SUMMARY: sendmail impatience with DNS

From: Robert J. Cronin (
Date: Tue Mar 23 1993 - 17:44:55 CST


Well, this time I failed to catch a winner. :'(

My problem has to do with sendmail returning mail to the sender
immediately upon DNS nameserver lookup failure, instead of queueing it
for later re-try. There is information in an O'Reilly book about an
"I" option to help with this problem, but Sun does not mention it.

Suggestions I got:

>This really should not happen with ''. It is supposed to
>queue the message for retry. It only says "Host unknown" when
>the nameserver does not timeout, and gives a definitive NXDOMAIN
>response. .... make sure to re-name to sendmail.
        ---Already done. Perhaps it is DNS that is at fault??

>Make sure interior machines forward mail to gateway, instead of trying to send >out directly.
        ---Already done.

>Should be using '' and "ddn" mailer, not "tcp" mailer. [But
>this would not cause your problem.]
        ---Well, we got the file from PSI, and only made
        minor adjustments. Is there really something different about
        the "ddn" mailer spec.?

>The "I" option is not in the 4.1.1 or 4.1.3 sendmail source.
        ---Guess it isn't in the executable either, then!

>Greetings... We have exactly the same problem you describe.
>I temporarily added "OI" to a sample config file and
>it (at least) didn't complain about it...
        ---Let me know if it worked! (but, see entry above)

>all I can say is "me too".
>the only interesting thing is that some addresses
>get bounced back much more often than others
        ---We hadn't noticed any preference for one address over another.

>Get a real sendmail. Either 6.37 or some IDA version.
        ---It may come down to this, unfortunately!

>Please, please post a summary to this, I have this same problem with
>my server.

>Is your major relay host inside or outside of your domain? If inside,
>it should hang around for the 3 days, or whatever the default, while
>attempting to send the mail. If the major relay host is outside, then
>I would suggest that you change it to a system inside your domain.
        ---I think it is inside? It thinks its name is "".
        What should I look at to be sure?

>Get a real sendmail. You don't have to use the old version Sun ships. Look
>into IDA sendmail -- lots of bugfixes, lots of enhancements, lots of good
        ---See above.

Anybody Got Any More Suggestions???

Thanks to all who responded:

>From: "Jim Davis" <>
>From: Thomas Hilgert <>
>From: (Bert Robbins)
>From: (Jeff Mallory)
>From: Christopher Hoover <>
>From: (J. Matt Landrum)
>From: "Craig D. Rice" <>
>From: Rich Schultz <>
>From: Neil W Rickert <>

Bob Cronin

Original posting:

> Hello Sun-managers:
> I am in need of assistance with a nagging DNS/sendmail problem:
> Frequently, users sending mail through our gateway machine get returned
> mail such as:
> > Subject: Returned mail: Host unknown
> > To: <someuser@somemachine>
> > Content-Length: 1650
> > Status: RO
> >
> > ----- Transcript of session follows -----
> > 421 Host not found for mailer tcp.
> > 550 <>... Host unknown
> This is a result of the DNS lookup timing out. (We have an
> intermittent link to the internet, and it takes over a minute to bring
> up the link and receive an address lookup.) The address is valid, and
> if you resend the message, it will reach its destination.
> According to the book "DNS and BIND in a Nutshell", 1992, from
> O'Reilly, there is a sendmail option "I" made for just this problem
> (see page 113). The "I" option tells sendmail to queue and re-try the
> message instead of returning it immediately.
> Questions:
> Is it there but not documented?
> If it isn't there, what should I do?
> Is there a way, (and is it desirable) to convince the DNS lookup to wait
> longer while the line comes up?
> Additional Data:
> *** DNS runs ONLY on the gateway machine. (No resolvers run on
> interior machines.)
> *** The gateway is a SPARCstation IPC running 4.1.1.
> *** The gateway does not run NIS.
> *** The changes have been applied on the gateway to allow
> DNS without NIS.
> *** The gateway is running

