/etc/resolv.conf and sendmail
Nifty Hat Mitch
mitch48 at sbcglobal.net
Tue Jul 20 21:12:48 UTC 2004
On Wed, Jul 14, 2004 at 11:06:16PM -0400, Gene Heskett wrote:
> On Wednesday 14 July 2004 14:05, Alexander Dalloz wrote:
>
> [...]
> >
> >Of course, if Philippe did give his Sendmail a hostname which is not
> >resolvable, neither by the hosts file nor a DNS, his MTA will not
> > work proper.
...
> All of which makes sense (I think, I'm having trouble with he
> "internal" status of AAA yet)
I recall reading a comment that local host names for sendmail need "enough"
dots. i.e.
box.bogustopdomain # will not work for some.
box.subdomain.bogustopdomain # can work.
Since there is a AAA.com., aaa.net. and aaa.org resolver code could be
looking any of these up because you do not have enough dots.
I recommend the top two levels of a private host name be researched
for conflicts. I once found a nifty but flawed how-to for sendmail
and dns that said use "invalid.com". It turns out that there is a
registered domain by that name. Following the directions in this case
did unpredictable and possibly bad things.
http://www.interex.org/tech/9000/Tech/sun_hpux_interop/chap10_dns.html
In part the root of this is the ndots of resolver code (not really a
sendmail problem). In some cases /etc/hosts can use dots to force
termination and closure. i.e. DNS resolver code should understand
that a trailing dot terminates the fully qualified domain name.
192.188.1.5 boxa.aaa. boxa.aaa boxa
Also "Mail -v fred at boxa.aaa." may respond differently than
without the trailing dot "Mail -v fred at boxa.aaa". If things are correct
they should be the same. Compare and contrast...
host boxa.aaa.
host boxa.aaa
Mail -v fred at boxa.aaa.
Mail -v fred at boxa.aaa
next do a reverse lookup on the host results. Forward and reverse lookup
should be consistent.
$ host boxa.aaa.
boxa.aaa. has address 192.168.0.51
$ host 192.168.0.51
51.0.168.192.in-addr.arpa domain name pointer boxa.aaa.
Since aaa is not a subdomain of a .com .net or other high level domain
this dot count thing could be important.
In addition sendmail has a need to locally resolve private network
addresses.
http://sendmail.org/tips/private-dns/
The point here is that if the reverse lookup fails for a private
network as it will without local interaction mail will queue. This
"should be OK" with hosts first in resolv.conf but I have not found it
to be satisfactory.
Also there may be issues with path MTU discovery for some ISP services.
http://sendmail.org/tips/pathmtu.html
It can be useful and diagnostic to force your outgoing MTU to be
modestly sized.
Lastly if you are on a DHCP assigned address you will find that
setting up sendmail is painful. The short TTL for the domain name is
a signature of dynamic DNS. Use the ISP's mail host as a smart host.
This may require authentication. Set 'reply to:' headers on mail to
be the ISP's assigned mail address. Collect mail from the ISP with
fetchmail/ pop/ imap for local access.
I once thought that MX records would be helpful but there is a window
when your old IP address and DNS records could point to a different
box. If that box answers then rejects mail, mail will bounce back to
the sender.
Summary:
in etc/hosts
192.168.0.10 a.aa.priv.notpublicnet a
not
192.168.0.10 a.aa a
--
T o m M i t c h e l l
/dev/dull where insight begins.
More information about the fedora-list
mailing list