Dean Brooks wrote:
> On Tue, May 05, 2009 at 07:55:39PM +0100, Mike Cardwell wrote:
>> Does anyone other than Bill have an opinion? I still contend that there
>> is no disadvantage to doing it. Unless you're actually mad enough to
>> think that adding 4KB of useful code, is equivalent to, "bloat".
>
> Every single one of my Exim configurations uses dnsdb because I need
> to do tests for the presence of PTR records, which is impossible
> without dnsdb. The regular reverse DNS lookups also do forward
> lookups, which are fine, but in some circumstances you need to test
> just for he
>
> I can understand mysql/postgres/sqllite being optional, given that any
> particular user will generally only use one (or fewer) of them. Just
> never made much sense why dnsdb was left optional, unless there was an
> issue of platform portability for some reason.
>
>> Before I remembered that most Exim installations don't have dnsdb
>> available to them.
>>
>> That's happened to me several times in the past. I've been asked how to
>> do something, and responded with a dnsdb solution only to realise that
>> dnsdb isn't compiled in.
>
> Yeah, that is frustrating. I've run into that a few times too, again
> usually with regards to testing for PTR records.
>
> --
> Dean Brooks
> dean@???
>
There may well be cute and clever things that only DNSDB enables.
But DNSDB is *not* needed to test for a PTR RR.
=====
2009-05-05 20:16:52 [47894] H=[190.65.70.102]:17941
I=[203.194.153.81]:25 rejected connection in "connect" ACL: C3 rDNS
Fail: host lookup failed (failed to find host name from IP address)
=====
Confimed with manual equivalent tests:
===
conducive# host 190.65.70.102
Host 102.70.65.190.in-addr.arpa. not found: 3(NXDOMAIN)
===
conducive# dig PTR 190.65.70.102
; <<>> DiG 9.4.2-P2 <<>> PTR 190.65.70.102
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56771
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;190.65.70.102. IN PTR
;; AUTHORITY SECTION:
. 10717 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2009050501 1800 900 604800 86400
;; Query time: 3 msec
;; SERVER: 61.10.1.146#53(61.10.1.146)
;; WHEN: Tue May 5 20:35:13 2009
;; MSG SIZE rcvd: 106
=====
What is in the #CONNECT_C3 acl?
!verify = reverse_host_lookup
Keeping in mind that at 'connect' all one has on which to base a
'reverse_host_lookup' ... is an IP....
And the only record 'of interest' that can be found with a 'bare' IP..
... is a PTR RR.... Or NOT.
QED
Whether it is 'proper' or 'generic' is for another phase.
Bill
