Re: [exim] DNS problems with sending via multiple smarthosts

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] DNS problems with sending via multiple smarthosts
> On Jul 18, 2019, at 6:32 PM, Jeremy Harris via Exim-users <exim-users@???> wrote:
>
>>       A few anomalies are checked and may result in extra fields enclosed  in
>>       square  brackets:   If a query contains an answer, authority records or
>>       additional records section, ancount, nscount, or arcount are printed as
>>       `[na]', `[nn]' or  `[nau]' where n is the appropriate count.

>>
>> Running tcpdump with -vvv shows that there is an authority record for root.
>> I don't know is this behaviour legal or not, and why this record is present
>> in exim queries. But I propose to try two other methods to resolve name:
>>
>> In my experiments 1st variant results in additional authority record, the
>> 2nd does not (as manual run of telnet). Does 1st variant fail when exim
>> fails to run transport?
>
> Might there be a dnssec-related difference? Would that show in the
> text tcpdump output, or would you need to look carefully with wireshark?


An authority record for the root zone in an outbound query is very much
unexpected, whether DNSSEC is used or not. With DNSSEC, one would expect
an "additional" OPT record, not an authority record. A PCAP file with
the right raw packets (just port 53 without truncation) would be
appropriate at this point.

-- 
    Viktor.