home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Previous Section Next Section


Tune DNS lookups All versions

The ResolverOptions option allows you to tune the way DNS lookups are performed. The forms of this option are as follows:

O ResolverOptions=arg ...        configuration file (V8.7 and later) 
-OResolverOptions="arg ..."      command line (V8.7 and later) 
define(`confBIND_OPTS',`arg ...')    mc configuration (V8.7 and later) 
-oI"arg ..."                     command line (V8.6 and later) 
OIarg ...                        configuration file (V8.6 and later) 
OIbool                           configuration file (deprecated) 
-oIbool                          command line (deprecated) 

The arg is one or more arguments that allow you to tune the behavior of the name server. The arg arguments are identical to the flags listed in resolver(3), but you omit the RES_ prefix. For example, RES_DNSRCH is expressed as DNSRCH. A flag can be preceded by a plus or a minus to enable or disable the corresponding name server option. If no pluses or minuses appear, the name server option is enabled just as though a plus was present. Consider the following:

O ResolverOptions=+AAONLY -DNSRCH

These turn on the AAONLY name server option (Authoritative Answers Only) and turn off the DNSRCH name server option (search the domain path). If the ResolverOptions option is omitted entirely, the default is for the DNSRCH, DEFNAMES, and RECURSE name server options to be enabled and all others to be disabled. Thus, for example, DNSRCH is always enabled unless you specifically turn it off.

Beginning with V8.7 sendmail, the special string HasWildcardMX can be listed along with the other resolver options:

O ResolverOptions=+AAONLY -DNSRCH HasWildcardMX

This string causes MX lookups to be done with res_query(3) set (provided that the level of the configuration is 6 or above, Section 17.5); otherwise, those lookups are done with res_search(3). This string also inhibits MX lookups when getting the canonical name of the local host. It should always be used if you have a wildcard MX record that matches your local domain.

Beginning with V8.12 sendmail, the special string WorkAroundBrokenAAAA (Section 9.2.7) can be listed along with the other resolver options:

O ResolverOptions=+AAONLY -DNSRCH WorkAroundBrokenAAAA

When attempting to canonify a hostname, some broken name servers will return SERVFAIL (a temporary failure) on T_AAAA IPv6 lookups. If you want to excuse this behavior, include WorkAroundBrokenAAAA with the ResolverOptions option. We recommend, however, that you note the problem and report it to the administrator of that broken name server.

The complete list of resolver options available as of V8.12 is shown in Table 24-24.

Table 24-24. ResolverOption settings for resolver options




Return authoritative answers only


Print debug messages


Use the default domain name


Search the local domain's tree


Use res_query(3) for MX lookups


Ignore truncation errors


Query the primary server only


Use recursive lookups


Keep the TCP socket open


Use a virtual circuit


Use IPv6 lookups (not available on all systems)


Ignore bad returns of a T_AAAA lookup

Note that omitting the ResolverOptions option altogether does not disable DNS lookups. To disable DNS under V8.6 and earlier sendmail, you must compile a version of sendmail with NAMED_BIND support omitted (NAMED_BIND). Beginning with V8.7 sendmail, you can disable use of DNS via your service-switch file (ServiceSwitchFile).

Under V8 sendmail, any Boolean argument following the ResolverOptions is silently ignored. Therefore, an initial True might be included for compatibility with previous versions of sendmail. Note that under V8 sendmail, a False produces an error and cannot be used to disable this option.

Version 1 configuration files (Section 17.5) cause sendmail to disable DNSRCH and DEFNAMES when doing delivery lookups but to leave them on at all other times. Version 2 and later configuration files cause sendmail to use the resolver options defined by the ResolverOptions option, except that it always enables DNSRCH when doing lookups with the $[ and $] operators. Starting with Version 8, sendmail defers the decision of whether to use DNS lookups to the ServiceSwitchFile option (ServiceSwitchFile). DNS is now considered canonical only if the dns service is listed for hosts in the ServiceSwitchFile.

Finally, note that an attempt to use this option with a version of sendmail that does not support DNS lookups (NAMED_BIND) will result in this error message:

name server (I option) specified but BIND not compiled in

The ResolverOptions option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.

    Previous Section Next Section