jf@ap.co.umist.ac.uk (John Forrest) (11/09/90)
Its me again. Soyy to be such a bore, but I've spotted some potential problems
with the 5.65+IDA source and BIND. Essentially, the domain.c source contains the
imortal lines:
Getcanonname() below is broken in the sense that it won't return
unqualified local host names with their full domain extension,
unless the argument is an alias.
Since gethostbyname() calls the name server with bind 4.8,
I don't see why this function would be needed at all. I've
therefore restored the old code in maphostname() of daemon.c
that uses gethostbyname(). If there's something I've missed,
feel free to change maphostname() to again call getcanonname(),
but also make sure that the latter will qualify the host with
its full domain AND return a status code indicating if the host
was found.
To which someone has rightly realised there are cases where domains don't have
associated A resoures, and put it back in. Unfortunately, they don't seem to have
fixed it much more than that. A comparison with our previous version (5.61
without IDA) shows very little resemblance between the files. To a certain extent
this is not surprising, since we have a heaftily modified domain.c file to cope
with some funnies in our environment (we are not connected to the full named, do
not know all the uk domains, and are forced to impersonate wildcards for various
reasons I'm going to skip here). However, ignoring our (nice!) changes, it is
obvious the original functionality is quite different to the ``new'' file. I put
new in quotes, because I wonder if this file is an IDA special that has somehow
made its way into the source. Alternatively, have there been some funny fixes for
5.64/5.65?
As an example, the new code contains the further comments in getcanonname (after
it has sought the resource entries for a particular name):
else if (type == T_MX) {
/*
* Be sure that the best MX record doesn't point
* to the local machine. If it does, some other
* delivery method is assumed.
*/
Then if the best ``deliver'' is the local machine, it returns False. What is the
point of this? This is in code that is supposed to be expanding the name - the
choice of a route is completely different - and isn't handled here. There must be
other problems - I know from testing - but this one sticks out like a sore thumb.
Any explanations.
John Forrest,
Dept. of Computation,
UMIST.rickert@mp.cs.niu.edu (Neil Rickert) (11/10/90)
In article <1990Nov9.090855@ap.co.umist.ac.uk> jf@ap.co.umist.ac.uk (John Forrest) writes: >Its me again. Soyy to be such a bore, but I've spotted some potential problems >with the 5.65+IDA source and BIND. Essentially, the domain.c source contains the (... many deleted lines ...) > >As an example, the new code contains the further comments in getcanonname (after >it has sought the resource entries for a particular name): > > else if (type == T_MX) { > /* > * Be sure that the best MX record doesn't point > * to the local machine. If it does, some other > * delivery method is assumed. > */ > >Any explanations. > I first saw this in 5.61, so it is not as new as you think. However it may not have been in all 5.61-IDA versions. I believe this is Paul Pomes code. He probably should speak for himself, and perhaps will. But here is how he uses it: In the mailer selection section (ruleset S26, called from S0) of the IDA configuration package, this code prevents the TCP mailer from being incorrectly selected. The result is a search of the pathalias database to find an alternate routing. The way UIUC has this set up, it means that someone with an MX record pointing to uxc.cso.uiuc.edu, and with an entry on the UUCP maps can essentially control their own destiny. If they modify their MX record and/or their UUCP map entry they can control the mail routing at uxc without having to ask for personal intervention. There is a drawback to this setup, however. As you correctly point out, it means that host names cannot be properly qualified if there is an MX record pointing to the local host. You can of course use DOMAINTABLE entries as an alternative way to canonicalize addresses. But, if you prefer to handle MX rerouting via MAILERTABLE, you could make a good case for changing this code. Possibly it should depend on a #define so that it can be optionally selected via a definition in conf.h. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115. +1-815-753-6940