I have run across a very strange DNS loop in a recipient callout
verification. I've looked through archives and done as much debugging as
I could without much luck. Basically, what is happening is, I have a
series of transports that are used to send messages to specific hosts on
specific ports. An example of one of these would be:
port_redir_smtp2525:
driver = smtp
hosts = $acl_m6
port = 2525
headers_remove = X-Scanner
interface = 63.208.196.165
connect_timeout = 2m
command_timeout = 2m
data_timeout = 2m
final_timeout = 5m
Where $acl_m6 contains a hostname. In my test case, that hostname is
"test.krellis.org". I have callout verification turned on in my recipient
ACL thusly:
require message = User unknown
verify = recipient/callout=5s,defer_ok/no_details
When test.krellis.org resolves to a single IP address, this works fine.
However, when test.krellis.org resolves to multiple IP addresses, I
encounter a never-ending DNS query loop. A -d+all session shows:
16:55:34 54758 ---0 Get 0x81ce888 32 dns.c 810
16:55:34 54758 ---0 Get 0x81ce8a8 32 dns.c 810
16:55:34 54758 ---0 Get 0x81ce8c8 40 host.c 2046
16:55:34 54758 fully qualified name = test.krellis.org
16:55:34 54758 test.krellis.org 1.2.3.9 mx=-1 sort=-62
16:55:34 54758 test.krellis.org 1.2.3.4 mx=-1 sort=-40
16:55:34 54758 DNS lookup of test.krellis.org (A) succeeded
16:55:34 54758 ---0 Get 0x81ce8f0 32 dns.c 810
16:55:34 54758 ---0 Get 0x81ce910 32 dns.c 810
16:55:34 54758 ---0 Get 0x81ce930 40 host.c 2046
16:55:34 54758 fully qualified name = test.krellis.org
16:55:34 54758 test.krellis.org 1.2.3.9 mx=-1 sort=-472
16:55:34 54758 test.krellis.org 1.2.3.4 mx=-1 sort=-302
16:55:34 54758 DNS lookup of test.krellis.org (A) succeeded
16:55:34 54758 ---0 Get 0x81ce958 32 dns.c 810
16:55:34 54758 ---0 Get 0x81ce978 32 dns.c 810
16:55:34 54758 ---0 Get 0x81ce998 40 host.c 2046
16:55:34 54758 fully qualified name = test.krellis.org
16:55:34 54758 test.krellis.org 1.2.3.4 mx=-1 sort=-67
16:55:34 54758 test.krellis.org 1.2.3.9 mx=-1 sort=-44
16:55:34 54758 DNS lookup of test.krellis.org (A) succeeded
Over and over again. I have a full session available with
test.krellis.org resolving to both a single A record and multiple A
records. I can send that as necessary for debugging.
Actual deliveries with the round-robin in place succeed past the DNS
lookup with no problem, so something seems to be going wonky in the
callout code when there are multiple IP addresses returned by DNS.
I can provide more information, full configurations, and session
transcripts to anyone who needs them to help debug this. I didn't have
much luck stepping through blindly with a debugger trying to find
something obvious wrong, but I'm not at all familiar with the Exim sources
at this point, so my chances weren't so hot.
Any help anyone can provide with this would be greatly appreciated. I
apologize if this would have been better suited to -users, I wasn't
entirely clear from the site & docs what would be best for trying to hunt
down a bug of this nature.
Tim Wilde
--
Tim Wilde
twilde@???
Systems Administrator
Dynamic Network Services, Inc.
http://www.dyndns.org/
