andy@xwkg.Icom.Com (Andrew H. Marrinson) (06/12/91)
Hello, I am having a problem using Ron Karr's smail 3.1.19 with the bind name server. What is causing the problem is that I am not connected to the Internet, but have a small isolated LAN. In the past, I have used smail in such a way that it uses gethostbyname to determine if a host is on my LAN, and, if it is, to convert its name to an Internet address. Unfortunately, I know have a need to use MX records (for a Novell mail gateway) and WKS records (for a DOS machine that is on the net with TCP/IP, but doesn't have an SMTP server -- it gets its mail via UUCP). No problem, I thought, I just configure in smail's bind driver, which causes it to query the name server directly rather than using gethostbyname. I did this, and it *seemed* to work fine. Until I tried to send mail to an off-site domain, that is. It seems that bind (the Berkeley implementation of DNS, used by most Unix systems -- as if you didn't know that) is returning a response code of ``Server failure'' when a query is sent requesting a domain ``above'' ours. Thus, requesting foo.icom.com (which doesn't exist in our icom.com domain) gets a ``Name Error'' response (a.k.a. non-existent domain) as I would expect. But foo.bar.baz gets ``Server failure''. The problem is that smail treats server failure as a temporary condition, and deals with it by deferring mail transmission until some future time, whereas if the response is name error, smail tries another way of determining what address to send to, for example, UUCP. Which brings me to the questions. First, for you DNS experts, is it appropriate to get a server failure response when no name server can be found that is authoritative for the zone in question? Is there any way around this? I know I can deal with it by setting up empty zones for all the top-level domains, and that would have been fine back when there were only .com, .mil, etc., but these days that seems like a real bad way to go. I even tried adding an SOA RR owned by the domain ".", hoping that would make my server authoritative for the root domain, and everything under it, but it was no go... Finally, for you smail3.1 experts, has anyone else found a good way to deal with this? I just grabbed smail3.1.21, but it doesn't seem to do anything any differently in this regard. This is the second time I've tried to solve this, and I just don't get it. most of the RFC's and bind documentation relevant to this assume you are connected to the Internet, and therefore will simply bump the problem up to another name server. If all name servers work like this, the root server must have a hell of a master file. I thought things were looking up when I noticed a comment in RFC 1123's DNS section that said it was important that a name server work in a LAN not connected to the Internet, but it didn't say much about how to go about this. I suppose I could just get source for bind, and hack on it, but that seems like a drag. Or I could modify smail to not distinguish between server failure and name error, but that seems dangerous -- the server(s) could actually be down, in which case we want to wait and try again later. Surely, someone else has tried this? Hopefully yours, -- Andrew H. Marrinson Icom Systems, Inc. Wheeling, IL, USA (andy@icom.icom.com)
robert@dg.se (Robert Claeson) (06/14/91)
In article <andy.676679267@xwkg.Icom.Com>, andy@xwkg.Icom.Com (Andrew H. Marrinson) writes: |> The problem is that smail treats server failure as a temporary |> condition, and deals with it by deferring mail transmission until some |> future time, whereas if the response is name error, smail tries |> another way of determining what address to send to, for example, UUCP. Have you tried to disable the defer_no_connect flag to the bind driver in the routers file? I don't know about smail 3.1.19, but it sure exists in 3.1.21. -- Robert Claeson Just because I am writing this doesn't mean that my employer agrees with me.
barrett@Daisy.EE.UND.AC.ZA (Alan P Barrett) (06/14/91)
In article <andy.676679267@xwkg.Icom.Com>, andy@xwkg.Icom.Com (Andrew H. Marrinson) writes: > I am having a problem using Ron Karr's smail 3.1.19 with the bind name > server. What is causing the problem is that I am not connected to the > Internet, but have a small isolated LAN. [...] > > Unfortunately, I know have a need to use MX records (for a Novell mail > gateway) and WKS records (for a DOS machine that is on the net with > TCP/IP, but doesn't have an SMTP server -- it gets its mail via UUCP). RFC 1123 says that a mailer shouldn't use WKS records to decide whether or not a destination host talks SMTP. > It seems that bind (the Berkeley implementation of DNS, used by most > Unix systems -- as if you didn't know that) is returning a response > code of ``Server failure'' when a query is sent requesting a domain > ``above'' ours. Thus, requesting foo.icom.com (which doesn't exist in > our icom.com domain) gets a ``Name Error'' response (a.k.a. > non-existent domain) as I would expect. But foo.bar.baz gets ``Server > failure''. That's the proper thing for it to do. > The problem is that smail treats server failure as a temporary > condition, and deals with it by deferring mail transmission until some > future time, whereas if the response is name error, smail tries > another way of determining what address to send to, for example, UUCP. That's the proper thing for it to do. > Which brings me to the questions. First, for you DNS experts, is > it appropriate to get a server failure response when no name server > can be found that is authoritative for the zone in question? Yes. If the server is down or misconfigured, that is hopefully a temporary condition, and it would be wrong for it to say that the host definitely doesn't exist. > I even tried adding an SOA RR owned by the domain ".", hoping that > would make my server authoritative for the root domain, and everything > under it, but it was no go... I am very surprised that that didn't work. Are you sure you did it right? You could also try adding an MX record for "*." pointing to your gateway host. (Over here, on a non Internet-connected internet, we have MX records for things like "*.COM.", "*.EDU.", etc., all pointing to a gateway machine. Works fine.) > Finally, for you smail3.1 experts, has anyone else found a good way to > deal with this? I just grabbed smail3.1.21, but it doesn't seem to do > anything any differently in this regard. The smail3.1 gethostbyname router doesn't use MX records, so you should possibly use the bind router instead. If you put your bind router before your pathalias router in the smail configuration, then you will have to make your DNS return either name errors or MX records (pointing to the gateway host) for non-local domains. That will allow smail to fall back on pathalias etc. > I suppose I could just get source for bind, and hack on it, but that > seems like a drag. Yeah, hacking on bind is a bit of a drag. > Or I could modify smail to not distinguish between server failure and > name error, but that seems dangerous -- the server(s) could actually > be down, in which case we want to wait and try again later. Don't do that. --apb Alan Barrett, Dept. of Electronic Eng., Univ. of Natal, Durban, South Africa RFC822: barrett@ee.und.ac.za Bang: m2xenix!quagga!undeed!barrett