On Mon, May 20, 2002 at 10:51:54AM -0500, Damon Anton Permezel wrote: > Since upgrading from 4.5 to 4.6-*, I have had problems exchanging > email with a correspondent at "austinenergy.com". It shows up as: > > % echo hi | mail -v [EMAIL PROTECTED] > austinenergy.com: Name server timeout > [EMAIL PROTECTED] Transient parse error -- message queued for >future delivery > [EMAIL PROTECTED] queued > > I have tracked this down to the fact that sendmail is using a IPv6-style > lookup request. It is a "AAAA ?" rather than a "A ?" (in tcpdump-esque).
[CC'd to -qa; this seems to be a usability problem, we are in a release code freeze, which mostly makes it a QA problem.] What exactly is the tcpdump output that you have been getting? It seems to me that, at least from my end, it is a simple matter of a timeout - the nameserver for austinenergy.com is listed from the gTLD servers as bolt.electric.austin.tx.us, and the nameservers for electric.austin.tx.us seem to not reply to any requests at all: nslookup, dig, dnsip, dnsipq all return either a timeout or a 'connection refused', which is mostly synonymous to a timeout. The fact that you see an AAAA query from sendmail is due to its (correct) behavior of trying an AAAA query before an A one, so as to prefer an IPv6 AAAA record to an IPv4 A record. The fact that sendmail does not even try an A query is due to its (correctly) assuming that something is wrong with the server - temporarily - because it received a SERVFAIL response. The SERVFAIL response (which means exactly as it says, a server failure, which is assumed to be a temporary condition) is returned by either your FreeBSD system's resolver library, or your ISP's nameserver, simply because, well, because the server failed (see above about the timeouts). > Further investigation dug up this manifesto in the sendmail README: > > When attempting to canonify a hostname, some broken name > servers will return SERVFAIL (a temporary failure) on T_AAAA > (IPv6) lookups. If you want to excuse this behavior, include > WorkAroundBrokenAAAA in ResolverOptions. However, instead, > we recommend catching the problem and reporting it to the > name server administrator so we can rid the world of broken > name servers. > > So, in violation of the networking "be liberal in what you accept and > conservative in what you produce", sendmail in it's new form will have many > perplexed sysadmins spending lots of time tracking down these mysterious > failures. > > I suggest that the version of sendmail configs shipped with FreeBSD > should default to having WorkAroundBrokenAAAA set by default. Just a question: have you tried it with this option, and did it work? That is, did you get a response to an A query that you did not get to an AAAA? Once again, can you post some tcpdump output? G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED] [EMAIL PROTECTED] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence contradicts itself - or rather - well, no, actually it doesn't!
msg34519/pgp00000.pgp
Description: PGP signature
