Hello Folks,
I run a Postfix MTA on OpenBSD. Recently I migrated the server from OBSD v5.3
to v5.4. Soon afterwards I noticed postfix was falsely rejecting mails based on
a FCrDNS (forward-confirmed reverse DNS) test. FCrDNS means the DNS
configuration of a connecting client is tested for forward and reverse DNS
consistency.
I first suspected a change in Postfix, but the developer (Wietse Venema) ruled
out any changes to this Postfix functionality.
Further investigation shows that gethostbyaddr() behaves differently on OBSD 5.3
and 5.4.
The problem seems to manifest itself when the DNS configuration of a client is
"non-trivial", e.g., when there are multiple PTR records, or when there is a
CNAME record which must be resolved before a PTR lookup can be performed.
I tested using a slightly modified Postfix utility ("gethostbyaddr.c") which I
attach below.
On OBSD 5.4 this program returns correct results for "trivial" DNS client
configurations, but "host <address> not found" for "non-trivial" ones.
On OBSD 5.3 the program returns correct results in all cases.
As far as I can tell, the two OBSD systems are configured identically. For
example, /etc/resolv.conf has the same lookup order ("lookup file bind"), and
the same nameserver.
DNS tools such as "host", "dig", or Net::DNS return correct results.
Here are some examples of IP-addresses that illustrate the problem:
195.234.50.30
72.26.200.202
96.47.67.46
173.231.138.204
To summarize, gethostbyaddr() on OBSD 5.4 does not seem to be behaving properly
and not as it did on 5.3.
Can anyone confirm this?
cheers,
Rob Urban
-- snip --
/*
* gethostbyaddr tester. compile with:
*
* cc -o gethostbyaddr gethostbyaddr.c (SunOS 4.x)
*
* cc -o gethostbyaddr gethostbyaddr.c -lnsl (SunOS 5.x)
*
* run as: gethostbyaddr address
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
main(argc, argv)
int argc;
char **argv;
{
struct hostent *hp;
char addr[INADDRSZ];
if (argc != 2) {
fprintf(stderr, "usage: %s i.p.addres\n", argv[0]);
exit(1);
}
// addr = inet_addr(argv[1]);
if (inet_pton(AF_INET, argv[1], (void *)addr) == 0) {
printf("inet_pton failed.\n");
exit(1);
}
if (hp = gethostbyaddr(addr, INADDRSZ, AF_INET)) {
printf("Hostname:\t%s\n", hp->h_name);
printf("Aliases:\t");
while (hp->h_aliases[0])
printf("%s ", *hp->h_aliases++);
printf("\n");
printf("Addresses:\t");
while (hp->h_addr_list[0])
printf("%s ", inet_ntoa(*(struct in_addr *) * hp->h_addr_list++));
printf("\n");
exit(0);
}
fprintf(stderr, "host %s not found\n", argv[1]);
exit(1);
}
