Name Resolution problem

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Name Resolution problem

Uwe Dippel
Dear all,

I have recently seen a lot of name resolution problems with a specific
recipient domain.
The logs contain something like

> Jul  9 13:32:44 mymta postfix/smtp[19350]: A1D9035A7C: to=<[hidden email].
> edu.my>, relay=none, delay=0.09, delays=0.05/0.01/0.03/0, dsn=5.4.4, status=boun
> ced (Host or domain name not found. Name service error for name=tmsk.uitm.edu.my
>  type=AAAA: Host found but no data record of requested type)

I googled and found some hints on IPv6. But we are not running IPv6 yet.
  There were some contradictory suggestions of running bind with -6 and
disabling IPv6 for postfix.
Can someone please point me to a resource on how to solve the problem
pragmatically, I have no access to the DNS of the recipient domain. Only
some of my users need to send some mails there.


> % /usr/local/sbin/postconf -n
> command_directory = /usr/local/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/local/libexec/postfix
> debug_peer_level = 2
> html_directory = /usr/local/share/doc/postfix/html
> inet_protocols = all
> mail_owner = _postfix
> mailq_path = /usr/local/sbin/mailq
> manpage_directory = /usr/local/man
> mydestination = $myhostname, localhost.$mydomain, localhost, box1.coll.uniten.edu.my
> newaliases_path = /usr/local/sbin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/local/share/doc/postfix/readme
> sample_directory = /etc/postfix
> sendmail_path = /usr/local/sbin/sendmail
> setgid_group = _postdrop
> unknown_local_recipient_reject_code = 550

> % uname -a
> OpenBSD metalab.uniten.edu.my 4.3 GENERIC.MP#1582 amd64

> % pkg_info | grep post
> postfix-2.5.1p0     fast, secure sendmail replacement

Any hint appreciated,

Uwe



Reply | Threaded
Open this post in threaded view
|

Re: Name Resolution problem

Wietse Venema
Uwe Dippel:

> Dear all,
>
> I have recently seen a lot of name resolution problems with a specific
> recipient domain.
> The logs contain something like
>
> > Jul  9 13:32:44 mymta postfix/smtp[19350]: A1D9035A7C: to=<[hidden email].
> > edu.my>, relay=none, delay=0.09, delays=0.05/0.01/0.03/0, dsn=5.4.4, status=boun
> > ced (Host or domain name not found. Name service error for name=tmsk.uitm.edu.my
> >  type=AAAA: Host found but no data record of requested type)
>
> I googled and found some hints on IPv6. But we are not running IPv6 yet.
>   There were some contradictory suggestions of running bind with -6 and
> disabling IPv6 for postfix.
> Can someone please point me to a resource on how to solve the problem
> pragmatically, I have no access to the DNS of the recipient domain. Only
> some of my users need to send some mails there.

Postfix attempts AAAA lookups only when :

1 - DNS lookups are enabled (disable_dns_lookup = no)
2 - DNS says that the MX record does not exist,
3 - Postfix is configured for IPv6 support (e.g., inet_protocols = all).

Or:

1 - DNS lookups are disabled,
2 - Postfix is configured for IPv6 support (e.g., inet_protocols = all).

In your case, something is returning a false response for MX lookups.
You can hard-code the route with a transport map:

/etc/postfix/main.cf:
    transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport:
    tmsk.uitm.edu.my smtp:[tuah.uitm.edu.my]

but this may cause problems later when they change to a different server.

        Wietse

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Name Resolution problem

Victor Duchovni
On Wed, Jul 09, 2008 at 09:27:21AM -0400, Wietse Venema wrote:

> Uwe Dippel:
> > Dear all,
> >
> > I have recently seen a lot of name resolution problems with a specific
> > recipient domain.
> > The logs contain something like
> >
> > > Jul  9 13:32:44 mymta postfix/smtp[19350]: A1D9035A7C: to=<[hidden email].
> > > edu.my>, relay=none, delay=0.09, delays=0.05/0.01/0.03/0, dsn=5.4.4, status=boun
> > > ced (Host or domain name not found. Name service error for name=tmsk.uitm.edu.my
> > >  type=AAAA: Host found but no data record of requested type)
> >
> > I googled and found some hints on IPv6. But we are not running IPv6 yet.
> >   There were some contradictory suggestions of running bind with -6 and
> > disabling IPv6 for postfix.
> > Can someone please point me to a resource on how to solve the problem
> > pragmatically, I have no access to the DNS of the recipient domain. Only
> > some of my users need to send some mails there.
>
> Postfix attempts AAAA lookups only when :
>
> 1 - DNS lookups are enabled (disable_dns_lookup = no)
> 2 - DNS says that the MX record does not exist,
> 3 - Postfix is configured for IPv6 support (e.g., inet_protocols = all).

The OP has "inet_protocols = all", and is not using IPv6, so this
configuration setting is unwise.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Name Resolution problem

Uwe Dippel
In reply to this post by Wietse Venema
Victor Duchovni wrote:

>>
>> Postfix attempts AAAA lookups only when :
>>
>> 1 - DNS lookups are enabled (disable_dns_lookup = no)
>> 2 - DNS says that the MX record does not exist,
>> 3 - Postfix is configured for IPv6 support (e.g., inet_protocols = all).
>>    
>
> The OP has "inet_protocols = all", and is not using IPv6, so this
> configuration setting is unwise.
>  

It is the default for OpenBSD. It says

> # OpenBSD is IPv6-capable - use all available address
> families.          
> inet_protocols = all  

I have changed to inet_protocols = ipv4, and now it works:

> Jul  9 22:01:03 metalab postfix/smtp[10602]: 77C6835A6F:
> to=<[hidden email]>,
> relay=tuah.uitm.edu.my[202.58.80.106]:25, delay=0.63,
> delays=0.1/0.02/0.26/0.25, dsn=2.0.0, status=sent (250 Ok: queued as
> 25F29514003)
> Jul  9 22:01:03 metalab postfix/qmgr[4851]: 77C6835A6F: removed

Is this okay, or should I better use the map?
Not being an expert, I wonder why does postfix not try IPv4 if the
lookup on IPv6 fails?

Thanks to Wietse and Victor, to finally get the mail out!

Uwe




Reply | Threaded
Open this post in threaded view
|

Re: Name Resolution problem

Wietse Venema
Uwe Dippel:

> I have changed to inet_protocols = ipv4, and now it works:
>
> > Jul  9 22:01:03 metalab postfix/smtp[10602]: 77C6835A6F:
> > to=<[hidden email]>,
> > relay=tuah.uitm.edu.my[202.58.80.106]:25, delay=0.63,
> > delays=0.1/0.02/0.26/0.25, dsn=2.0.0, status=sent (250 Ok: queued as
> > 25F29514003)
> > Jul  9 22:01:03 metalab postfix/qmgr[4851]: 77C6835A6F: removed
>
> Is this okay, or should I better use the map?
> Not being an expert, I wonder why does postfix not try IPv4 if the
> lookup on IPv6 fails?

Postfix looks up A records before AAAA records, and it will be
happy when the A lookups succeed, even when the AAAA lookups fail.

But that is now what happened.

Your original problem report was that Postfix did a non-MX lookup
for tmsk.uitm.edu.my. This has nothing to do with IPv4 or IPv6.
This is about DNS servers that provide incorrect information.

This means you had a DNS server that claimed the MX record for
tmsk.uitm.edu.my did not exist, then the A lookup for tmsk.uitm.edu.my
failed and only after that did Postfix try to look up the AAAA
record for tmsk.uitm.edu.my.

So it is very likely that you will run into similar problems
down the road.

        Wietse