C. Oracle
DNS AAAA 문제
sfeg
2017. 7. 2. 22:29
------------------------------------------------------------------------------------------------
DNS 에서 각각의 레코드값 : AAAA -> IPv6 주소를 위한 리소스레코드(Resource Record)
A -> IPv4 주소를 위한 리소스레코드(Resource Record)
MX ->메일 교환자(exchanger)
MX ->메일 교환자(exchanger)
------------------------------------------------------------------------------------------------
sendmail 버전 8.12 이후부터는 AAAA -> A -> MX 순으로 도메인을 찾습니다.
그런데 DNS가 AAAA를 제대로 지원하지 않을 경우 sendmail이 DNS에 질의를 하는 과정에서 오류가 생깁니다.
확인방법은 dig 도메인 aaaa 했을 때 status에 NOERROR 대신 SERVFAIL이 나오면 DNS에 문제가 있는 것입니다.
-----------------------------------------------------------------------------------------------
현재 etrimedia.org 도메인에 대해 아래와 같이 해보면 (atecinc.co.kr과 비교)
1. A 레코드에 대한 쿼리에서 SERVFAIL
========================================================
nslookup -q=a etrimedia.org
Server: 220.90.215.11
Address: 220.90.215.11#53
** server can't find etrimedia.org: SERVFAIL
Address: 220.90.215.11#53
** server can't find etrimedia.org: SERVFAIL
nslookup -q=a atecinc.co.kr
Server: 220.90.215.11
Address: 220.90.215.11#53
Name: atecinc.co.kr
Address: 220.95.231.185
========================================================
nslookup -q=mx etrimedia.org
Server: 220.90.215.11
Address: 220.90.215.11#53
Non-authoritative answer:
etrimedia.org mail exchanger = 10 m6.dothost.co.kr.
Authoritative answers can be found from:
etrimedia.org nameserver = ns2.dnstool.net.
etrimedia.org nameserver = ns1.dnstool.net.
m6.dothost.co.kr internet address = 61.72.254.206
ns2.dnstool.net internet address = 210.57.230.6
ns1.dnstool.net internet address = 121.254.172.40
Address: 220.90.215.11#53
Non-authoritative answer:
etrimedia.org mail exchanger = 10 m6.dothost.co.kr.
Authoritative answers can be found from:
etrimedia.org nameserver = ns2.dnstool.net.
etrimedia.org nameserver = ns1.dnstool.net.
m6.dothost.co.kr internet address = 61.72.254.206
ns2.dnstool.net internet address = 210.57.230.6
ns1.dnstool.net internet address = 121.254.172.40
nslookup -q=mx atecinc.co.kr
Server: 220.90.215.11
Address: 220.90.215.11#53
atecinc.co.kr mail exchanger = 10 mail.atecinc.co.kr.
Server: 220.90.215.11
Address: 220.90.215.11#53
atecinc.co.kr mail exchanger = 10 mail.atecinc.co.kr.
========================================================
2. AAAA 레코드에 대해 status: SERVFAIL(atecinc.co.kr 과비교)
========================================================
dig etrimedia.org aaaa
; <<>> DiG 9.2.4 <<>> etrimedia.org aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46607
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;etrimedia.org. IN AAAA
;; Query time: 10 msec
;; SERVER: 220.90.215.11#53(220.90.215.11)
;; WHEN: Tue Mar 4 09:26:28 2008
;; MSG SIZE rcvd: 31
; <<>> DiG 9.2.4 <<>> etrimedia.org aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46607
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;etrimedia.org. IN AAAA
;; Query time: 10 msec
;; SERVER: 220.90.215.11#53(220.90.215.11)
;; WHEN: Tue Mar 4 09:26:28 2008
;; MSG SIZE rcvd: 31
dig atecinc.co.kr aaaa
; <<>> DiG 9.2.4 <<>> atecinc.co.kr aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;atecinc.co.kr. IN AAAA
;; AUTHORITY SECTION:
atecinc.co.kr. 86400 IN SOA ns1.jib.to. root.jib.to. 2007121214 21600 1800 1209600 86400
;; Query time: 8 msec
;; SERVER: 220.90.215.11#53(220.90.215.11)
;; WHEN: Tue Mar 4 09:25:43 2008
;; MSG SIZE rcvd: 82
========================================================
; <<>> DiG 9.2.4 <<>> atecinc.co.kr aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;atecinc.co.kr. IN AAAA
;; AUTHORITY SECTION:
atecinc.co.kr. 86400 IN SOA ns1.jib.to. root.jib.to. 2007121214 21600 1800 1209600 86400
;; Query time: 8 msec
;; SERVER: 220.90.215.11#53(220.90.215.11)
;; WHEN: Tue Mar 4 09:25:43 2008
;; MSG SIZE rcvd: 82
========================================================
확인해보면 DNS문제인것이 보여집니다.
해결책은 DNS 부분에서 해결해야 하지만 sendmail 설정에서도 설정이 가능합니다.
서울시립대 메일서버에서 다음과 같이 설정을 하여 처리하였습니다.
/etc/mail/sendmail.mc에
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl 추가하여 설정
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
/etc/init.d/sendmail restart