Re: [exim] DNS problems with sending via multiple smarthosts

Top Page
Delete this message
Reply to this message
Author: David Purton
Date:  
To: exim-users
Subject: Re: [exim] DNS problems with sending via multiple smarthosts
On Wed, Jul 17, 2019 at 11:12:16AM +0300, Evgeniy Berdnikov via Exim-users wrote:
> On Wed, Jul 17, 2019 at 02:31:59PM +0930, David Purton via Exim-users wrote:
> > On Tue, Jul 16, 2019 at 02:43:12PM +0100, Jeremy Harris via Exim-users wrote:
> ...
> > > ( and grab stderr to a file; it'll be long.
> > > "exim -d+all -qf 2>&1 | tee log" )
> >
> > Thanks. The relevant part of the resulting log is for a similar message
> > and the same network is:
> ...
> >     13:34:13  2071 set transport remote_smtp_smarthost
> >     13:34:13  2071 finding IP address for smtp.gmail.com:587
> >     13:34:13  2071 host=smtp.gmail.com port=587
> >     13:34:13  2071 calling host_find_byname
> >     13:34:13  2071 Coerced resolver DNSSEC support on.
> >     13:34:24  2071 gethostbyname2(af=inet6) returned 1 (HOST_NOT_FOUND)
> >     13:34:35  2071 gethostbyname2(af=inet) returned 1 (HOST_NOT_FOUND)
> >     13:34:35  2071 no IP address found for host smtp.gmail.com

>
> I propose to install tcpdump and run it in parallel with "exim -qf":
>
>    tcpdump -nlUv -s0 -i any port domain

>
> Then look what happens on network level while exim tries to resolve
> "smtp.gmail.com". I suspect that there are some local resolver suffixes
> (from WiFi provider) in /etc/resolv.conf, and they lead to attempts
> to resolve non-existent domains like "smtp.gmail.com.local.tld".
> Suffixes are tried first by resolver (before attempts to resolve name
> as it is), so they may lead to NXdomain errors.


OK. Here's the tcpdump output when I run exim -qf:


    13:43:25.572114 IP (tos 0x0, ttl 64, id 4689, offset 0, flags [DF], proto UDP (17), length 71)
        172.20.128.146.35212 > 8.8.8.8.53: 62572+ [1au] AAAA? smtp.gmail.com. (43)
    13:43:25.574759 IP (tos 0x0, ttl 64, id 4689, offset 0, flags [DF], proto UDP (17), length 71)
        8.8.8.8.53 > 172.20.128.146.35212: 62572 NXDomain* 0/0/1 (43)
    13:43:25.574991 IP (tos 0x0, ttl 64, id 4690, offset 0, flags [DF], proto UDP (17), length 71)
        172.20.128.146.33506 > 8.8.8.8.53: 6401+ [1au] A? smtp.gmail.com. (43)
    13:43:25.576134 IP (tos 0x0, ttl 64, id 4690, offset 0, flags [DF], proto UDP (17), length 71)
        8.8.8.8.53 > 172.20.128.146.33506: 6401 NXDomain* 0/0/1 (43)



For comparison, here is the output when I run host smtp.gmail.com:


    13:44:32.859293 IP (tos 0x0, ttl 64, id 12100, offset 0, flags [none], proto UDP (17), length 60)
        172.20.128.146.52650 > 8.8.8.8.53: 55394+ A? smtp.gmail.com. (32)
    13:44:32.894745 IP (tos 0x0, ttl 117, id 62430, offset 0, flags [none], proto UDP (17), length 114)
        8.8.8.8.53 > 172.20.128.146.52650: 55394 2/0/0 smtp.gmail.com. CNAME gmail-smtp-msa.l.google.com., gmail-smtp-msa.l.google.com. A 74.125.68.109 (86)
    13:44:32.894989 IP (tos 0x0, ttl 117, id 166, offset 0, flags [none], proto UDP (17), length 114)
        8.8.8.8.53 > 172.20.128.146.52650: 55394 2/0/0 smtp.gmail.com. CNAME gmail-smtp-msa.l.google.com., gmail-smtp-msa.l.google.com. A 74.125.68.109 (86)
    13:44:32.895675 IP (tos 0x0, ttl 64, id 12106, offset 0, flags [none], proto UDP (17), length 73)
        172.20.128.146.55693 > 8.8.8.8.53: 20150+ AAAA? gmail-smtp-msa.l.google.com. (45)
    13:44:32.922834 IP (tos 0x0, ttl 116, id 49620, offset 0, flags [none], proto UDP (17), length 101)
        8.8.8.8.53 > 172.20.128.146.55693: 20150 1/0/0 gmail-smtp-msa.l.google.com. AAAA 2404:6800:4003:c02::6d (73)
    13:44:32.922838 IP (tos 0x0, ttl 116, id 62589, offset 0, flags [none], proto UDP (17), length 101)
        8.8.8.8.53 > 172.20.128.146.55693: 20150 1/0/0 gmail-smtp-msa.l.google.com. AAAA 2404:6800:4003:c02::6d (73)
    13:44:32.923508 IP (tos 0x0, ttl 64, id 12108, offset 0, flags [none], proto UDP (17), length 73)
        172.20.128.146.48591 > 8.8.8.8.53: 17686+ MX? gmail-smtp-msa.l.google.com. (45)
    13:44:33.041938 IP (tos 0x0, ttl 119, id 15398, offset 0, flags [none], proto UDP (17), length 123)
        8.8.8.8.53 > 172.20.128.146.48591: 17686 0/1/0 (95)
    13:44:33.088803 IP (tos 0x0, ttl 119, id 34507, offset 0, flags [none], proto UDP (17), length 123)
        8.8.8.8.53 > 172.20.128.146.48591: 17686 0/1/0 (95)



I don't really have enough networking knowledge to know what is
happening here. I don't understand why on this particular network exim
gets back NXDomain, but the host command gets back the CNAME and
corresponding A (or AAAA) record.


David


--
David Purton
e: dcpurton@???
m: 0413 626 862