[Dnsmasq-discuss] Localhost reverse lookups

Luca Landi me@lucalandi.com
Sat, 7 May 2005 13:32:41 +0200


gypsy ha scritto:
> Simon Kelley wrote:
> > 
> > gypsy wrote:
> > > I don't know which to blame, my SMTP server or dnsmasq, but the
> > > following should NEVER happen:
> > >
> > >>May  5 04:50:34 dnsmasq[8766]: query[A] 1.0.0.127.dnsbl.ahbl.org from 
127.0.0.1
> > >>May  5 04:50:34 dnsmasq[8766]: cached 1.0.0.127.dnsbl.ahbl.org is 
<NXDOMAIN>-IPv4
> > >>May  5 04:50:34 dnsmasq[8766]: query[A] 1.0.0.127.combined.njabl.org 
from 127.0.0.1
> > >>May  5 04:50:34 dnsmasq[8766]: forwarded 1.0.0.127.combined.njabl.org 
to 68.65.16.162
> > >>May  5 04:50:36 dnsmasq[8766]: reply 1.0.0.127.combined.njabl.org is 
<NXDOMAIN>-IPv4
> > >
> > >
> > > Can't dnsmasq know that a reverse dns lookup of 127.0.0.0/8 should 
never
> > > be forwarded?!  Isn't localhost localhost, no matter how one asks 
about
> > > it?
> > 
> > Those are _not_ reverse lookups. They are forward lookups with an IP
> > address coded into the domain name. They are checking for known spam
> > domains and almost certainly come from spamassasin or similar spam 
blocker.
> 
> The SMTP server does this.  I know what it is doing and why.  But I
> don't know why dnsmasq thinks it needs to ask some outside source that
> has no clue about localhost to resolve localhost.

I don't see why you keep saying that dnsmasq is trying to forward a query 
for "localhost". The query you pointed out from your logs IS NOT related to 
"localhost" at all, if for "localhost" you mean what the technical 
literature means with that word: the address of the loopback device. Your 
first query says "please give me the address of the host named '1' of the 
subdomain named '0' of the subdomain named '0' of the subdomain named '127' 
of the subdomain named 'dnsbl' of the second level domain named 'ahbl' of 
the top level domain named 'org'". This is what your query is all about and 
it's fully analogous to a query like "please give me the address of the 
host named 'www' of the second level domain named 'iswest' of the top level 
domain named 'com'". The only difference is that the former is a longer 
FQDN because it involves many subdomains; another difference is that it 
also involves numbers as part of the FQDN queried, those numbers happen to 
be the address of the loopback device in reverse order and thus happen to 
resemble a reverse lookup for the loopback address but IT'S NOT, it's just 
a look-alike. A reverse lookup for the loopback address would be a PTR 
query (instead of an A query) for the "1.0.0.127.in-addr.arpa" FQDN.

> > > Can't dnsmasq know that a reverse dns lookup of 127.0.0.0/8 should 
never
> > > be forwarded?!

This statement is also wrong: dnsmasq can't know that because it's not true 
that such a lookup should never be forwarded. Architecturally speaking it's 
completely legitimate for a host to query a DNS server for the "localhost" 
FQDN and everything works perfectly fine if along the chain of servers and 
forwarders queried there is a DNS server configured to reply with an 
"address 127.0.0.1" response. The reason why you normally never see such a 
query is because traditionally every host is configured to resolve that 
FQDN internally through a proper line in /etc/hosts, but if you take that 
line away you'll see your host querying your DNS servers for "localhost" 
and that is perfectly legitimate and it is how the whole DNS system works 
conceptually. Then, if you want dnsmasq not to forward such queries then 
*you* have to configure it explicitly to do so, and this is true for any 
DNS software.

> > > The Bad Thing That Happens is that the SMTP server says:
> > >
> > >>May  5 04:5 /smtp[20083]: 702A76D002C: to=<gypsy@localhost.me.tld>, 
relay=none, delay=29, status=deferred (Name service error for localhost: 
Host not found, try again)
> > >
> > 
> > That's something different (can your machine resolve localhost.me.tld,
> > either as an A record, or preferably and MX record)
> 
> No.  From the top of /etc/hosts (the " quotes are added by me):
> "
> # By the way, Arnt Gulbrandsen <agulbra MUNGE nvg MUNGE unit MUNGE no>
> says that 127.0.0.1
> # should NEVER be named with the name of the machine.  It causes
> problems
> # for some (stupid) programs, irc and reputedly talk. :^)
> 
> 127.0.0.1	localhost
> 
> "
> 
> localhost resolves.

Good. Exactly. That is the line I was mentioning above. With that line you 
can be sure that your host will never send a query for the "localhost" FQDN 
because it will always resolve it on its own, unless on your system you're 
using a buggy resolver library that doesn't read /etc/hosts properly.

> me.tld resolves.

How come? in order for it to resolve you must have some specific 
configuration that teachs either your host or your dnsmasq how to resolve 
that domain (or maybe you have a DNS server configured to reply to queries 
for the "me.tld" domain), just like for any other domain name. Where is 
this configuration?

> Unless you can explain why  
> localhost.me.tld SHOULD resolve, I stand by "forwarding is not correct
> behavior" and I believe my configuration to be correct.  

Who said that it SHOULD resolve? it MAY resolve depending on how 
your /etc/hosts, dnsmasq, DNS servers are configured but the thing is that 
this issue of your mail server is something different from the other issue. 
The two things are unrelated from a DNS stand-point: the resolution of the 
"localhost.me.tld" FQDN has nothing to do with the 
loopback-address-resembling queries that you pointed out from your logs. 
Also, "localhost.me.tld" has *nothing* to do with "localhost", they are two 
completely different FQDNs. I suspect that you wrongly assume that any time 
there is the word "localhost" in any FQDN then 127.0.0.1 should be involved 
no matter. Perhaps you also assume that a domain named "me.tld" should also 
be related to the loopback device: this would be a wrong assumption as 
well, which would have no basis other than your own personal beliefs.

Bye