Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

postfix DNS lookups and /etc/resolv.conf

1,363 views
Skip to first unread message

Gábor Lénárt

unread,
Apr 28, 2011, 4:58:16 AM4/28/11
to
Hi All,

I've just noticed that some domains have MX records like this:

example.com. IN MX 10 mail.

The problem: I have "search ourowndomain.tld" in /etc/resolv.conf. This
causes that postfix tries to look up mail.ourowndomain.tld as well when
someone tries to send email to domain example.com (of course example.com is
only an example here). It will work, since we have that entry in our zone
file "ourowndomain.tld" on the authoritative name server. My question: can
I tell postfix, not to do this lookup at all?

Unfortunately, it's not an option to remove that line from resolv.conf,
since other scripts,etc on the server are depends on this behaviour.

Also, we have transport maps using names which are not real ones, but
written in /etc/hosts. So it's not an option to disable (if it's possible at
all) postfix's idea to use resolver functionality using "local resources" (I
mean resolv.conf, hosts files in /etc).

Current solution was to remove that "search" line from
/var/spool/postfix/etc/resolv.conf (and not from /etc/resolf.conf), but I
feel that it's a bit ugly solution. I am wondering if there is better
solution you would suggest.

Thanks a lot in advance,

- Gábor

Reindl Harald

unread,
Apr 28, 2011, 5:26:03 AM4/28/11
to

Am 28.04.2011 10:58, schrieb Gábor Lénárt:
> Hi All,
>
> I've just noticed that some domains have MX records like this:
>
> example.com. IN MX 10 mail.
>
> The problem: I have "search ourowndomain.tld" in /etc/resolv.conf. This
> causes that postfix tries to look up mail.ourowndomain.tld as well when
> someone tries to send email to domain example.com (of course example.com is
> only an example here). It will work, since we have that entry in our zone
> file "ourowndomain.tld" on the authoritative name server. My question: can
> I tell postfix, not to do this lookup at all?

i would say such MX is invalid and should be ignored

the dot at the end normally defines a full-qualified name
which is not true in the example and AFAIK MX-Records
normally will not be expanded from a client

means:
"host2 CNAME host1"

* "dig CNAME host2" gives no answer, even with dns-suffix
* "dig CNAME host2.domain.tld" is completed by the nameserver

signature.asc

Gábor Lénárt

unread,
Apr 28, 2011, 7:30:25 AM4/28/11
to
On Thu, Apr 28, 2011 at 11:26:03AM +0200, Reindl Harald wrote:
>
> Am 28.04.2011 10:58, schrieb Gábor Lénárt:
> > Hi All,
> >
> > I've just noticed that some domains have MX records like this:
> >
> > example.com. IN MX 10 mail.
> >
> > The problem: I have "search ourowndomain.tld" in /etc/resolv.conf. This
> > causes that postfix tries to look up mail.ourowndomain.tld as well when
> > someone tries to send email to domain example.com (of course example.com is
> > only an example here). It will work, since we have that entry in our zone
> > file "ourowndomain.tld" on the authoritative name server. My question: can
> > I tell postfix, not to do this lookup at all?
>
> i would say such MX is invalid and should be ignored

Yes, but I have the experience that it isn't ignored it seems ... Just I
noticed that some mails are reported of looping and I discovered that the
target's MX record specifies "mail." and it's interpreted as
mail.owndomain.tld then by postfix and it's sent there then ...

Wietse Venema

unread,
Apr 28, 2011, 10:25:25 AM4/28/11
to
Gábor Lénárt:

> On Thu, Apr 28, 2011 at 11:26:03AM +0200, Reindl Harald wrote:
> >
> > Am 28.04.2011 10:58, schrieb G?bor L?n?rt:
> > > Hi All,
> > >
> > > I've just noticed that some domains have MX records like this:
> > >
> > > example.com. IN MX 10 mail.
> > >
> > > The problem: I have "search ourowndomain.tld" in /etc/resolv.conf. This
> > > causes that postfix tries to look up mail.ourowndomain.tld as well when
> > > someone tries to send email to domain example.com (of course example.com is
> > > only an example here). It will work, since we have that entry in our zone
> > > file "ourowndomain.tld" on the authoritative name server. My question: can
> > > I tell postfix, not to do this lookup at all?
> >
> > i would say such MX is invalid and should be ignored
>
> Yes, but I have the experience that it isn't ignored it seems ... Just I
> noticed that some mails are reported of looping and I discovered that the
> target's MX record specifies "mail." and it's interpreted as
> mail.owndomain.tld then by postfix and it's sent there then ...

Postfix 2.8 and later don't fall into this trap, at least not by default.

Wietse

smtp_dns_resolver_options (default: empty)
DNS Resolver options for the Postfix SMTP client. Specify zero or more
of the following options, separated by comma or whitespace. Option
names are case-sensitive. Some options refer to domain names that are
specified in the file /etc/resolv.conf or equivalent.

res_defnames
Append the current domain name to single-component names (those
that do not contain a "." character). This can produce incorrect
results, and is the hard-coded behavior prior to Postfix 2.8.

res_dnsrch
Search for host names in the current domain and in parent
domains. This can produce incorrect results and is therefore not
recommended.

This feature is available in Postfix 2.8 and later.

0 new messages