1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • purely local DNS

    From Adam Weremczuk@21:1/5 to All on Mon Jul 15 15:10:01 2024
    What I need to configure for my Debian 12 VM:
    - no public or LAN DNS whatsoever
    - ability to fetch a single MX record for a single domain

    I don't think I can add MX to /etc/hosts which only works for A records.

    I'm after a similarly simple, "one liner" solution.

    ---
    Adam

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Wooledge@21:1/5 to Adam Weremczuk on Mon Jul 15 15:40:02 2024
    On Mon, Jul 15, 2024 at 14:00:03 +0100, Adam Weremczuk wrote:
    What I need to configure for my Debian 12 VM:
    - no public or LAN DNS whatsoever
    - ability to fetch a single MX record for a single domain

    I don't think I can add MX to /etc/hosts which only works for A records.

    I'm after a similarly simple, "one liner" solution.

    I'm *so* confused by this question. You want to be able to *fetch* an MX record? You don't want to configure your MTA in a static way so that
    it delivers mail properly for this domain right now? You need to be able
    to *fetch* the MX record in real time in case it changes?

    And you want to do that *without* being able to contact the real DNS?

    How does one reconcile these goal statements? It's beyond me.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jeff Pang@21:1/5 to Adam Weremczuk on Mon Jul 15 15:20:01 2024
    Given you want to send mail to foo.com whose mx record is mail.foo.com
    whose IP is 1.2.3.4

    Then write this entry in hosts file:
    1.2.3.4 foo.com

    Which should work for sending mail.

    Regards

    On 2024-07-15 21:00, Adam Weremczuk wrote:
    What I need to configure for my Debian 12 VM:
    - no public or LAN DNS whatsoever
    - ability to fetch a single MX record for a single domain

    I don't think I can add MX to /etc/hosts which only works for A
    records.

    I'm after a similarly simple, "one liner" solution.

    ---
    Adam

    --
    Jeff Pang
    jeffpang@aol.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam Weremczuk@21:1/5 to Greg Wooledge on Mon Jul 15 15:50:01 2024
    I want to achieve the first objective and the values are static.
    I just hoped there is a one liner hack (like A records in /etc/hosts) to achieve this vs reconfiguring my MTA.


    On 15/07/2024 14:33, Greg Wooledge wrote:
    On Mon, Jul 15, 2024 at 14:00:03 +0100, Adam Weremczuk wrote:
    What I need to configure for my Debian 12 VM:
    - no public or LAN DNS whatsoever
    - ability to fetch a single MX record for a single domain

    I don't think I can add MX to /etc/hosts which only works for A records.

    I'm after a similarly simple, "one liner" solution.

    I'm *so* confused by this question. You want to be able to *fetch* an MX record? You don't want to configure your MTA in a static way so that
    it delivers mail properly for this domain right now? You need to be able
    to *fetch* the MX record in real time in case it changes?

    And you want to do that *without* being able to contact the real DNS?

    How does one reconcile these goal statements? It's beyond me.


    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam Weremczuk@21:1/5 to Jeff Pang on Mon Jul 15 15:50:01 2024
    It doesn't work.

    mail.example.com record doesn't exist to start with.

    Even if I add:

    1.2.3.4 example.com
    5.6.7.8 mail.example.com

    to /etc/hosts

    I get:

    0A032940922 657 Mon Jul 15 14:40:01 user1@mymachine
    (Host or domain name not found. Name service error for name=example.com type=MX: Host not found, try again)
    user2@example.com


    On 15/07/2024 14:17, Jeff Pang wrote:

    Given you want to send mail to foo.com whose mx record is mail.foo.com
    whose IP is 1.2.3.4

    Then write this entry in hosts file:
    1.2.3.4  foo.com

    Which should work for sending mail.

    Regards

    On 2024-07-15 21:00, Adam Weremczuk wrote:
    What I need to configure for my Debian 12 VM:
    - no public or LAN DNS whatsoever
    - ability to fetch a single MX record for a single domain

    I don't think I can add MX to /etc/hosts which only works for A records.

    I'm after a similarly simple, "one liner" solution.

    ---
    Adam


    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jeff Pang@21:1/5 to Adam Weremczuk on Mon Jul 15 16:00:02 2024
    I didn’t test it but no MX was found then local MTA should try A record
    for delivery.

    As a proof that safe-mail.net has no mx but A record only.

    Regards


    On 2024-07-15 21:45, Adam Weremczuk wrote:
    It doesn't work.

    mail.example.com record doesn't exist to start with.

    Even if I add:

    1.2.3.4 example.com
    5.6.7.8 mail.example.com

    to /etc/hosts

    I get:

    0A032940922 657 Mon Jul 15 14:40:01 user1@mymachine
    (Host or domain name not found. Name service error for name=example.com type=MX: Host not found, try again)
    user2@example.com


    On 15/07/2024 14:17, Jeff Pang wrote:

    Given you want to send mail to foo.com whose mx record is mail.foo.com
    whose IP is 1.2.3.4

    Then write this entry in hosts file:
    1.2.3.4  foo.com

    Which should work for sending mail.

    Regards

    On 2024-07-15 21:00, Adam Weremczuk wrote:
    What I need to configure for my Debian 12 VM:
    - no public or LAN DNS whatsoever
    - ability to fetch a single MX record for a single domain

    I don't think I can add MX to /etc/hosts which only works for A
    records.

    I'm after a similarly simple, "one liner" solution.

    ---
    Adam


    --
    Jeff Pang
    jeffpang@aol.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jeff Pang@21:1/5 to All on Mon Jul 15 16:00:02 2024

    I get:

    0A032940922 657 Mon Jul 15 14:40:01 user1@mymachine
    (Host or domain name not found. Name service error for name=example.com type=MX: Host not found, try again)


    Any SMTP client which does not fall back to the A record when no MX
    records exists is fundamentally broken.

    --
    Jeff Pang
    jeffpang@aol.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam Weremczuk@21:1/5 to All on Mon Jul 15 16:50:02 2024
    I'm using Postfix and this all that was needed:

    /etc/hosts
    1.2.3.4 example.com

    /etc/postfix/main.cf
    disable_dns_lookups = yes
    smtp_host_lookup = native

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Wooledge@21:1/5 to Adam Weremczuk on Mon Jul 15 16:20:02 2024
    On Mon, Jul 15, 2024 at 14:49:21 +0100, Adam Weremczuk wrote:
    I want to achieve the first objective and the values are static.
    I just hoped there is a one liner hack (like A records in /etc/hosts) to achieve this vs reconfiguring my MTA.

    Routing Internet email in the absence of functioning DNS is going to
    require configuration of your MTA.

    So, the next question is *which* MTA you're using. I'm most familiar
    with qmail. I'm guessing you're not using qmail (just based on the odds),
    but in qmail, this would be done by creating an smtproutes file in the
    control directory.

    If you want qmail to route outgoing remote messages for @example.com
    to the host zeus.home.arpa, you would put this line in smtproutes:

    example.com:zeus.home.arpa

    This suppresses the normal MX lookup. The hostname zeus.home.arpa will
    need to be resolvable, of course. If you want to use a raw IP address
    there instead of a hostname, I believe that's also possible.

    This happens to be a "one-line solution" in qmail.

    I don't know how to do it in other MTAs off the top of my head, but I'm guessing each one will be different. Probably radically different. It wouldn't surprise me if it requires more than one line of configuration
    in most cases.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Todd Zullinger@21:1/5 to Adam Weremczuk on Mon Jul 15 20:00:01 2024
    Adam Weremczuk wrote:
    I'm using Postfix and this all that was needed:

    /etc/hosts
    1.2.3.4 example.com

    /etc/postfix/main.cf
    disable_dns_lookups = yes
    smtp_host_lookup = native

    It's probably worth noting that `disable_dns_lookups` has
    been deprecated for a long time. The postconf(5) man page
    says:

    As of Postfix 2.11, this parameter is deprecated; use
    smtp_dns_support_level instead.

    (Debian 12 has postfix-3.7.11; well past postfix-2.11.)

    I don't know if `smtp_dns_support_level` is needed at all
    with `smtp_host_lookup = native`. I've never run an MTA
    where I wanted DNS lookups disabled, so I don't have any
    direct experience.

    If it is needed, you'd surely be better off avoiding the
    long-deprecated `disable_dns_lookups` parameter which will
    just set you up for failure with some future update.

    --
    Todd

    -----BEGIN PGP SIGNATURE-----

    iHUEARYIAB0WIQSvlwC4tRNlCF6x+moHOcdGE+n45gUCZpVhMgAKCRAHOcdGE+n4 5tihAQDy4iStSyQFQCSQP9sk5efrdeS1vuHicj2nAHRgGIcYGAEAxqqqZ7ZCohoS rz8PvoaZU7tpjsBFkKTxQMolod7TvgU=
    =g6GU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Smith@21:1/5 to Jeff Pang on Mon Jul 15 23:20:01 2024
    Hi,

    On Mon, Jul 15, 2024 at 09:55:06PM +0800, Jeff Pang wrote:


    I get:

    0A032940922 657 Mon Jul 15 14:40:01 user1@mymachine
    (Host or domain name not found. Name service error for name=example.com type=MX: Host not found, try again)

    Any SMTP client which does not fall back to the A record when no MX records exists is fundamentally broken.

    I think a confusion here is that the /etc/hosts file is not DNS. Not
    all applications on a system will ask the NSS for host lookups; some
    do go straight to DNS (as directed by /etc/resolv.conf). So the
    assumption that putting an entry in /etc/hosts is just the same as
    an A record in DNS is not always true.

    It looks like OP has worked out how to tell Postfix not to use DNS,
    so it would obey a hosts entry.

    Thanks,
    Andy

    --
    https://bitfolk.com/ -- No-nonsense VPS hosting

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam Weremczuk@21:1/5 to Max Nikulin on Tue Jul 16 14:10:01 2024
    My intention was to send emails to a single domain with any other email
    traffic being disabled.

    In order to achieve this I considered smart host, dnsmasq and even bind9.

    The 3-liner solution that I've found seems the simplest, least intrusive
    and appears to be working fine.


    On 16/07/2024 01:33, Max Nikulin wrote:

    I assume that you are not trying to achieve "smart host" configuration
    for sending mail.

    Perhaps you can run a dedicated dnsmasq instance with no upstream DNS servers. Option that might help: --dns-rr, --mx-host, --mx-target.



    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam Weremczuk@21:1/5 to Todd Zullinger on Wed Jul 17 15:10:01 2024
    Thanks for the hint Todd.

    I've replaced it with:

    smtp_dns_support_level = disabled

    and it's still working as expected.

    ---
    Adam

    On 15/07/2024 18:49, Todd Zullinger wrote:


    It's probably worth noting that `disable_dns_lookups` has
    been deprecated for a long time. The postconf(5) man page
    says:

    As of Postfix 2.11, this parameter is deprecated; use
    smtp_dns_support_level instead.

    (Debian 12 has postfix-3.7.11; well past postfix-2.11.)

    I don't know if `smtp_dns_support_level` is needed at all
    with `smtp_host_lookup = native`. I've never run an MTA
    where I wanted DNS lookups disabled, so I don't have any
    direct experience.

    If it is needed, you'd surely be better off avoiding the
    long-deprecated `disable_dns_lookups` parameter which will
    just set you up for failure with some future update.


    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)