My problem is that at work, the domain is rendered as `AT.WORK' below,
when I look in DNS from sendmail V8 or using nslookup, some f.q.d.n's
gets incorrectly rewritten into `domain.name.AT.WORK', from the correct
`domain.name'. All this is in the below nslookup-sessions.
The interesting thing is that if I, from gw.AT.WORK, in nslookup set
nosearch (I have no log on this handy right now), then I get correct
results! And sendmail V8 finds the recipients!
Now, do I dare to use `-DNSRCH' in sendmail.mc ? What does it do?
-- Leif Erlingsson, http://www.geocities.com/RodeoDrive/1998, +46 8 604 0995
Use the Internet Address Finder, http://www.iaf.net
When running nslookup on gw.AT.WORK:
gw$ nslookup atel.se
Server: gw.AT.WORK
Address: 0.0.0.0
*** No address (A) records available for atel.se
gw$ nslookup
Default Server: gw.AT.WORK
Address: 0.0.0.0
> set type=MX
> atel.se
Server: gw.AT.WORK
Address: 0.0.0.0
atel.se.AT.WORK preference = 30, mail exchanger = relay2.swip.net
atel.se.AT.WORK preference = 10, mail exchanger = gw.AT.WORK
AT.WORK nameserver = gw.AT.WORK
AT.WORK nameserver = nic.swip.net
relay2.swip.net internet address = 192.71.220.18
gw.AT.WORK internet address = 192.121.255.218
nic.swip.net internet address = 192.71.220.10
>
While from my home computer, I get the following (I am not
(yet) running my own name server):
$ nslookup
Default Server: nic.swip.net
Address: 192.71.220.10
> atel.se
Server: nic.swip.net
Address: 192.71.220.10
*** No address (A) records available for atel.se
> set type=MX
> atel.se
Server: nic.swip.net
Address: 192.71.220.10
atel.se preference = 10, mail exchanger = nic.calypso.net
atel.se preference = 20, mail exchanger = mail.transpac.net
atel.se preference = 5, mail exchanger = umail.calypso.net
se nameserver = nic.lth.se
se nameserver = ns.uu.net
se nameserver = nic.nordu.net
se nameserver = ns.eu.net
se nameserver = dns.cit.cornell.edu
se nameserver = sparky.arl.mil
se nameserver = sunic.sunet.se
nic.calypso.net internet address = 194.52.189.130
mail.transpac.net internet address = 194.52.1.10
umail.calypso.net internet address = 194.52.189.132
nic.lth.se internet address = 130.235.20.3
ns.uu.net internet address = 137.39.1.3
ns.uu.net internet address = 198.6.1.127
ns.uu.net internet address = 206.6.1.1
ns.uu.net internet address = 198.6.1.1
ns.uu.net internet address = 137.191.2.149
ns.uu.net internet address = 0.8.0.69
ns.uu.net internet address = 206.6.1.127
nic.nordu.net internet address = 192.36.148.17
ns.eu.net internet address = 192.16.202.11
>
And then I typed, still on my home computer, and in the same
nslookup-session:
> server gw.AT.WORK
Default Server: gw.AT.WORK
Address: nnn.nnn.nnn.nnn
> atel.se
Server: gw.AT.WORK
Address: nnn.nnn.nnn.nnn
Non-authoritative answer:
atel.se preference = 20, mail exchanger = mail.transpac.net
atel.se preference = 5, mail exchanger = umail.calypso.net
atel.se preference = 10, mail exchanger = nic.calypso.net
Authoritative answers can be found from:
se nameserver = ns.uu.net
se nameserver = nic.nordu.net
se nameserver = ns.eu.net
se nameserver = dns.cit.cornell.edu
se nameserver = sparky.arl.mil
se nameserver = sunic.sunet.se
se nameserver = nic.lth.se
se nameserver = I.ROOT-SERVERS.net
mail.transpac.net internet address = 194.52.1.10
umail.calypso.net internet address = 194.52.189.132
nic.calypso.net internet address = 194.52.189.130
ns.uu.net internet address = 137.39.1.3
ns.uu.net internet address = 198.6.1.127
ns.uu.net internet address = 206.6.1.1
ns.uu.net internet address = 198.6.1.1
ns.uu.net internet address = 137.191.2.149
ns.uu.net internet address = 0.8.0.69
ns.uu.net internet address = 206.6.1.127
nic.nordu.net internet address = 192.36.148.17
>
-- Leif Erlingsson, http://www.geocities.com/RodeoDrive/1998, +46 8 604 0995
Use the Internet Address Finder, http://www.iaf.net
»My problem is that at work, the domain is rendered as `AT.WORK' below,
»when I look in DNS from sendmail V8 or using nslookup, some f.q.d.n's
»gets incorrectly rewritten into `domain.name.AT.WORK', from the correct
»`domain.name'. All this is in the below nslookup-sessions.
»The interesting thing is that if I, from gw.AT.WORK, in nslookup set
»nosearch (I have no log on this handy right now), then I get correct
»results! And sendmail V8 finds the recipients!
»Now, do I dare to use `-DNSRCH' in sendmail.mc ? What does it do?
Look from Sendmail Installation and Operation Guide for
your version of sendmail.
Sendmail Installation and Operation Guide for _sendmail 8.7_ gives following:
| The ResolverOptions (I) option allows you to
| tweak name server options. The command line takes a
| series of flags as documented in resolver(3) (with the
| leading "RES_" deleted). Each can be preceded by an
| optional `+' or `-'. For example, the line
|
| O ResolverOptions=+AAONLY -DNSRCH
|
| turns on the AAONLY (accept authoritative answers
| only) and turns off the DNSRCH (search the domain
| path) options. Most resolver libraries default
| DNSRCH, DEFNAMES, and RECURSE flags on and all others
| off. You can also include "HasWildcardMX" to specify
| that there is a wildcard MX record matching your
| domain; this turns off MX matching when canonifying
| names, which can lead to inappropriate canonifica
| tions.
|
| Version level 1 configurations turn DNSRCH and
| DEFNAMES off when doing delivery lookups, but leave
| them on everywhere else. Version 8 of sendmail
| ignores them when doing canonification lookups (that
| is, when using $[ ... $]), and always does the search.
| If you don't want to do automatic name extension,
| don't call $[ ... $].
|
| The search rules for $[ ... $] are somewhat dif
| ferent than usual. If the name being looked up has at
| least one dot, it always tries the unmodified name
| first. If that fails, it tries the reduced search
| path, and lastly tries the unmodified name (but only
| for names without a dot, since names with a dot have
| already been tried). This allows names such as
| ``utc.CS'' to match the site in Czechoslovakia rather
| than the site in your local Computer Science depart
| ment. It also prefers A and CNAME records over MX
| records -- that is, if it finds an MX record it makes
| note of it, but keeps looking. This way, if you have
| a wildcard MX record matching your domain, it will not
| assume that all names match.
|
| To completely turn off all name server access on
| systems without service switch support (such as SunOS)
| you will have to recompile with -DNAMED_BIND=0 and
| remove -lresolv from the list of libraries to be
| searched when linking.