<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
<html>
<!-- Created on September, 10 2009 by texi2html 1.78 -->
<!--
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
Karl Berry <karl@freefriends.org>
Olaf Bachmann <obachman@mathematik.uni-kl.de>
and many others.
Maintained by: Many creative people.
Send bugs and suggestions to <texi2html-bug@nongnu.org>
-->
<head>
<title>Specification of the Exim Mail Transfer Agent: 17. The dnslookup router</title>
<meta name="description" content="Specification of the Exim Mail Transfer Agent: 17. The dnslookup router">
<meta name="keywords" content="Specification of the Exim Mail Transfer Agent: 17. The dnslookup router">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="texi2html 1.78">
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
pre.display {font-family: serif}
pre.format {font-family: serif}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: serif; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: serif; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.roman {font-family:serif; font-weight:normal;}
span.sansserif {font-family:sans-serif; font-weight:normal;}
ul.toc {list-style: none}
-->
</style>
</head>
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
<a name="The-dnslookup-router"></a>
<a name="SEC188"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="spec_16.html#SEC187" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC189" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec_16.html#SEC187" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_18.html#SEC192" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h1 class="chapter"> 17. The dnslookup router </h1>
<p>The <code>dnslookup</code> router looks up the hosts that handle mail for the
recipient's domain in the DNS. A transport must always be set for this router,
unless <code>verify_only</code> is set.
</p>
<p>If SRV support is configured (see <code>check_srv</code> below), Exim first searches for
SRV records. If none are found, or if SRV support is not configured,
MX records are looked up. If no MX records exist, address records are sought.
However, <code>mx_domains</code> can be set to disable the direct use of address
records.
</p>
<p>MX records of equal priority are sorted by Exim into a random order. Exim then
looks for address records for the host names obtained from MX or SRV records.
When a host has more than one IP address, they are sorted into a random order,
except that IPv6 addresses are always sorted before IPv4 addresses. If all the
IP addresses found are discarded by a setting of the <code>ignore_target_hosts</code>
generic option, the router declines.
</p>
<p>Unless they have the highest priority (lowest MX value), MX records that point
to the local host, or to any host name that matches <code>hosts_treat_as_local</code>,
are discarded, together with any other MX records of equal or lower priority.
</p>
<a name="IDX1780"></a>
<a name="IDX1781"></a>
<a name="IDX1782"></a>
<p>If the host pointed to by the highest priority MX record, or looked up as an
address record, is the local host, or matches <code>hosts_treat_as_local</code>, what
happens is controlled by the generic <code>self</code> option.
</p>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top"><a href="#SEC189">17.1 Problems with DNS lookups</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC190">17.2 Private options for dnslookup</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC191">17.3 Effect of qualify_single and search_parents</a></td><td> </td><td align="left" valign="top">
</td></tr>
</table>
<hr size="6">
<a name="Problems-with-DNS-lookups"></a>
<a name="SEC189"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC188" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC190" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC188" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC188" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_18.html#SEC192" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 17.1 Problems with DNS lookups </h2>
<p>There have been problems with DNS servers when SRV records are looked up.
Some mis-behaving servers return a DNS error or timeout when a non-existent
SRV record is sought. Similar problems have in the past been reported for
MX records. The global <code>dns_again_means_nonexist</code> option can help with this
problem, but it is heavy-handed because it is a global option.
</p>
<p>For this reason, there are two options, <code>srv_fail_domains</code> and
<code>mx_fail_domains</code>, that control what happens when a DNS lookup in a
<code>dnslookup</code> router results in a DNS failure or a "try again" response. If
an attempt to look up an SRV or MX record causes one of these results, and the
domain matches the relevant list, Exim behaves as if the DNS had responded "no
such record". In the case of an SRV lookup, this means that the router
proceeds to look for MX records; in the case of an MX lookup, it proceeds to
look for A or AAAA records, unless the domain matches <code>mx_domains</code>, in which
case routing fails.
</p>
<hr size="6">
<a name="Private-options-for-dnslookup"></a>
<a name="SEC190"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC189" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC191" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC188" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC188" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_18.html#SEC192" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 17.2 Private options for dnslookup </h2>
<p>The private options for the <code>dnslookup</code> router are as follows:
</p>
<a name="IDX1783"></a>
<table>
<tr><td>
<p><code>check_secondary_mx</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>boolean</em></p></td><td><p> Default: <em>false</em>
</p></td></tr>
</table>
<a name="IDX1784"></a>
<p>If this option is set, the router declines unless the local host is found in
(and removed from) the list of hosts obtained by MX lookup. This can be used to
process domains for which the local host is a secondary mail exchanger
differently to other domains. The way in which Exim decides whether a host is
the local host is described in section <a href="spec_13.html#SEC160">Recognizing the local host</a>.
</p>
<a name="IDX1785"></a>
<table>
<tr><td>
<p><code>check_srv</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>string</em>*<em></em></p></td><td><p> Default: <em>unset</em>
</p></td></tr>
</table>
<a name="IDX1786"></a>
<p>The <code>dnslookup</code> router supports the use of SRV records (see RFC 2782) in
addition to MX and address records. The support is disabled by default. To
enable SRV support, set the <code>check_srv</code> option to the name of the service
required. For example,
</p>
<table><tr><td> </td><td><pre class="example">check_srv = smtp
</pre></td></tr></table>
<p>looks for SRV records that refer to the normal smtp service. The option is
expanded, so the service name can vary from message to message or address
to address. This might be helpful if SRV records are being used for a
submission service. If the expansion is forced to fail, the <code>check_srv</code>
option is ignored, and the router proceeds to look for MX records in the
normal way.
</p>
<p>When the expansion succeeds, the router searches first for SRV records for
the given service (it assumes TCP protocol). A single SRV record with a
host name that consists of just a single dot indicates "no such service for
this domain"; if this is encountered, the router declines. If other kinds of
SRV record are found, they are used to construct a host list for delivery
according to the rules of RFC 2782. MX records are not sought in this case.
</p>
<p>When no SRV records are found, MX records (and address records) are sought in
the traditional way. In other words, SRV records take precedence over MX
records, just as MX records take precedence over address records. Note that
this behaviour is not sanctioned by RFC 2782, though a previous draft RFC
defined it. It is apparently believed that MX records are sufficient for email
and that SRV records should not be used for this purpose. However, SRV records
have an additional "weight" feature which some people might find useful when
trying to split an SMTP load between hosts of different power.
</p>
<p>See section <a href="#SEC189">Problems with DNS lookups</a> above for a discussion of Exim's behaviour
when there is a DNS lookup error.
</p>
<a name="IDX1787"></a>
<table>
<tr><td>
<p><code>mx_domains</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>domain list</em>*<em></em></p></td><td><p> Default: <em>unset</em>
</p></td></tr>
</table>
<a name="IDX1788"></a>
<a name="IDX1789"></a>
<p>A domain that matches <code>mx_domains</code> is required to have either an MX or an SRV
record in order to be recognized. (The name of this option could be improved.)
For example, if all the mail hosts in <em>fict.example</em> are known to have MX
records, except for those in <em>discworld.fict.example</em>, you could use this
setting:
</p>
<table><tr><td> </td><td><pre class="example">mx_domains = ! *.discworld.fict.example : *.fict.example
</pre></td></tr></table>
<p>This specifies that messages addressed to a domain that matches the list but
has no MX record should be bounced immediately instead of being routed using
the address record.
</p>
<a name="IDX1790"></a>
<table>
<tr><td>
<p><code>mx_fail_domains</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>domain list</em>*<em></em></p></td><td><p> Default: <em>unset</em>
</p></td></tr>
</table>
<p>If the DNS lookup for MX records for one of the domains in this list causes a
DNS lookup error, Exim behaves as if no MX records were found. See section
<a href="#SEC189">Problems with DNS lookups</a> for more discussion.
</p>
<a name="IDX1791"></a>
<table>
<tr><td>
<p><code>qualify_single</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>boolean</em></p></td><td><p> Default: <em>true</em>
</p></td></tr>
</table>
<a name="IDX1792"></a>
<a name="IDX1793"></a>
<p>When this option is true, the resolver option RES_DEFNAMES is set for DNS
lookups. Typically, but not standardly, this causes the resolver to qualify
single-component names with the default domain. For example, on a machine
called <em>dictionary.ref.example</em>, the domain <em>thesaurus</em> would be changed to
<em>thesaurus.ref.example</em> inside the resolver. For details of what your
resolver actually does, consult your man pages for <em>resolver</em> and
<em>resolv.conf</em>.
</p>
<a name="IDX1794"></a>
<table>
<tr><td>
<p><code>rewrite_headers</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>boolean</em></p></td><td><p> Default: <em>true</em>
</p></td></tr>
</table>
<a name="IDX1795"></a>
<a name="IDX1796"></a>
<p>If the domain name in the address that is being processed is not fully
qualified, it may be expanded to its full form by a DNS lookup. For example, if
an address is specified as <em>dormouse@teaparty</em>, the domain might be
expanded to <em>teaparty.wonderland.fict.example</em>. Domain expansion can also
occur as a result of setting the <code>widen_domains</code> option. If
<code>rewrite_headers</code> is true, all occurrences of the abbreviated domain name in
any <em>Bcc:</em>, <em>Cc:</em>, <em>From:</em>, <em>Reply-to:</em>, <em>Sender:</em>, and <em>To:</em>
header lines of the message are rewritten with the full domain name.
</p>
<p>This option should be turned off only when it is known that no message is
ever going to be sent outside an environment where the abbreviation makes
sense.
</p>
<p>When an MX record is looked up in the DNS and matches a wildcard record, name
servers normally return a record containing the name that has been looked up,
making it impossible to detect whether a wildcard was present or not. However,
some name servers have recently been seen to return the wildcard entry. If the
name returned by a DNS lookup begins with an asterisk, it is not used for
header rewriting.
</p>
<a name="IDX1797"></a>
<table>
<tr><td>
<p><code>same_domain_copy_routing</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>boolean</em></p></td><td><p> Default: <em>false</em>
</p></td></tr>
</table>
<a name="IDX1798"></a>
<p>Addresses with the same domain are normally routed by the <code>dnslookup</code> router
to the same list of hosts. However, this cannot be presumed, because the router
options and preconditions may refer to the local part of the address. By
default, therefore, Exim routes each address in a message independently. DNS
servers run caches, so repeated DNS lookups are not normally expensive, and in
any case, personal messages rarely have more than a few recipients.
</p>
<p>If you are running mailing lists with large numbers of subscribers at the same
domain, and you are using a <code>dnslookup</code> router which is independent of the
local part, you can set <code>same_domain_copy_routing</code> to bypass repeated DNS
lookups for identical domains in one message. In this case, when <code>dnslookup</code>
routes an address to a remote transport, any other unrouted addresses in the
message that have the same domain are automatically given the same routing
without processing them independently,
provided the following conditions are met:
</p>
<ul class="toc">
<li>
No router that processed the address specified <code>headers_add</code> or
<code>headers_remove</code>.
</li><li>
The router did not change the address in any way, for example, by "widening"
the domain.
</li></ul>
<a name="IDX1799"></a>
<table>
<tr><td>
<p><code>search_parents</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>boolean</em></p></td><td><p> Default: <em>false</em>
</p></td></tr>
</table>
<a name="IDX1800"></a>
<p>When this option is true, the resolver option RES_DNSRCH is set for DNS
lookups. This is different from the <code>qualify_single</code> option in that it
applies to domains containing dots. Typically, but not standardly, it causes
the resolver to search for the name in the current domain and in parent
domains. For example, on a machine in the <em>fict.example</em> domain, if looking
up <em>teaparty.wonderland</em> failed, the resolver would try
<em>teaparty.wonderland.fict.example</em>. For details of what your resolver
actually does, consult your man pages for <em>resolver</em> and <em>resolv.conf</em>.
</p>
<p>Setting this option true can cause problems in domains that have a wildcard MX
record, because any domain that does not have its own MX record matches the
local wildcard.
</p>
<a name="IDX1801"></a>
<table>
<tr><td>
<p><code>srv_fail_domains</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>domain list</em>*<em></em></p></td><td><p> Default: <em>unset</em>
</p></td></tr>
</table>
<p>If the DNS lookup for SRV records for one of the domains in this list causes a
DNS lookup error, Exim behaves as if no SRV records were found. See section
<a href="#SEC189">Problems with DNS lookups</a> for more discussion.
</p>
<a name="IDX1802"></a>
<table>
<tr><td>
<p><code>widen_domains</code></p></td><td><p> Use: <em>dnslookup</em></p></td><td><p> Type: <em>string list</em></p></td><td><p> Default: <em>unset</em>
</p></td></tr>
</table>
<a name="IDX1803"></a>
<p>If a DNS lookup fails and this option is set, each of its strings in turn is
added onto the end of the domain, and the lookup is tried again. For example,
if
</p>
<table><tr><td> </td><td><pre class="example">widen_domains = fict.example:ref.example
</pre></td></tr></table>
<p>is set and a lookup of <em>klingon.dictionary</em> fails,
<em>klingon.dictionary.fict.example</em> is looked up, and if this fails,
<em>klingon.dictionary.ref.example</em> is tried. Note that the <code>qualify_single</code>
and <code>search_parents</code> options can cause some widening to be undertaken inside
the DNS resolver. <code>widen_domains</code> is not applied to sender addresses
when verifying, unless <code>rewrite_headers</code> is false (not the default).
</p>
<hr size="6">
<a name="Effect-of-qualify_005fsingle-and-search_005fparents"></a>
<a name="SEC191"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC190" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="spec_18.html#SEC192" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC188" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC188" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_18.html#SEC192" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 17.3 Effect of qualify_single and search_parents </h2>
<p>When a domain from an envelope recipient is changed by the resolver as a result
of the <code>qualify_single</code> or <code>search_parents</code> options, Exim rewrites the
corresponding address in the message's header lines unless <code>rewrite_headers</code>
is set false. Exim then re-routes the address, using the full domain.
</p>
<p>These two options affect only the DNS lookup that takes place inside the router
for the domain of the address that is being routed. They do not affect lookups
such as that implied by
</p>
<table><tr><td> </td><td><pre class="example">domains = @mx_any
</pre></td></tr></table>
<p>that may happen while processing a router precondition before the router is
entered. No widening ever takes place for these lookups.
<a name="IDX1804"></a>
<a name="IDX1805"></a>
</p>
<hr size="6">
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC188" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="spec_18.html#SEC192" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<p>
<font size="-1">
This document was generated on <i>September, 10 2009</i> using <a href="http://www.nongnu.org/texi2html/"><i>texi2html 1.78</i></a>.
</font>
<br>
</p>
</body>
</html>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
a4080654d049ad31b216b761b9173c1f
>
files
>
118
