Bug 1723950
| Summary: | postfix sends different DNS queries for non FQDN relayhost in comparison to RHEL-7 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Jaroslav Škarvada <jskarvad> | ||||
| Component: | postfix | Assignee: | Jaroslav Škarvada <jskarvad> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Patrik Moško <pmosko> | ||||
| Severity: | unspecified | Docs Contact: | Katerina Nemcova <knemcova> | ||||
| Priority: | high | ||||||
| Version: | 8.0 | CC: | fkrska, knemcova, mezhang, mjahoda, pmosko, psklenar, thozza | ||||
| Target Milestone: | rc | Keywords: | Patch, Upstream | ||||
| Target Release: | 8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | postfix-3.3.1-12 | Doc Type: | Bug Fix | ||||
| Doc Text: |
.The `postfix` DNS resolver code now uses `res_search` instead of `res_query`
Following its previous update in `postfix`, the DNS resolver code used the `res_query` function instead of the `res_search` function. As a consequence, the DNS resolver did not search host names in the current and parent domains with the following `postfix` configuration:
----
# postconf -e "smtp_host_lookup = dns"
# postconf -e "smtp_dns_resolver_options = res_defnames, res_dnsrch"
----
For example, for:
----
# postconf -e "relayhost = [smtp]"
----
and the domain name in the _example.com_ format, the DNS resolver did not use the smtp._example.com_ SMTP server for relaying.
With this update, the DNS resolver code has been changed to use `res_search` instead of `res_query`, and it now searches the host names in the current and parent domains correctly.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-04-28 16:47:16 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1755139 | ||||||
| Attachments: |
|
||||||
|
Description
Jaroslav Škarvada
2019-06-25 20:28:45 UTC
It seems the resolver code has been rewritten in postfix-3.1.x and it now uses res_query instead of the res_search. From the manual page (the text was shortened): > The res_search() functions make a query and waits for the response like res_query(), but in addition it implements the default and search rules controlled by RES_DEFNAMES and RES_DNSRCH. > > RES_DNSRCH If set, res_search() will search for hostnames in the current domain and in parent domains. > RES_DEFNAMES If set, res_search() will append the default domain name to single component names—that is, those that do not contain a dot. So that's why the RES_DEFNAMES and RES_DNSRCH flags are ignored now and domainname is not appended to the query. I asked upstream about purpose of this change. Reply from upstream: > # postconf -e "relayhost = [smtp]" > # postconf -e smtp_host_lookup=dns > # postconf -e "smtp_dns_resolver_options = res_defnames, res_dnsrch" Those particular settings break the correctness of MX resolution and are not recommended: http://www.postfix.org/postconf.5.html#smtp_dns_resolver_options Instead, use "dns, native" if you want those features for gateway literals. > Is this intended? I wasn't able to find any related incompatibility > notice in the documentation I don't think it was specifically intended, the change to use res_query was made for other reasons, so this change may be inadvertent, but it is perhaps time after 8+ years to drop the Postfix 2.8 support crutches. According to the comment 7 I don't think it's worth to support the behavior of old postfix in RHEL-8 (we started with the postfix-3.3.x in RHEL-8 which already had this new behavior thus there was no regression) and divert from the upstream. To sum it up: - the change in behavior is side effect of resolver improvements - upstream doesn't recommend usage of the configuration from comment 0 (usage of res_defnames and res_dnsrch resolver flags), for details see linked upstream documentation in comment 7 - the requested behaviour can be still enabled with the "smtp_host_lookup = dns, native" configuration - it's not regression in RHEL-8, because postfix in RHEL-8 always worked this way - I do not recommend patching the resolver to work differently from the upstream implementation just to mimic RHEL-7 behavior Upstream finally acked it as a bug. The fix is as I wrote earlier - to replace the res_query by the res_search. The fix will be included in some future postfix release. Created attachment 1645520 [details]
Upstream fix
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1816 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |