AAAA requests on IPv6-disconnected system: bug of feature?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

AAAA requests on IPv6-disconnected system: bug of feature?

Marat Khalili
Postfix is installed as forwarder to a fixed relay in a system with no
IPv6 addresses (disabled system-wide by net.ipv6.conf.*.disable_ipv6
lines in sysctl). Still, for each message it separately requests both A
and AAAA records of the relay from DNS, as I verified by tcpdump. Is it
a bug or feature? (Yes I know I can explicitly disable IPv6 in postfix
configuration too, but that's not the point.)

My investigation actually started with the following lines in mail.log,
which may or may not be related:

> May  4 07:52:16 postfix postfix/scache[1518]: statistics: domain
> lookup hits=0 miss=3 success=0%

(3 messages were sent in this interval; there are always 0 hits and 0%
success rate.)

I'm using Postfix 3.1.0-3 under Ubuntu 16.04. Relay is secure.emailsrvr.com.

--

With Best Regards,
Marat Khalili
Reply | Threaded
Open this post in threaded view
|

Re: AAAA requests on IPv6-disconnected system: bug of feature?

Wietse Venema
Marat Khalili:
> Postfix is installed as forwarder to a fixed relay in a system with no
> IPv6 addresses (disabled system-wide by net.ipv6.conf.*.disable_ipv6
> lines in sysctl). Still, for each message it separately requests both A
> and AAAA records of the relay from DNS, as I verified by tcpdump. Is it
> a bug or feature? (Yes I know I can explicitly disable IPv6 in postfix
> configuration too, but that's not the point.)

Postfix from me installs with IPv6 turned off. Complain with your
distributor if they change that.

        Wietse

> My investigation actually started with the following lines in mail.log,
> which may or may not be related:
>
> > May  4 07:52:16 postfix postfix/scache[1518]: statistics: domain
> > lookup hits=0 miss=3 success=0%
>
> (3 messages were sent in this interval; there are always 0 hits and 0%
> success rate.)
>
> I'm using Postfix 3.1.0-3 under Ubuntu 16.04. Relay is secure.emailsrvr.com.
>
> --
>
> With Best Regards,
> Marat Khalili
>
Reply | Threaded
Open this post in threaded view
|

Re: AAAA requests on IPv6-disconnected system: bug of feature?

Viktor Dukhovni
In reply to this post by Marat Khalili

> On May 4, 2017, at 4:05 AM, Marat Khalili <[hidden email]> wrote:
>
> Postfix is installed as forwarder to a fixed relay in a system with
> no IPv6 addresses (disabled system-wide by net.ipv6.conf.*.disable_ipv6
> lines in sysctl). Still, for each message it separately requests both
> A and AAAA records of the relay from DNS, as I verified by tcpdump.
> Is it a bug or feature?

To disable outbound IPv6 in Postfix set "inet_protocols = ipv4".  If you set
"inet_protocols" to some other value, then Postfix will do nexthop IPv6 lookups.

> (Yes I know I can explicitly disable IPv6 in postfix configuration too, but that's not the point.)

Actually, that is the point.  If IPv6 lookups are enabled, then they are performed.

> My investigation actually started with the following lines in mail.log, which may or may not be related:
>
>> May  4 07:52:16 postfix postfix/scache[1518]: statistics: domain lookup hits=0 miss=3 success=0%
>
> (3 messages were sent in this interval; there are always 0 hits and 0% success rate.)

This is unrelated to the IPv6 question.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: AAAA requests on IPv6-disconnected system: bug of feature?

Marat Khalili
> To disable outbound IPv6 in Postfix set "inet_protocols = ipv4".  If you set
> "inet_protocols" to some other value, then Postfix will do nexthop IPv6 lookups.
What will happen in my current setup if AAAA response suddenly becomes
non-empty? Will it fail to send the message?

--

With Best Regards,
Marat Khalili

Reply | Threaded
Open this post in threaded view
|

Re: AAAA requests on IPv6-disconnected system: bug of feature?

Marat Khalili
In reply to this post by Wietse Venema
> Postfix from me installs with IPv6 turned off. Complain with your
> distributor if they change that.

Indeed default inet_protocols value in my distribution is "all", both in
configuration created by install script and when corresponding line is
commented out. Do you mean, it is not supposed to be this way?


--

With Best Regards,
Marat Khalili
Reply | Threaded
Open this post in threaded view
|

Re: AAAA requests on IPv6-disconnected system: bug of feature?

Viktor Dukhovni
In reply to this post by Marat Khalili
On Thu, May 04, 2017 at 05:18:55PM +0300, Marat Khalili wrote:

> > Postfix from me installs with IPv6 turned off. Complain with your
> > distributor if they change that.
>
> Indeed default inet_protocols value in my distribution is "all", both in
> configuration created by install script and when corresponding line is
> commented out. Do you mean, it is not supposed to be this way?

The compiled in default is "all", but the prototype "main.cf" file included
with Postfix sources has "ipv4".

    $ postconf -d inet_protocols
    inet_protocols = all

    $ grep inet_protocols conf/main.cf
    inet_protocols = ipv4

On Thu, May 04, 2017 at 05:17:01PM +0300, Marat Khalili wrote:

> > To disable outbound IPv6 in Postfix set "inet_protocols = ipv4".  If you set
> > "inet_protocols" to some other value, then Postfix will do nexthop IPv6 lookups.
>
> What will happen in my current setup if AAAA response suddenly becomes
> non-empty? Will it fail to send the message?

Since IPv6 connections can't/won't complete, all messages will of
course be sent via IPv4.  With the address family not enabled in the
kernel, IPv6 failure will be fast (likely the socket(PF_INET6, ...)
system call will fail) and the only effect is a bit more logging in
some cases and the time it takes to do the AAAA lookups.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: AAAA requests on IPv6-disconnected system: bug of feature?

Wietse Venema
In reply to this post by Marat Khalili
Marat Khalili:
> > Postfix from me installs with IPv6 turned off. Complain with your
> > distributor if they change that.
>
> Indeed default inet_protocols value in my distribution is "all", both in
> configuration created by install script and when corresponding line is
> commented out. Do you mean, it is not supposed to be this way?

I am not talking about the default.

I am talking about "Postfix from me INSTALLS with ipv6 turned off".

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: AAAA requests on IPv6-disconnected system: bug of feature?

Scott Kitterman-4
On Thursday, May 04, 2017 12:56:05 PM Wietse Venema wrote:

> Marat Khalili:
> > > Postfix from me installs with IPv6 turned off. Complain with your
> > > distributor if they change that.
> >
> > Indeed default inet_protocols value in my distribution is "all", both in
> > configuration created by install script and when corresponding line is
> > commented out. Do you mean, it is not supposed to be this way?
>
> I am not talking about the default.
>
> I am talking about "Postfix from me INSTALLS with ipv6 turned off".

Since this is about Postfix as shipped by Ubuntu and as packaged by Debian,
the bug tracker for one of those distributions is the appropriate place for
this discussion, not here.  Apologies for not noticing which distro this was
about sooner.

Scott K