dns

dns

Look up addresses using DNS V8.12 and above

The dns type is an internal database map available to perform DNS lookups. It is declared like this:

 K  dnslookup  dns -R  lookup-type  

The -R switchwhich specifies the DNS query to performmust always be included. Table 23-11 shows the DNS queries that are supported.

Table 23-11. The dns database-map type -R switch query values

-R Value

Means

A

Return IPv4 address records for the host (RFC1035)

AAAA

Return IPv6 address records for the host (RFC1886)

AFSDB

Return an AFS server resource record (RFC1183)

CNAME

Return the canonical name for the host (RFC1035)

MX

Return a best MX record for the host (RFC1035)

NS

Return a name sever record (RFC1035)

PTR

Return the hostname that corresponds to an IP record (RFC1035)

SRV

Return the port to use for a service (RFC2782)

TXT

Return general ( human-readable ) information (RFC1035)

If an -R value other than those in Table 23-11 is specified, the following two errors are printed and logged. If the -R switch is omitted, only the second error is printed and logged:

  configfile  : line  num  : dns map lookup: wrong type  bad  -R value   configfile  : line  num  : dns map lookup: missing -R type 

To make this dns database-map type more useful, the switches shown in Table 23-12 are also available for your use.

Table 23-12. The dns database-map type K command switches

Switch

Description

-A

-A

Append values for duplicate keys

-a

-a

Append tag on successful match

-d

See this section

The res_search () _res. retry interval (V8.12 and above)

-f

-f

Don't fold keys to lowercase

-m

-m

Suppress replacement on match

-N

-N

Append a null byte to all keys

-O

-O

Never add a null byte

-o

-o

This database map is optional

-q

-q

Don't strip quotes from key

-R

previous paragraphs

Record type to look up

-r

See this section

The res_search () _res.retries limit (V8.12 and above)

-T

-T

Suffix to append on temporary failure

-t

-t

Ignore temporary errors

One possible use for this dns database map might be to do a reverse lookup of a connecting host's address and to defer the message if that address does not resolve. [10] Consider the following mc configuration, for example:

[10] We are digging at straws here for an example. Note that sendmail already does all this for you and puts the result in the ${client_resolve} macro (${client_resolve}).

 LOCAL_CONFIG Krlookup dns -RPTR -a.FOUND -d5s -r2 LOCAL_RULESETS Local_check_relay R $*             $: $&{client_addr} R IPv6: $*       $# OK R $+.$+.$+.$+    $: $(rlookup ....in-addr.arpa. $) R $* . FOUND     $# OK R $*             $#error $@ 4.1.8 $: "450 cannot resolve " $&{client_addr} 

Here, under the LOCAL_CONFIG, we declare a dns -type database called rlookup . The -RPTR specifies that we will be looking up PTR (address) records. The -a.FOUND instructs sendmail to append a literal .FOUND to the value returned by a successful lookup. Finally, the -d5s and -r2 switches prevent the lookup from hanging for too long an interval.

The actual rules are under the LOCAL_RULESETS section of your mc configuration file. We place the rules under the Local_check_relay rule set (Section 7.1.1), which is used to screen incoming network connections and accept or reject them based on the hostname, domain, or IP number. The first rule matches everything and simply copies the value of the ${client_addr} macro into the workspace. That macro contains the connecting host's IP number.

The second rule checks to see if the IP address is an IPv6 address (the IPv6 : prefix), and if so, accepts the address (the $#OK ). If the address is a normal dotted -quad, IPv4-style address (such as 123.45.67.8), the third rule finds it in the workspace. An IPv4 address is looked up in the RHS of the third rule using the rlookup database. The key point here is that an address has to look like a hostname, so we reverse it and add a literal .in-addr.arpa . suffix to it. For example:

 123.45.67.8  would look up as   8.67.45.123.in-addr.arpa. 

The fourth rule detects the result of the lookup. If the workspace ends in a literal .FOUND, the lookup was successful and the rule set returns a $#OK , which means that the message is acceptable.

The last rule handles any lookup failure (including temporary failures). The envelope sender is rejected with a temporary error, thus causing the sending site to retain the message in its queue. If the IP address can be looked up in the future, no harm is done. Otherwise, the message will eventually bounce.

The value returned by the dns -type database map is always a single item. If a host has multiple MX, A, or AAAA records, a successful lookup will return only one such record. In the case of MX records, only a lowest -cost (most preferred) record will be returned.

This dns -type database map can be used only if sendmail was built with the NAMED_BIND and DNSMAP compile-time macros defined (which they are by default).

This dns -type database map is used primarily by the dnsbl (Section 7.2) and enhdnsbl (Section 7.2.2) features. Both of these features use the -RA and -T<TMP> switches. The enhdnsbl feature also uses the -r5 and -a . switches. These switches can be overridden for the dnsbl feature using the DNSBL_MAP_OPT mc configuration macro. For the enhdnsbl feature, only the timeout for -r can be changed using the EDNSBL_TO mc configuration macro.



Sendmail
sendmail, 4th Edition
ISBN: 0596510292
EAN: 2147483647
Year: 2002
Pages: 1174

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net