FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 04-11-2008, 07:06 PM
Robert Edmonds
 
Default exim, local resolver, host name lookups and IPv6

Guus Sliepen wrote:
> From the getipnodebyname(3) manpage:
>
> NOTES
> These functions were present in glibc 2.1.91-95, but were removed
> again. Several Unix-like systems support them, but all call them
> deprecated.
>
> The best way is to use getaddrinfo() and getnameinfo().

Whoops; sorry. Those were the functions I was thinking of that
supersede gethostby*().

--
Robert Edmonds
edmonds@debian.org


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-11-2008, 08:17 PM
Gabor Gombas
 
Default exim, local resolver, host name lookups and IPv6

On Fri, Apr 11, 2008 at 04:50:17PM +0200, Mike Hommey wrote:

> Host name can be returned by gethostname(2), for example, and you can
> add the result from getdomainname(2) for an FQDN.

Those syscalls has _nothing_ to do with DNS so they can not be used to
form FQDNs. gethostname() is sadly often misused and that usually causes
trouble on multi-homed machines. getdomainname() returns the NIS domain
that does not neccessarily match _anything_ in DNS.

Gabor

--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-12-2008, 06:13 AM
"Alexander E. Patrakov"
 
Default exim, local resolver, host name lookups and IPv6

Marc Haber wrote:

In some cases, exim still looks up its IP address when a listening
daemon starts up. This is why the Debian installer configures
127.0.1.1 (not 127.0.0.1) for the local hostname on installation,
yielding /etc/hosts files like


127.0.0.1 localhost
127.0.1.1 myfoo.localdomain myfoo


<snip>


This being said, I consider the entire 127.0.1.1 business a horrible
hack which is one of the most ugly things I have ever seen. Do we have
a chance to implement this in a more cleaner way, or is it still the
way to go for the distribution, where we don't know zilch about the
environment where an installed system is going to be used?


I second this request. Just a data point: this 127.0.1.1 setup breaks the "vde2"
package (namely, its slirp-based part) if a local DNS server that listens on
127.0.0.1 only (e.g., pdnsd) is used. Please find some other way to skin exim.


--
Alexander E. Patrakov


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-12-2008, 06:55 AM
Tollef Fog Heen
 
Default exim, local resolver, host name lookups and IPv6

* "Bernhard R. Link"

| I think the main problem is that Debian is by default setting up those
| ipv6 stuff into the interface even when you are in an pure ipv4
| environment. That way exim4 cannot do anything to avoid ipv6 stuff
| and evil things like this can happen.
|
| I don't think that is only limited to additional lookups. I think I've
| also seen a message not being sent on etch, because the target host
| also had a AAAA record. (At least I think that is the reason, after
| disabling ipv6 in exim4.conf it was sent).

I wonder if
http://patches.ubuntu.com/g/glibc/extracted/any/local-ipv6-lookup.diff
will help with that. It disables IPv6 lookups if the
af_hins->ai_family parameter in getaddrinfo is AF_UNSPEC and you don't
have an IPv6 address with scope > link (so if you don't have global or
site IPv6 addresses configured, you won't get IPv6 lookups from most
applications, while if you do, IPv6 works just fine.) The patch had
some unfortunate consequences when people used tunnels, see bug
441857. (Personally, I don't think supporting the use case of «I want
to use IPv6 to connect to localhost but I don't have any IPv6
addresses with scope:site or scope:global» is more interesting than
making IPv6 work for those who actually use it for talking to other
machines on the Internet and not bother those who doesn't use IPv6.)

The original reason for writing that patch is some cheap routers
(typically home DSL routers and the like) drop AAAA and A6 lookups on
the floor completely, leading to terrible DNS performance and leading
people to not loading the ipv6 module, something which is a bit of a
hack (and not very newbie friendly).

https://bugs.edge.launchpad.net/ubuntu/+source/netcfg/+bug/24828 has a
long discssion on some of the ramifications of blindly disabling
IPv6.

--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
 
Old 04-12-2008, 07:44 AM
Steve Langasek
 
Default exim, local resolver, host name lookups and IPv6

On Sat, Apr 12, 2008 at 12:13:36PM +0600, Alexander E. Patrakov wrote:
> Marc Haber wrote:
>> In some cases, exim still looks up its IP address when a listening
>> daemon starts up. This is why the Debian installer configures
>> 127.0.1.1 (not 127.0.0.1) for the local hostname on installation,
>> yielding /etc/hosts files like
>>
>> 127.0.0.1 localhost
>> 127.0.1.1 myfoo.localdomain myfoo

> <snip>

>> This being said, I consider the entire 127.0.1.1 business a horrible
>> hack which is one of the most ugly things I have ever seen. Do we have
>> a chance to implement this in a more cleaner way, or is it still the
>> way to go for the distribution, where we don't know zilch about the
>> environment where an installed system is going to be used?

> I second this request.

Oh yes, by all means, let's flip-flop the /etc/hosts implementation back and
forth because people /second/ it, without ever bothering to understand the
reasons that made this necessary.

> Just a data point: this 127.0.1.1 setup breaks the "vde2" package (namely,
> its slirp-based part) if a local DNS server that listens on 127.0.0.1 only
> (e.g., pdnsd) is used.

Then vde2 has broken assumptions and should be fixed.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-12-2008, 08:10 AM
Marc Haber
 
Default exim, local resolver, host name lookups and IPv6

On Sat, 12 Apr 2008 12:13:36 +0600, "Alexander E. Patrakov"
<patrakov@gmail.com> wrote:
>Marc Haber wrote:
>> This being said, I consider the entire 127.0.1.1 business a horrible
>> hack which is one of the most ugly things I have ever seen. Do we have
>> a chance to implement this in a more cleaner way, or is it still the
>> way to go for the distribution, where we don't know zilch about the
>> environment where an installed system is going to be used?
>
>I second this request.

Which request?

Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
 
Old 04-12-2008, 08:26 AM
Marc Haber
 
Default exim, local resolver, host name lookups and IPv6

On Fri, 11 Apr 2008 16:50:17 +0200, Mike Hommey <mh@glandium.org>
wrote:
>On Fri, Apr 11, 2008 at 04:41:26PM +0200, Marc Haber <mh+debian-devel@zugschlus.de> wrote:
>> Exim has the habit of trying to find out about its host names and IP
>> addresses when it starts up. This has, in the past, been an issue for
>> the Debian packages, since a Debian system might be on a
>> dial-on-demand modem line with expensive costs and thus should not do
>> unnecessary DNS lookup when the MTA is started.
>
>The main question to be able to answer your question correctly is:
>what does it need these information for ?

I don't know. The exim packages have a configuration option
"minimaldns", which hardcodes the output of hostname --fqdn to the
primary_hostname configuration option which takes care of this issue
most of the time, but not always. The cases where it does not help
might be connected with no local domain name being set.

I guess it needs to know its IP addresses and host names to properly
insert itself into Received:-Headers and HELO commands, but I think
that setting primary_hostname should take care of that.

I remember that we added the 127.0.1.1 business to /etc/hosts to
address this issue, so there was a reason for not fixing this in exim
itself.

>IP address could be taken from network interfaces configuration, too.

I guess that Philip refrained from doing so for sake of being
portable.

Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
 
Old 04-12-2008, 08:30 AM
Marc Haber
 
Default exim, local resolver, host name lookups and IPv6

On Fri, 11 Apr 2008 18:09:27 +0200, "Bernhard R. Link"
<brlink@debian.org> wrote:
>* Marc Haber <mh+debian-devel@zugschlus.de> [080411 16:41]:
>> To avoid the extra DNS lookups, the Exim packages have a Debconf
>> option to configure exim for "minimal DNS usage", which hardcodes the
>> hostname into Exim's configuration at package configuration time. This
>> was necessary since - without this option - exim looks up its own host
>> name in the DNS even when a completely local operation is invoked.
>
>I think the main problem is that Debian is by default setting up those
>ipv6 stuff into the interface even when you are in an pure ipv4
>environment. That way exim4 cannot do anything to avoid ipv6 stuff
>and evil things like this can happen.

Another process on the local system might actually use IPv6 on the
local links, so I'd vouch for tweaking the system (or exim) to not
break if IPv6 is enabled but not fully connected.

>I don't think that is only limited to additional lookups. I think I've
>also seen a message not being sent on etch, because the target host
>also had a AAAA record. (At least I think that is the reason, after
>disabling ipv6 in exim4.conf it was sent).

I'd call that a bug, since exim should have a "destination
unreachable" error upon trying to open the IPv6 connection in absence
of a IPv6 default route.

>> I feel that the IPv6 issue is the same that led us to invoke the
>> 127.0.1.1 hack for IPv4, and if the answer to the IPv6 issue is "fix
>> exim", then _how_ should exim be fixed, and why wasn't the answer to
>> the IPv4 version of the issue "fix exim"?
>
>I think it is not an issue of only exim. Many services want to have a
>name and prefer some canonical or fully qualified hostname.

Yes, but why isn't exim satisfied with this being present for IPv4? If
it has a reason for wanting to do this for IPv6 as well, shouldn't we
make sure that the IPv6 lookups work locally as well as the IPv4
lookups do since we added 127.0.1.1 myhostname.localdomain myhostname
some years ago?

>So I fear the solution might not easily be reachable globally. If exim
>can be fixed here depends on why it does does lookups. (As far as I
>remember it does not only lookup the hostname, but also things like
>"localhost", dunno whether this is caused by the term showing up in
>some configuration file or if it is something hardcoded).

The only lookup that is still visible on the network (and only in some
cases that I haven't yet fully nailed down) is an AAAA lookup for the
local host name on exim startup.

Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
 
Old 04-12-2008, 08:41 AM
Marc Haber
 
Default exim, local resolver, host name lookups and IPv6

On Fri, 11 Apr 2008 17:48:19 +0000 (UTC), Robert Edmonds
<edmonds@debian.org> wrote:
>Yes, there is a much better way: do not perform name resolution to
>determine the host's FQDN. It is wrong.

This is what exim does to determine the local host name:
|This variable contains the value set by primary_hostname in the
| configuration file, or read by the uname() function. If uname() returns a
| single-component name, Exim calls gethostbyname() (or getipnodebyname()
| where available) in an attempt to acquire a fully qualified host name. See
| also $smtp_active_hostname.

Is this broken?

But this documentation is kind of incorrect in the first place, since
the AAAA lookup I see is caused by a call to gethostbyname_2_, which
is not mentioned int he docs at all. Thankfully, gethostbyname2 is
used in exim's source code only twice (with one of the occurrences
being inside an if( primary_hostname == NULL ) which doesn't apply if
primary_hostname is set in configuration, which is the case if exim is
configured with the minimaldns option. So, the AAAA lookup must be
triggered by the gethostbyname2 call in host.c line 1969, which I not
yet have fully understood. Can some more experienced C programmer
comment on this part of the code?

> The MTA needs to know the
>"mail name" or FQDN of the system, and it may need to know specific IPv4
>or IPv6 addresses to bind to if it is running an SMTP server, but it
>does not need to know any particular mapping between the two.

Where can I obtain the FQDN of the system instead?

Don't I need the particular mapping between IP addresses and host
names to generate a proper HELO? But I wouldn't expect these lookups
to be made at startup, but only when an outgoing message is sent.

>It looks like there are functions in src/host.c for performing DNS-based
>determination of the system's FQDN. I don't know exactly under which
>circumstances these functions are invoked, but policy 11.6 implies that
>they are superfluous in the presence of the /etc/mailname file.

/etc/mailname is unfortunately unclearly defined in Policy, and IIRC
the policy editors refused to clarify when asked years ago. The exim 4
maintainers have then created http://wiki.debian.org/EtcMailName and
asked all MTA maintainers to comment how they use /etc/mailname, but
only a fraction of them bothered to comment.

Exim 4 only uses /etc/mailname to qualify unqualified recipient
addresses and for some rewriting tricks. This has been the cause of
unspeakable grief in the past so I do prefer to avoid touching this
particular part of the system.

>I don't see how this issue is analogous to the 127.0.1.1 hack. From
>reading the archived discussion[0], the problem is applications which
>use a sequence of legacy gethostname(), gethostbyname(), etc. calls to
>construct an FQDN, and avoiding accidentally using 'localhost' or
>'localhost.localdomain' as the system hostname. If you're using the
>newer getipnode* functions, it's possible that you'll get an AI_V4MAPPED
>address even when asking for an AF_INET6 address.

It looks to me that the getipnode* functions are not available in
current Debian based on glibc 2.7.

>The analogous IPv6 hack, btw, would be something atrocious in /etc/hosts
>like:
>
>::ffff:127.0.1.1 hostname.domainname

I'll try that.

>> Any hints will be appreciated.
>
>IME, nullmailer and postfix seem to get along fine without generating
>spurious DNS traffic, so
>
>#include <flame/default/mta.h>

So please make postfix the default MTA for lenny and have exim
removed. It obviously sucks as badly as its maintainer. I'm _soooo_
sick of that.

Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
 
Old 04-12-2008, 09:32 AM
"Bernhard R. Link"
 
Default exim, local resolver, host name lookups and IPv6

* Marc Haber <mh+debian-devel@zugschlus.de> [080412 10:30]:
> >I think the main problem is that Debian is by default setting up those
> >ipv6 stuff into the interface even when you are in an pure ipv4
> >environment. That way exim4 cannot do anything to avoid ipv6 stuff
> >and evil things like this can happen.
>
> Another process on the local system might actually use IPv6 on the
> local links, so I'd vouch for tweaking the system (or exim) to not
> break if IPv6 is enabled but not fully connected.

Yes, that might even be better. Sadly while getaddrinfo(3) has
AI_ADDRCONFIG, it says "IPv6 addresses are only returned if the local
system has at least one IPv6 address configured". (Dunno if something
like "has a working ipv6 setup" instead would be properly detectable
by libc).

> >I don't think that is only limited to additional lookups. I think I've
> >also seen a message not being sent on etch, because the target host
> >also had a AAAA record. (At least I think that is the reason, after
> >disabling ipv6 in exim4.conf it was sent).
>
> I'd call that a bug, since exim should have a "destination
> unreachable" error upon trying to open the IPv6 connection in absence
> of a IPv6 default route.

I'd consider that a bug, too. What it should do is use the IPv4 address
of the target host instead.

> >So I fear the solution might not easily be reachable globally. If exim
> >can be fixed here depends on why it does does lookups. (As far as I
> >remember it does not only lookup the hostname, but also things like
> >"localhost", dunno whether this is caused by the term showing up in
> >some configuration file or if it is something hardcoded).
>
> The only lookup that is still visible on the network (and only in some
> cases that I haven't yet fully nailed down) is an AAAA lookup for the
> local host name on exim startup.

Yes, "localhost" requests are not visible on the network, as long as there
is a localhost ipv6 address in /etc/hosts. What I cannot recall is how good
Debian is/was in also adding those items on upgrade. Perhaps not having
that line in there was a user error.

Hochachtungsvoll,
Bernhard R. Link


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 12:15 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org