On Mon, Dec 20, 2004 at 10:54:42PM +1030, Paul A. Hoadley wrote: > I have actually solved the problem. I intend to post a summary for > the archive when I return to the site later in the week, at which > time I'll be able to identify the OS/nameserver combination at > fault.
I am told it's running Windows 2000 DNS Server. Presumably that's Microsoft's own DNS implementation built into Windows 2000. > Here's a teaser, though: it's a Microsoft product (I just don't know > which), and it's returing SERVFAIL status for a AAAA record query. Sometimes it behaves: > dig tsb.coremedicalsolutions.com. AAAA ; <<>> DiG 9.3.0 <<>> tsb.coremedicalsolutions.com. AAAA ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8959 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;tsb.coremedicalsolutions.com. IN AAAA ;; AUTHORITY SECTION: coremedicalsolutions.com. 3600 IN SOA archibald2.coremedicalsolutions.com. marc.coremedicalsolutions.com. 1480 900 600 86400 3600 ;; Query time: 281 msec ;; SERVER: 192.168.10.2#53(192.168.10.2) ;; WHEN: Thu Dec 23 15:03:23 2004 ;; MSG SIZE rcvd: 98 But sendmail seems intent on asking for just about every permutation on each domain name invovled, so sometimes it returns the bogus answer: > dig tsb AAAA ; <<>> DiG 9.3.0 <<>> tsb AAAA ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43109 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;tsb. IN AAAA ;; Query time: 245 msec ;; SERVER: 192.168.10.2#53(192.168.10.2) ;; WHEN: Thu Dec 23 15:04:42 2004 ;; MSG SIZE rcvd: 21 (By 'sometimes' I don't mean it's non-deterministic. Every time sendmail asks for the AAAA record of an unqualified hostname, the nameserver responds with SERVFAIL.) The consequence of this is that sendmail repeatedly defers delivery until the mail expires. > Curiously, sendmail's WorkAroundBrokenAAAA option did not help, and > I don't know why. Daryl Tester suggested using a mailertable entry, > and this worked. I still don't know why WorkAroundBrokenAAAA isn't working in this case. -- Paul. w http://logicsquad.net/ h http://paul.hoadley.name/
pgpKUQMXk1SEN.pgp
Description: PGP signature
