On Mon, 5 Dec 2005 14:27:43 +0000 (GMT), Philip Hazel
<ph10@???> wrote:
>I think we are stuck until there is more evidence.
This is actually an issue with how exim handles DNS answers. Just
imagine that the A record for a target host name expires in the
resolver's cache some time earlier than the AAAA record. When exim now
queries for the MX record, the resolver returns the data which it
still has cached, which is the AAAA record, in the additional section.
Exim will believe the information from the additional section, and try
delivering there.
Here is a script which can be used to reproduce the issue. I believe
this is independent of whether the host actually has ipv6
connectivity. The script should be run only once at a time against the
same resolving DNS server. The domain brokenv6.zugschlus.de and the
host name mailgate.brokenv6.zugschlus.de have been especially
configured for this demonstration with a TTL of 120 seconds, and
nobody@??? is available for tests - messages to that
address are accepted and blackholed.
#!/bin/bash
withecho() {
echo $@
$@
}
echo have the prepared DNS entries expire from the cache TTL 120
withecho sleep 180
echo pull A record into cache
withecho dig mailgate.brokenv6.zugschlus.de A > /dev/null
echo have records expiration time deviate
withecho sleep 60
echo output 1, should show A and AAAA in ADDITIONAL SECTION
withecho dig brokenv6.zugschlus.de MX
echo exim will deliver message to v4 and v6
withecho exim -bt nobody@???
echo have A record expire
withecho sleep 65
echo output 2, should show only AAAA record in ADDITIONAL SECTION
withecho dig brokenv6.zugschlus.de MX
echo exim will now only try delivery to v6
withecho exim -bt nobody@???
Here is the script output, edited to the relevant parts:
|[19/516]mh@ivanova:~/enyo$ ./reproduce
|have the prepared DNS entries expire from the cache TTL 120
|sleep 180
|pull A record into cache
|have records expiration time deviate
|sleep 60
|output 1, should show A and AAAA in ADDITIONAL SECTION
|dig brokenv6.zugschlus.de MX
|
|; <<>> DiG 9.3.1 <<>> brokenv6.zugschlus.de MX
|;; global options: printcmd
|;; Got answer:
|;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46049
|;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 4
|
|;; ANSWER SECTION:
|brokenv6.zugschlus.de. 120 IN MX 10 mailgate.brokenv6.zugschlus.de.
|
|;; ADDITIONAL SECTION:
|mailgate.brokenv6.zugschlus.de. 59 IN A 217.151.83.1
|mailgate.brokenv6.zugschlus.de. 120 IN AAAA 2001:14b0:202:f::1:19
|
|exim will deliver message to v4 and v6
|exim -bt nobody@???
|R: dnslookup for nobody@???
|nobody@???
| router = dnslookup, transport = remote_smtp
| host mailgate.brokenv6.zugschlus.de [2001:14b0:202:f::1:19] MX=10
| host mailgate.brokenv6.zugschlus.de [217.151.83.1] MX=10
|have A record expire
|sleep 65
|output 2, should show only AAAA record in ADDITIONAL SECTION
|dig brokenv6.zugschlus.de MX
|
|; <<>> DiG 9.3.1 <<>> brokenv6.zugschlus.de MX
|;; global options: printcmd
|;; Got answer:
|;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64098
|;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 3
|
|;; ANSWER SECTION:
|brokenv6.zugschlus.de. 55 IN MX 10 mailgate.brokenv6.zugschlus.de.
|
|;; ADDITIONAL SECTION:
|mailgate.brokenv6.zugschlus.de. 55 IN AAAA 2001:14b0:202:f::1:19
|
|;; Query time: 1 msec
|;; SERVER: 81.169.148.34#53(81.169.148.34)
|;; WHEN: Sat Dec 17 15:20:17 2005
|;; MSG SIZE rcvd: 238
|
|exim will now only try delivery to v6
|exim -bt nobody@???
|R: dnslookup for nobody@???
|nobody@???
| router = dnslookup, transport = remote_smtp
| host mailgate.brokenv6.zugschlus.de [2001:14b0:202:f::1:19] MX=10
|[20/516]mh@ivanova:~/enyo$
If the v6 host is never reachable, as it is for a host that doesn't
have ipv6 connectivity, this leads to messages being flagged as
undeliverable.
Thanks to Florian for discussion on IRC which led to this explanation
of things happening.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
