SUMMARY (so far): DNS out of domain for local mail

From: Claude Marinier (MARINIER@emp.ewd.dreo.dnd.ca)
Date: Sun Jan 30 1994 - 10:36:39 CST


Hi again,

I have done more work on this and received some replies. I have included
an edited snoop output at the end of this message (showing the strange
DNS requests going out of our domain) and other information.

My original question was:

> From: EMP::MARINIER "Claude Marinier" 25-JAN-1994 14:36:53.13
> To: SMTP%"sun-managers@eecs.nwu.edu"
> Subj: DNS trafic out of domain when sending local mail
>
> Hi,
>
> The problem was discovered when we disconnected the multi-port repeater
> from the backbone cable that connects us to the reset of the world. The
> remaining equipment is all in the domain cps.dreo.dnd.ca. The problem is
> seen when sending mail from a PC with PC-NFS 5.0b and Selectmail for
> Windows 1.0 to a user on the server (SunOS 4.1.2 with lots of patches).
> Both the PC and the server are on the same side of the repeater and are in
> the same domain. The mail did not make it and the server was hung.
>
> I have been testing as follows: I start snoop on the (only) server in
> cps.dreo.dnd.ca. I tell it to watch valet.dreo.dnd.ca which is the DNS
> server above us. I walk over to a PC and send a mail message to a user on
> the server. I then stop snoop (which was recording to a file). When I play
> back the file, I discover DNS traffic.
>
> I have tried changing /etc/resolv.conf. I am currently running without one.
> No other programs (that I have tested) display this behaviour. I am running
> sendmail from 100377-08. I have also changed named.boot by commenting out
> the forwarders line and doing kill -HUP `cat named.pid`. Nothing seems to
> help.

I have received the following replies:

> From: sgl@houston.geoquest.slb.com (Steve Letter)
>
> Sun acknowledged to me that the sendmail (for local mail) in patch 100377-08
> (not sendmail.mx) will improperly use DNS if NIS Makefile has B=-b flag
> set. They said that this was unintentional. They do not seem to have
> any plans to fix it, either. The general consensus of this has been that
> if we need the increased security this patch will provide, we should be
> running sendmail.mx.
>
> I've even been led to believe that the patch does not fix the security
> problem. We're installing sendmail v. 8.6.4

What Steve is suggesting in the first paragraph does not apply to me
since I am using sendmail.mx (from 100377-08). But it does very little
to increase my already shaky confidence in sendmail and SMC. Steve's
last paragraph is especially troubling.

> From: sgl@houston.geoquest.slb.com (Steve Letter)
>
> Claude,
>
> This is a simple problem then. There are several work arounds for this.
> My favorite is to include these lines in your /etc/sendmail.cf:
>
> # Explicitly define local domain and host names (Avoid NIS problems)
> Dmewd.dreo.dnd.ca
> Dwemp
>
> If these are not the correct names, change them! This (usually) goes
> under the paragraph that has "General configuration information" for its
> heading.
>
> Remember to kill and restart sendmail.

I then asked him:

> Do you do this before defining the j macro? How do you define the j macro?

To which he replied:

> I do it before.

I have not tried this yet. I have no reason to suspect sendmail.cf in
this. See the additional information at the bottom of this message. The
problem seems to lie deeper that this. I will keep it in mind and may
try it later.

> From: Larry Chin <Larry_Chin@cchtor.cch.com>
>
> Are you mailing to fully qualified domain address, such as
> person@valet.dreo.dnd.ca ? If the name is not fully qualified, perhaps
> you should check to see what sendmail does with unqualified addresses.
> I believe this is the "DR" macro in sendmail.main.cf, at least in the
> sendmail 8.6.4 config file it is.

The DNS trafic coming out of our domain's primary DNS server is very
strange. The mail message was sent from mlowe.cps.dreo.dnd.ca to
c-ps-sun.cps.dreo.dnd.ca. This is all within the same domain from a PC
to the DNS server. It should not have to go outside to resolve
addresses. Even stranger, the address being checked is the sender's.
Note that I have manually wrapped some lines of the snoop output. Could
someone please tell me the meaning of the DNS stuff. It seems to be an
incorrect address. Even stranger still, the DNS servers which c-ps-sun
is interrogating are both designated servers for the domain dnd.ca. If
the request is for mlowe.cps.dreo.dnd.ca.dreo.dnd.ca, I would expect the
query to go to valet.dreo.dnd.ca, the designated server for dreo.dnd.ca.

DLC: ----- DLC Header -----
DLC:
DLC: Frame 31 arrived at 15:13:57.27 ; frame size is 93 (005D hex) bytes.
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Source address = [131.136.35.2], c-ps-sun.cps.dreo.dnd.ca
IP: Destination address = [192.12.98.13], netfs.dnd.ca
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 53
UDP: Destination port = 53 (DNS)
UDP: Length = 59
UDP: No checksum
UDP:
DNS: ----- DNS: -----
DNS:
DNS: "\007\345\0\0\0\1\0\0\0\0\0\0\5mlowe\3cps\4dreo\3dnd\2ca\4dreo
       \3dnd\2ca\0\0\1\0\1"
DNS:
DNS: [Normal end of "DNS: ".]
DNS:
DNS:
DLC: ----- DLC Header -----
DLC:
DLC: Frame 32 arrived at 15:13:57.27 ; frame size is 162 (00A2 hex) bytes.
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Source address = [192.12.98.13], netfs.dnd.ca
IP: Destination address = [131.136.35.2], c-ps-sun.cps.dreo.dnd.ca
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 53
UDP: Destination port = 53 (DNS)
UDP: Length = 128
UDP: No checksum
UDP:
DNS: ----- DNS: -----
DNS:
DNS: "\007\345\204\203\0\1\0\0\0\1\0\0\5mlowe\3cps\4dreo\3dnd\2ca
       \4dreo\3dnd\2ca\0\0\1\0\1\4dreo\3DND"
DNS:
DNS: [Normal end of "DNS: ".]
DNS:
DNS:
DLC: ----- DLC Header -----
DLC:
DLC: Frame 33 arrived at 15:13:57.29 ; frame size is 88 (0058 hex) bytes.
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Source address = [131.136.35.2], c-ps-sun.cps.dreo.dnd.ca
IP: Destination address = [192.12.98.2], ncs.dnd.ca
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 53
UDP: Destination port = 53 (DNS)
UDP: Length = 54
UDP: No checksum
UDP:
DNS: ----- DNS: -----
DNS:
DNS: ""
DNS:
DNS: [Normal end of "DNS: ".]
DNS:
DNS:
DLC: ----- DLC Header -----
DLC:
DLC: Frame 34 arrived at 15:13:57.30 ; frame size is 154 (009A hex) bytes.
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Source address = [192.12.98.2], ncs.dnd.ca
IP: Destination address = [131.136.35.2], c-ps-sun.cps.dreo.dnd.ca
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 53
UDP: Destination port = 53 (DNS)
UDP: Length = 120
UDP: No checksum
UDP:
DNS: ----- DNS: -----
DNS:
DNS: ""
DNS:
DNS: [Normal end of "DNS: ".]
DNS:

Thanks go to:

sgl@houston.geoquest.slb.com (Steve Letter)
Larry Chin <Larry_Chin@cchtor.cch.com>
Ian MacPhedran <Ian_MacPhedran@engr.usask.ca>

I will summarize further if I have more to communicate.

---------------
Claude Marinier
claude.marinier@dreo.dnd.ca



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:55 CDT