis.morrow.me.uk> In-Reply-To: <20130109.072935.595111158363526981.hrs@allbsd.org> References: <20130108151837.GF35868@acme.spoerlein.net> <20130108180920.GJ36633@rugsucker.smi.sendmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoth Hiroki Sato <hrs@FreeBSD.org>:
> Gregory Shapiro <gshapiro@freebsd.org> wrote
> in <20130108180920.GJ36633@rugsucker.smi.sendmail.com>:
>
> gs> > How can I unstupid sendmail here?
> gs>
> gs> I don't think sendmail is being stupid here as it is doing what it has
> gs> been doing under 8.x and 9.1 (the code is the same). I think
> gs> something changed with the upgrade to 9.1. As far as tracking it
> gs> down, the sendmail code does:
> gs>
> gs> getipnodebyname("acme.spoerlein.net", AF_INET6, AI_DEFAULT|AI_ALL,
> gs> &err);
> gs>
> gs> This will only return an IPv4 mapped address if:
> gs>
> gs> 1. There are no IPv6 addresses configured on the interfaces. <snip>
> gs>
> gs> 2. The query for an AAAA record for acme.spoerlein.net failed.
> gs> <snip>
This is not quite right.
AI_DEFAULT is AI_V4MAPPED | AI_ADDRCONFIG.
AI_V4MAPPED says 'if there are no AAAA records, query for A records
and return them as v4-mapped addresses'.
AI_ALL is only valid with AI_V4MAPPED, and says 'always query for A
records and return v4-mapped addresses'.
AI_ADDRCONFIG says 'only query for AAAA records if there is at least
one interface with an IPv6 address; only query for A records if
there is at least one interface with an IPv4 address'. (Loopback
explicitly doesn't count for this purpose.)
The resulting list of addresses is sorted according to ip6addrctl.
So getipnodebyname is behaving correctly here: the host has both IPv4
and IPv6 addresses, and Sendmail is requesting both native and v4-mapped
addresses be returned in all cases. The v4-mapped addresses are then
sorted to the top of the list.
On FreeBSD, where net.inet6.ip6.v6only is on by default, I believe this
is incorrect, and Sendmail should be passing 0 for the flags argument,
unless it's going to check or clear the IPV6_V6ONLY socket option. There
is no point binding a socket to a v4-mapped address if the kernel isn't
going to deliver IPv4 connections to it. Sendmail should also be binding
to all the addresses returned, if it isn't already, rather than just the
first: this would make the problem go away, since both v4-mapped and
native IPv6 sockets would be bound, and the v4-mapped ones would simply
never get any connections.
Fixing this by setting ipv6_prefer is not necessarily a good idea; this
will cause IPv6 addresses to be preferred across the whole system, and
unless your IPv6 connectivity is at least as good as your IPv4, that
probably isn't what you want.
> Just curious, but is there any specific reason not to return an error
> when Family=inet6 and no AAAA RR?
In this case, Sendmail explicitly requested that v4-mapped addresses be
returned in all cases...
Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130109154435.GA81164>