To some degree, I suspect this might be possible. The writing by Tony
Finch you quoted certainly sounds reasonable.
If someone wants to create a patch for this specifically, I'd be happy
to including it in QMT (after appropriate testing of course). Anyone
care to tackle this? It may (or may not) be a trivial change - I haven't
looked at that code (yet).
At some point, QMT should be modified to support IPV6, which might be a
more appropriate point in time to address this issue. It certainly
should be addressed with IPV6 changes if it hasn't already. I expect
that IPV6 changes will be a bit more encompassing than DNS alone, but I
don't know that for sure.
For the record, I'm not adverse to making QMT as resilient/robust as
possible, even in cases where standards aren't necessarily followed to
the letter. Cases in point are LF characters and SMTPS (we don't have
SMTPS in the stock version - yet).
Thanks Quinn for bringing this up.
--
-Eric 'shubes'
On 07/22/2013 05:50 AM, Quinn Comendant wrote:
Rackspace has corroborated our findings with the va.gov DNS misconfiguration
(their response pasted below). Which brings me back to my question: is there a
way to make qmail more resilient to these kind of DNS issues?
Quinn
----- Forwarded message from [email protected], 21 Jul 2013 07:46:23 -----
Greetings Quinn,
From my investigation, this seems to be an issue with IPv6 contained in the
DNS record and the va.gov nameservers themself.
From your server and all other machines I've tested on, I can get the IPv6
AAAA records:
[root@oak ~]# lsmod|grep ipv6
ipv6 437985 38 cnic,ib_sdp,ib_ipoib,rdma_cm,ib_addr
xfrm_nalgo 43333 1 ipv6
[root@oak ~]# dig va.gov AAAA
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> va.gov AAAA
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8335
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;va.gov. IN AAAA
;; ANSWER SECTION:
va.gov. 60 IN AAAA 2610:d8:1000:28::28:221
;; Query time: 6 msec
;; SERVER: 72.3.128.240#53(72.3.128.240)
;; WHEN: Sun Jul 21 23:40:21 2013
;; MSG SIZE rcvd: 52
Which precludes there being any DNS connectivity issues on our network.
It seems the DNS response from the nameservers are inconsistent even for
external services querying the DNS; you can check by using the following:
http://pingability.com/zoneinfo.jsp?domain=va.gov
http://leafdns.com/index.cgi?testid=B91E5367
Notice that the glue records for MX are mismatched and/or missing, which would
indicate a reason for SMTP/mail issues and the va.gov domain.
So the problem essentially lies with the DNS zone for va.gov and any one of the
4 nameservers not answering correctly under varying requester conditions.
I will leave this ticket should you have any further insight on the issue.
If you have additional questions or require further support, please don't
hesitate to ask!
Best regards,
Chris N.
Linux Administrator
Rackspace Managed Support // US (800) 961-4454
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
