On Wed, Jul 17, 2019 at 11:12:16AM +0300, Evgeniy Berdnikov via Exim-users wrote:
> On Wed, Jul 17, 2019 at 02:31:59PM +0930, David Purton via Exim-users wrote:
> > On Tue, Jul 16, 2019 at 02:43:12PM +0100, Jeremy Harris via Exim-users wrote:
> ...
> > > ( and grab stderr to a file; it'll be long.
> > > "exim -d+all -qf 2>&1 | tee log" )
> >
> > Thanks. The relevant part of the resulting log is for a similar message
> > and the same network is:
> ...
> > 13:34:13 2071 set transport remote_smtp_smarthost
> > 13:34:13 2071 finding IP address for smtp.gmail.com:587
> > 13:34:13 2071 host=smtp.gmail.com port=587
> > 13:34:13 2071 calling host_find_byname
> > 13:34:13 2071 Coerced resolver DNSSEC support on.
> > 13:34:24 2071 gethostbyname2(af=inet6) returned 1 (HOST_NOT_FOUND)
> > 13:34:35 2071 gethostbyname2(af=inet) returned 1 (HOST_NOT_FOUND)
> > 13:34:35 2071 no IP address found for host smtp.gmail.com
>
> I propose to install tcpdump and run it in parallel with "exim -qf":
>
> tcpdump -nlUv -s0 -i any port domain
>
> Then look what happens on network level while exim tries to resolve
> "smtp.gmail.com". I suspect that there are some local resolver suffixes
> (from WiFi provider) in /etc/resolv.conf, and they lead to attempts
> to resolve non-existent domains like "smtp.gmail.com.local.tld".
> Suffixes are tried first by resolver (before attempts to resolve name
> as it is), so they may lead to NXdomain errors.
OK. Here's the tcpdump output when I run exim -qf:
13:43:25.572114 IP (tos 0x0, ttl 64, id 4689, offset 0, flags [DF], proto UDP (17), length 71)
172.20.128.146.35212 > 8.8.8.8.53: 62572+ [1au] AAAA? smtp.gmail.com. (43)
13:43:25.574759 IP (tos 0x0, ttl 64, id 4689, offset 0, flags [DF], proto UDP (17), length 71)
8.8.8.8.53 > 172.20.128.146.35212: 62572 NXDomain* 0/0/1 (43)
13:43:25.574991 IP (tos 0x0, ttl 64, id 4690, offset 0, flags [DF], proto UDP (17), length 71)
172.20.128.146.33506 > 8.8.8.8.53: 6401+ [1au] A? smtp.gmail.com. (43)
13:43:25.576134 IP (tos 0x0, ttl 64, id 4690, offset 0, flags [DF], proto UDP (17), length 71)
8.8.8.8.53 > 172.20.128.146.33506: 6401 NXDomain* 0/0/1 (43)
For comparison, here is the output when I run host smtp.gmail.com:
13:44:32.859293 IP (tos 0x0, ttl 64, id 12100, offset 0, flags [none], proto UDP (17), length 60)
172.20.128.146.52650 > 8.8.8.8.53: 55394+ A? smtp.gmail.com. (32)
13:44:32.894745 IP (tos 0x0, ttl 117, id 62430, offset 0, flags [none], proto UDP (17), length 114)
8.8.8.8.53 > 172.20.128.146.52650: 55394 2/0/0 smtp.gmail.com. CNAME gmail-smtp-msa.l.google.com., gmail-smtp-msa.l.google.com. A 74.125.68.109 (86)
13:44:32.894989 IP (tos 0x0, ttl 117, id 166, offset 0, flags [none], proto UDP (17), length 114)
8.8.8.8.53 > 172.20.128.146.52650: 55394 2/0/0 smtp.gmail.com. CNAME gmail-smtp-msa.l.google.com., gmail-smtp-msa.l.google.com. A 74.125.68.109 (86)
13:44:32.895675 IP (tos 0x0, ttl 64, id 12106, offset 0, flags [none], proto UDP (17), length 73)
172.20.128.146.55693 > 8.8.8.8.53: 20150+ AAAA? gmail-smtp-msa.l.google.com. (45)
13:44:32.922834 IP (tos 0x0, ttl 116, id 49620, offset 0, flags [none], proto UDP (17), length 101)
8.8.8.8.53 > 172.20.128.146.55693: 20150 1/0/0 gmail-smtp-msa.l.google.com. AAAA 2404:6800:4003:c02::6d (73)
13:44:32.922838 IP (tos 0x0, ttl 116, id 62589, offset 0, flags [none], proto UDP (17), length 101)
8.8.8.8.53 > 172.20.128.146.55693: 20150 1/0/0 gmail-smtp-msa.l.google.com. AAAA 2404:6800:4003:c02::6d (73)
13:44:32.923508 IP (tos 0x0, ttl 64, id 12108, offset 0, flags [none], proto UDP (17), length 73)
172.20.128.146.48591 > 8.8.8.8.53: 17686+ MX? gmail-smtp-msa.l.google.com. (45)
13:44:33.041938 IP (tos 0x0, ttl 119, id 15398, offset 0, flags [none], proto UDP (17), length 123)
8.8.8.8.53 > 172.20.128.146.48591: 17686 0/1/0 (95)
13:44:33.088803 IP (tos 0x0, ttl 119, id 34507, offset 0, flags [none], proto UDP (17), length 123)
8.8.8.8.53 > 172.20.128.146.48591: 17686 0/1/0 (95)
I don't really have enough networking knowledge to know what is
happening here. I don't understand why on this particular network exim
gets back NXDomain, but the host command gets back the CNAME and
corresponding A (or AAAA) record.
David
--
David Purton
e: dcpurton@???
m: 0413 626 862