Justin Piszcz wrote: > Hello, > > I have two domains: > 1) internal (call it .int) > 2) external (my domain) > > I use bind9 for internal forward/reverse dns and for the external, forward > dns only. > > When my mail server does dns lookups it looks up not only the domain in > question, in this example, RBL checks, but it also appends my > internal domain (tries to lookup the address within the scope of my > domain): > > 14-Sep-2008 05:31:18.745 client 192.168.0.1#52380: query: > 98.243.165.206.vote.drbl.balakovo.ru IN A + > 14-Sep-2008 05:31:18.746 client 192.168.0.1#42269: query: > 98.243.165.206.vote.drbl.be.net.ru IN A + > 14-Sep-2008 05:31:18.747 client 192.168.0.1#40672: query: > 98.243.165.206.openlists.orbs.org.int IN A + > 14-Sep-2008 05:31:18.748 client 192.168.0.1#46048: query: > 98.243.165.206.dnsbl.sorbs.net.int IN A + > > So there are 2 lookups for every dns lookup (one for domainA and one for > domainA.int).. I have tried utilizing views but that did not seem to fix > the problem. I have tried commenting out the "search int" in all clients & > servers for /etc/resolv.conf, that did not solve the issue. > > Is this normal operation with bind or is there a way to separate this out > properly with views, such that: > > 1. External DNS lookups only query the actual IP in question and they do > not query my local internal domain name? > 2. Also, I should be able to keep "search int" in /etc/resolv.conf and not > have it try to perform external DNS lookups and append the .int? > named is not appending your domain to these queries, the app itself is doing so.
Is your MTA by any chance "sendmail"? sendmail uses its own resolver routines, so your /etc/resolv.conf settings may have no effect on its resolution behavior. Check out sendmail's "ResolverOptions" option; setting "-DNSRCH" for that option should probably fix your problem (at least, it turns off domain-searching for regular delivery lookups, I'm not 100% it'll have any effect on RBL lookups). If you're running some other MTA, hopefully it has a similar option. - Kevin
