Date: Mon, 20 May 2002 19:15:46 +0300 From: Peter Pentchev <roam@ringlet.net> To: Damon Anton Permezel <dap@damon.com> Cc: freebsd-qa@FreeBSD.org, freebsd-hackers@freebsd.org Subject: Re: 4.6-* sendmail misfeatures Message-ID: <20020520191546.D349@straylight.oblivion.bg> In-Reply-To: <20020520105154.E962@damon.com>; from dap@damon.com on Mon, May 20, 2002 at 10:51:54AM -0500 References: <20020520105154.E962@damon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--BRE3mIcgqKzpedwo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 20, 2002 at 10:51:54AM -0500, Damon Anton Permezel wrote: > Since upgrading from 4.5 to 4.6-*, I have had problems exchanging > email with a correspondent at "austinenergy.com". It shows up as: >=20 > % echo hi | mail -v no.such.user@austinenergy.com > austinenergy.com: Name server timeout > no.such.user@austinenergy.com... Transient parse error -- message queued= for future delivery > no.such.user@austinenergy.com... queued >=20 > I have tracked this down to the fact that sendmail is using a IPv6-style > lookup request. It is a "AAAA ?" rather than a "A ?" (in tcpdump-esque). [CC'd to -qa; this seems to be a usability problem, we are in a release code freeze, which mostly makes it a QA problem.] What exactly is the tcpdump output that you have been getting? It seems to me that, at least from my end, it is a simple matter of a timeout - the nameserver for austinenergy.com is listed from the gTLD servers as bolt.electric.austin.tx.us, and the nameservers for electric.austin.tx.us seem to not reply to any requests at all: nslookup, dig, dnsip, dnsipq all return either a timeout or a 'connection refused', which is mostly synonymous to a timeout. The fact that you see an AAAA query from sendmail is due to its (correct) behavior of trying an AAAA query before an A one, so as to prefer an IPv6 AAAA record to an IPv4 A record. The fact that sendmail does not even try an A query is due to its (correctly) assuming that something is wrong with the server - temporarily - because it received a SERVFAIL response. The SERVFAIL response (which means exactly as it says, a server failure, which is assumed to be a temporary condition) is returned by either your FreeBSD system's resolver library, or your ISP's nameserver, simply because, well, because the server failed (see above about the timeouts). > Further investigation dug up this manifesto in the sendmail README: >=20 > When attempting to canonify a hostname, some broken name > servers will return SERVFAIL (a temporary failure) on T_AAAA > (IPv6) lookups. If you want to excuse this behavior, include > WorkAroundBrokenAAAA in ResolverOptions. However, instead, > we recommend catching the problem and reporting it to the > name server administrator so we can rid the world of broken > name servers. >=20 > So, in violation of the networking "be liberal in what you accept and > conservative in what you produce", sendmail in it's new form will have ma= ny > perplexed sysadmins spending lots of time tracking down these mysterious > failures. >=20 > I suggest that the version of sendmail configs shipped with FreeBSD > should default to having WorkAroundBrokenAAAA set by default. Just a question: have you tried it with this option, and did it work? That is, did you get a response to an A query that you did not get to an AAAA? Once again, can you post some tcpdump output? G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence contradicts itself - or rather - well, no, actually it doesn'= t! --BRE3mIcgqKzpedwo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE86SEy7Ri2jRYZRVMRArFuAKCm9mny14hs3KwNwIhVD9HF/pdhMACgjESN tw6ZIQGYFYqlPXV7xLGjahg= =Zf6i -----END PGP SIGNATURE----- --BRE3mIcgqKzpedwo-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020520191546.D349>