On Wed, 5 Aug 1998, Richard Welty wrote:
> but here's another issue: i always run a caching name server on any
> mailhost that sees serious service. since it already implements all the
> caching mechanisms per RFC, perhaps there should be an option:
On Wed, 5 Aug 1998, Kevin P. Fleming wrote:
> I agree. I follow the same policy, that the mailhost always has direct, fast
> access to a caching nameserver, so I'd prefer Exim never directly cache DNS
> lookup results at all.
On Wed, 5 Aug 1998, Paul Phillips wrote:
> More agreement here. It is bad practice for an application to cache
> DNS information unless it is going to adhere to the TTL data as a name
> server would. The failure to do this invariably leads to difficult to
> diagnose problems in periods of DNS transition.
It certainly looks like I did something wrong here! I guess I wasn't
really thinking clearly about caching in resolvers and local
nameservers. Simply removing the caching of the forward lookup is of
course easy, but will change Exim's behaviour slightly because it will
then do reverse lookups on the IP address of incoming mail, instead of
forward lookups on the list of hosts it is trying to match. Obviously I
could re-jig the code to do forward lookups at the time it is doing the
checking, but I am a bit hesitant because there may be a lot of them.
Suppose you have
sender_host_reject = a.b.c : d.e.f : g.h.i : j.k.l : m.n.o : p.q.r
At the moment, it does 6 forward lookups once, when the daemon starts,
then compares IP addresses when a connection happens. Without this
daemon initializion caching it could, at the time of receiving a
connection, either
(i) Do one reverse lookup to obtain the name, and then match on the name, or
(ii) Do 6 forward lookups and match on the address.
In the absence of any change to that portion of the code, it would do
(i), which is what it does in any case for any item that contains wild
cards. It may be that this is all of no major importance because in
practice the items in such lists mostly do contain wild cards.
The problem is that reverse lookups don't always work. Maybe Exim should
try both methods? And while we are on the subject, I have now and again
wondered whether, having done a reverse lookup, Exim should in any case
do a forward lookup for confirmation?
Comments? Suggestions?
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
--
*** Exim information can be found at
http://www.exim.org/ ***
