Misbehavior Against DNS Queries for IPv6 Addresses?

Joseph T. Klein jtk at titania.net
Fri Jun 10 09:41:23 CEST 2005 

The problem is that if you run sendmail with IPv6 enabled it gets
a DNS error due to DNS problems on the site that you are trying to
send mail to, then sendmail endlessly defers the mail.

This is because sendmail looks for a AAAA record before an A record.
The DNS at the receiving site sends a broken response.

Please - anyone have a fix other than turning off IPv6 on my sendmail,
which, as far as I can tell, is not the source of the problem.

Read RFC 4074 - I think the problem is explained in that RFC.

Note my example ...

; <<>> DiG 9.3.1 <<>> AAAA mhsgate.ci.mil.wi.us
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28136
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mhsgate.ci.mil.wi.us.          IN      AAAA

;; Query time: 70 msec
;; SERVER: 192.133.102.1#53(192.133.102.1)
;; WHEN: Sat Jun  4 05:12:13 2005
;; MSG SIZE  rcvd: 38

Note how the header opcode returns status: SERVFAIL rather than
status: NOERROR. This is the same broken behavior as described
in RFC-4074.


--
Joseph T. Klein

PSTN: +1 414 961 1690 VoIP: +1 414 431 4231 Mobile: +1 414 628 3380

On Jun 9, 2005, at 9:58 PM, Joshua Ronne Altemoos wrote:

> well AAAA are for ipv6 address. I run a prodcution ipv6 tunnel with 
> bgp on my server via occaid and i never had the problem.
>
>
> resluts are below for wolfnix.net A if ipv4 and AAAA is ipv6
>
>
> Josh
>
> root at krypto [~]# dig A wolfnix.net
>
> ; <<>> DiG 9.3.1 <<>> A wolfnix.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24310
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;wolfnix.net.                   IN      A
>
> ;; ANSWER SECTION:
> wolfnix.net.            3600    IN      A       65.23.157.73
>
> ;; AUTHORITY SECTION:
> wolfnix.net.            3600    IN      NS      ns0.wolfnix.net.
> wolfnix.net.            3600    IN      NS      ns1.wolfnix.net.
>
> ;; ADDITIONAL SECTION:
> ns0.wolfnix.net.        3600    IN      A       65.23.157.73
> ns0.wolfnix.net.        3600    IN      AAAA    2001:4830:2380::2
> ns1.wolfnix.net.        3600    IN      A       65.23.157.73
> ns1.wolfnix.net.        3600    IN      AAAA    2001:4830:2380::2
>
> ;; Query time: 2 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jun  9 22:58:16 2005
> ;; MSG SIZE  rcvd: 169
>
> root at krypto [~]# dig AAAA wolfnix.net
>
> ; <<>> DiG 9.3.1 <<>> AAAA wolfnix.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38077
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;wolfnix.net.                   IN      AAAA
>
> ;; ANSWER SECTION:
> wolfnix.net.            3600    IN      AAAA    2001:4830:2380::2
>
> ;; AUTHORITY SECTION:
> wolfnix.net.            3600    IN      NS      ns1.wolfnix.net.
> wolfnix.net.            3600    IN      NS      ns0.wolfnix.net.
>
> ;; ADDITIONAL SECTION:
> ns0.wolfnix.net.        3600    IN      A       65.23.157.73
> ns0.wolfnix.net.        3600    IN      AAAA    2001:4830:2380::2
> ns1.wolfnix.net.        3600    IN      A       65.23.157.73
> ns1.wolfnix.net.        3600    IN      AAAA    2001:4830:2380::2
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jun  9 22:58:21 2005
> ;; MSG SIZE  rcvd: 181
>
> root at krypto [~]#
>

More information about the ipv6-ops mailing list