strange resolver behavour

Ian Smith smithi at nimnet.asn.au
Tue Oct 12 09:25:37 UTC 2010 

On Mon, 11 Oct 2010, Eugene Grosbein wrote:
 > Hi!
 > 
 > FreeBSD 8.1-STABLE:
 > 
 > # host koin-nkz.com.
 > koin-nkz.com has address 62.231.164.101
 > Host koin-nkz.com not found: 3(NXDOMAIN)
 > 
 > This domain does not have MX records but NXDOMAIN seems to wrong return
 > code to me. Think about MTA that does look-up for MX first,
 > obtains NXDOMAIN and rejects mail.

If a domain has no MX server, how's an MTA supposed to do mail with it?

sola% host koin-nkz.com
koin-nkz.com has address 62.231.164.101
Host koin-nkz.com not found: 2(SERVFAIL)

I consistently get SERVFAIL for this one's MX server from here.  Only 
querying its nameserver/s directly gets the proper (negative) answer:

sola% dig +short koin-nkz.com ns
ns.mtw.ru.
ns1.mtw.ru.
sola% dig +short @ns.mtw.ru koin-nkz.com
62.231.164.101
sola% dig +short @ns.mtw.ru koin-nkz.com mx
sola% dig @ns.mtw.ru koin-nkz.com mx

; <<>> DiG 9.3.4-P1 <<>> @ns.mtw.ru koin-nkz.com mx
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12266
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;koin-nkz.com.                  IN      MX

;; AUTHORITY SECTION:
koin-nkz.com.           43200   IN      NS      ns.mtw.ru.
koin-nkz.com.           43200   IN      NS      ns1.mtw.ru.

;; ADDITIONAL SECTION:
ns.mtw.ru.              43200   IN      A       194.135.30.55
ns1.mtw.ru.             43200   IN      A       193.124.133.210

;; Query time: 397 msec
;; SERVER: 194.135.30.55#53(194.135.30.55)
;; WHEN: Tue Oct 12 15:35:10 2010
;; MSG SIZE  rcvd: 103

Further, checking RDNS:

sola% dig +short koin-nkz.com
62.231.164.101
sola% host 62.231.164.101
101.164.231.62.in-addr.arpa domain name pointer 62-231-164-101.rdtc.ru.
sola% host 62-231-164-101.rdtc.ru.
Host 62-231-164-101.rdtc.ru not found: 3(NXDOMAIN)

But RDNS probably really only matters for the MX (when it gets one :)

 > tcpdump shows that after MX look-up failure resolver adds my local
 > domain suffix from /etc/resolv.conf's "search" clause and
 > goes to my local DNS server looking for MX record for
 > 'koin-nkz.com.my.ru.' that does not exists. Hence, NXDOMAIN.
 > 
 > Is it a bug in our resolver?

Well perhaps - but it works right when the proper DNS records exist.

 > I've tested 6.4-STABLE and 7.3-STABLE, same effect.

Yes, same on the last 5-STABLE.

 > I've also tested 4.11-STABLE and it works correctly - no wrong
 > suffix addition, no NXDOMAIN.
 > 
 > Eugene Grosbein

cheers, Ian

More information about the freebsd-net mailing list