On Sep 19, 2010, at 12:07 PM, Len Conrad <lcon...@go2france.com> wrote:
> At 10:46 AM 9/19/2010, you wrote: >> On Sun, 2010-09-19 at 10:16:48 -0500, Len Conrad wrote: >> >> [ .. ] >> >>> so you're both saying that a dns query to the system resolver by >>> unprivileged postscreen gets different results than a query from >>> privileged dig? >> >> That is your straw man and misses the point. >> >> True or false: your command line tests on the Postfix machine did not >> replicate how Postfix actually conducts DNS queries? > > True. A useless question, and answer. Fail. The question (and your answer) illustrates that next time, do not make the beginner's mistake of troubleshooting DNS from the command line in a way that does not replicate the way Postfix queries DNS. > dig @zen.rbldnsd.domain.net <ip>.zen.rbldnsd.domain.net > > The system resolver returned the IP of (NS) zen.rbldnsd.domain.net, and dig > sent the query there, and got the desired answer. As expected; and this is why your dig query, to troubleshoot the postscreen issue, was the wrong one. As noted on the message-id I referenced earlier, this was explained to you once already by Wietse. > postscreen queried (the system resolver) for <ip>.zen.rbldnsd.domain.net. As documented and expected. > The system resolver queried for the NS for zen.rbldnsd.domain.net and sent > the query to that IP, and got always a negative answer. > > with: > > dig @127.0.0.1 <ip>.zen.rbldnsd.domain.net > > ... matches postscreen's query, and gets the same always-negative answers. This should've been your test query to begin with. > privileges had nothing to do with the above. Correct, you screwed something else up in your faulty troubleshooting approach, as explained to you already. But don't let that detract from good advice to avoid beginner's mistakes: replicate as best as possible the way Postfix will do something when you are on the command line. This means not always mucking around as root. Stop picking nits and heed the advice of the software's author. -- Sahil Tandon <sa...@freebsd.org>
