The ResolverOptions option allows you to tune the
way DNS lookups are performed. The forms of this option are as
follows:
O ResolverOptions=arg ... 
configuration file (V8.7 and later)
-OResolverOptions="arg ..." command line (V8.7 and later)
define(`confBIND_OPTS',`arg ...') mc configuration (V8.7 and later)
-oI"arg ..." command line (V8.6 and later)
OIarg ... configuration file (V8.6 and later)
OIbool configuration file (deprecated)
-oIbool command line (deprecated)
The arg is one or more arguments that
allow you to tune the behavior of the name server. The
arg arguments are identical to the flags
listed in resolver(3), but you omit the
RES_ prefix. For example, RES_DNSRCH is expressed
as DNSRCH. A flag can be preceded by a plus or a minus to enable or
disable the corresponding name server option. If no pluses or minuses
appear, the name server option is enabled just as though a plus was
present. Consider the following:
O ResolverOptions=+AAONLY -DNSRCH
These turn on the AAONLY name server option (Authoritative Answers
Only) and turn off the DNSRCH name server option (search the domain
path). If the ResolverOptions option is omitted
entirely, the default is for the DNSRCH, DEFNAMES, and RECURSE name
server options to be enabled and all others to be disabled. Thus, for
example, DNSRCH is always enabled unless you specifically turn it
off.
Beginning with V8.7 sendmail, the special string
HasWildcardMX can be listed along with the other
resolver options:
O ResolverOptions=+AAONLY -DNSRCH HasWildcardMX
This string causes MX lookups to be done with
res_query(3) set (provided that the level of the
configuration is 6 or above, Section 17.5);
otherwise, those lookups are done with
res_search(3). This string also inhibits MX
lookups when getting the canonical name of the local host. It should
always be used if you have a wildcard MX record that matches your
local domain.
Beginning with V8.12 sendmail, the special
string WorkAroundBrokenAAAA (Section 9.2.7) can be listed along with the other resolver
options:
O ResolverOptions=+AAONLY -DNSRCH WorkAroundBrokenAAAA
When attempting to canonify a hostname, some broken name servers will
return SERVFAIL (a temporary failure) on T_AAAA IPv6 lookups. If you
want to excuse this behavior, include
WorkAroundBrokenAAAA with the
ResolverOptions option. We recommend, however,
that you note the problem and report it to the administrator of that
broken name server.
The complete list of resolver options available as of V8.12 is shown
in Table 24-24.
Table 24-24. ResolverOption settings for resolver options
|
AAONLY
|
Return authoritative answers only
|
|
DEBUG
|
Print debug messages
|
|
DEFNAMES
|
Use the default domain name
|
|
DNSRCH
|
Search the local domain's tree
|
|
HasWildcardMX
|
Use res_query(3) for MX lookups
|
|
IGNTC
|
Ignore truncation errors
|
|
PRIMARY
|
Query the primary server only
|
|
RECURSE
|
Use recursive lookups
|
|
STAYOPEN
|
Keep the TCP socket open
|
|
USEVC
|
Use a virtual circuit
|
|
USE_INET6
|
Use IPv6 lookups (not available on all systems)
|
|
WorkAroundBrokenAAAA
|
Ignore bad returns of a T_AAAA lookup
|
Note that omitting the ResolverOptions option
altogether does not disable DNS lookups. To
disable DNS under V8.6 and earlier sendmail, you
must compile a version of sendmail with
NAMED_BIND support omitted (NAMED_BIND). Beginning
with V8.7 sendmail, you can disable use of DNS
via your service-switch file (ServiceSwitchFile).
Under V8 sendmail, any Boolean argument
following the ResolverOptions is silently ignored.
Therefore, an initial True might be included for
compatibility with previous versions of
sendmail. Note that under V8
sendmail, a False produces an
error and cannot be used to disable this option.
Version 1 configuration files (Section 17.5) cause
sendmail to disable DNSRCH and DEFNAMES when
doing delivery lookups but to leave them on at all other times.
Version 2 and later configuration files cause
sendmail to use the resolver options defined by
the ResolverOptions option, except that it always
enables DNSRCH when doing lookups with the $[ and
$] operators. Starting with Version 8,
sendmail defers the decision of whether to use
DNS lookups to the ServiceSwitchFile option (ServiceSwitchFile). DNS is now considered canonical only if the
dns service is listed for hosts
in the ServiceSwitchFile.
Finally, note that an attempt to use this option with a version of
sendmail that does not support DNS lookups
(NAMED_BIND) will result in this error message:
name server (I option) specified but BIND not compiled in
The ResolverOptions option is not safe. If
specified from the command line, it can cause
sendmail to relinquish its special privileges.
