Discussion:
purely local DNS
(too old to reply)
Adam Weremczuk
2024-07-15 13:10:01 UTC
Permalink
What I need to configure for my Debian 12 VM:
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain

I don't think I can add MX to /etc/hosts which only works for A records.

I'm after a similarly simple, "one liner" solution.

---
Adam
Jeff Pang
2024-07-15 13:20:01 UTC
Permalink
Given you want to send mail to foo.com whose mx record is mail.foo.com
whose IP is 1.2.3.4

Then write this entry in hosts file:
1.2.3.4 foo.com

Which should work for sending mail.

Regards
Post by Adam Weremczuk
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A records.
I'm after a similarly simple, "one liner" solution.
---
Adam
--
Jeff Pang
***@aol.com
Adam Weremczuk
2024-07-15 13:50:01 UTC
Permalink
It doesn't work.

mail.example.com record doesn't exist to start with.

Even if I add:

1.2.3.4 example.com
5.6.7.8 mail.example.com

to /etc/hosts

I get:

0A032940922 657 Mon Jul 15 14:40:01 ***@mymachine
(Host or domain name not found. Name service error for name=example.com
type=MX: Host not found, try again)
Post by Jeff Pang
Given you want to send mail to foo.com whose mx record is mail.foo.com
whose IP is 1.2.3.4
1.2.3.4  foo.com
Which should work for sending mail.
Regards
Post by Adam Weremczuk
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A records.
I'm after a similarly simple, "one liner" solution.
---
Adam
Jeff Pang
2024-07-15 14:00:02 UTC
Permalink
Post by Adam Weremczuk
(Host or domain name not found. Name service error for name=example.com
type=MX: Host not found, try again)
Any SMTP client which does not fall back to the A record when no MX
records exists is fundamentally broken.
--
Jeff Pang
***@aol.com
Andy Smith
2024-07-15 21:20:01 UTC
Permalink
Hi,
Post by Adam Weremczuk
(Host or domain name not found. Name service error for name=example.com
type=MX: Host not found, try again)
Any SMTP client which does not fall back to the A record when no MX records
exists is fundamentally broken.
I think a confusion here is that the /etc/hosts file is not DNS. Not
all applications on a system will ask the NSS for host lookups; some
do go straight to DNS (as directed by /etc/resolv.conf). So the
assumption that putting an entry in /etc/hosts is just the same as
an A record in DNS is not always true.

It looks like OP has worked out how to tell Postfix not to use DNS,
so it would obey a hosts entry.

Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Jeff Pang
2024-07-15 14:00:02 UTC
Permalink
I didn’t test it but no MX was found then local MTA should try A record
for delivery.

As a proof that safe-mail.net has no mx but A record only.

Regards
Post by Adam Weremczuk
It doesn't work.
mail.example.com record doesn't exist to start with.
1.2.3.4 example.com
5.6.7.8 mail.example.com
to /etc/hosts
(Host or domain name not found. Name service error for name=example.com
type=MX: Host not found, try again)
Post by Jeff Pang
Given you want to send mail to foo.com whose mx record is mail.foo.com
whose IP is 1.2.3.4
1.2.3.4  foo.com
Which should work for sending mail.
Regards
Post by Adam Weremczuk
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A records.
I'm after a similarly simple, "one liner" solution.
---
Adam
--
Jeff Pang
***@aol.com
Greg Wooledge
2024-07-15 13:40:02 UTC
Permalink
Post by Adam Weremczuk
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A records.
I'm after a similarly simple, "one liner" solution.
I'm *so* confused by this question. You want to be able to *fetch* an MX
record? You don't want to configure your MTA in a static way so that
it delivers mail properly for this domain right now? You need to be able
to *fetch* the MX record in real time in case it changes?

And you want to do that *without* being able to contact the real DNS?

How does one reconcile these goal statements? It's beyond me.
Adam Weremczuk
2024-07-15 13:50:01 UTC
Permalink
I want to achieve the first objective and the values are static.
I just hoped there is a one liner hack (like A records in /etc/hosts) to
achieve this vs reconfiguring my MTA.
Post by Greg Wooledge
Post by Adam Weremczuk
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A records.
I'm after a similarly simple, "one liner" solution.
I'm *so* confused by this question. You want to be able to *fetch* an MX
record? You don't want to configure your MTA in a static way so that
it delivers mail properly for this domain right now? You need to be able
to *fetch* the MX record in real time in case it changes?
And you want to do that *without* being able to contact the real DNS?
How does one reconcile these goal statements? It's beyond me.
Greg Wooledge
2024-07-15 14:20:02 UTC
Permalink
Post by Adam Weremczuk
I want to achieve the first objective and the values are static.
I just hoped there is a one liner hack (like A records in /etc/hosts) to
achieve this vs reconfiguring my MTA.
Routing Internet email in the absence of functioning DNS is going to
require configuration of your MTA.

So, the next question is *which* MTA you're using. I'm most familiar
with qmail. I'm guessing you're not using qmail (just based on the odds),
but in qmail, this would be done by creating an smtproutes file in the
control directory.

If you want qmail to route outgoing remote messages for @example.com
to the host zeus.home.arpa, you would put this line in smtproutes:

example.com:zeus.home.arpa

This suppresses the normal MX lookup. The hostname zeus.home.arpa will
need to be resolvable, of course. If you want to use a raw IP address
there instead of a hostname, I believe that's also possible.

This happens to be a "one-line solution" in qmail.

I don't know how to do it in other MTAs off the top of my head, but I'm
guessing each one will be different. Probably radically different. It
wouldn't surprise me if it requires more than one line of configuration
in most cases.
Adam Weremczuk
2024-07-15 14:50:02 UTC
Permalink
I'm using Postfix and this all that was needed:

/etc/hosts
1.2.3.4 example.com

/etc/postfix/main.cf
disable_dns_lookups = yes
smtp_host_lookup = native
Todd Zullinger
2024-07-15 18:00:01 UTC
Permalink
Post by Adam Weremczuk
/etc/hosts
1.2.3.4 example.com
/etc/postfix/main.cf
disable_dns_lookups = yes
smtp_host_lookup = native
It's probably worth noting that `disable_dns_lookups` has
been deprecated for a long time. The postconf(5) man page
says:

As of Postfix 2.11, this parameter is deprecated; use
smtp_dns_support_level instead.

(Debian 12 has postfix-3.7.11; well past postfix-2.11.)

I don't know if `smtp_dns_support_level` is needed at all
with `smtp_host_lookup = native`. I've never run an MTA
where I wanted DNS lookups disabled, so I don't have any
direct experience.

If it is needed, you'd surely be better off avoiding the
long-deprecated `disable_dns_lookups` parameter which will
just set you up for failure with some future update.
--
Todd
Adam Weremczuk
2024-07-17 13:10:01 UTC
Permalink
Thanks for the hint Todd.

I've replaced it with:

smtp_dns_support_level = disabled

and it's still working as expected.

---
Adam
Post by Todd Zullinger
It's probably worth noting that `disable_dns_lookups` has
been deprecated for a long time. The postconf(5) man page
As of Postfix 2.11, this parameter is deprecated; use
smtp_dns_support_level instead.
(Debian 12 has postfix-3.7.11; well past postfix-2.11.)
I don't know if `smtp_dns_support_level` is needed at all
with `smtp_host_lookup = native`. I've never run an MTA
where I wanted DNS lookups disabled, so I don't have any
direct experience.
If it is needed, you'd surely be better off avoiding the
long-deprecated `disable_dns_lookups` parameter which will
just set you up for failure with some future update.
Max Nikulin
2024-07-16 00:40:01 UTC
Permalink
Post by Adam Weremczuk
- ability to fetch a single MX record for a single domain
I assume that you are not trying to achieve "smart host" configuration
for sending mail.

Perhaps you can run a dedicated dnsmasq instance with no upstream DNS
servers. Option that might help: --dns-rr, --mx-host, --mx-target.
Adam Weremczuk
2024-07-16 12:10:01 UTC
Permalink
My intention was to send emails to a single domain with any other email
traffic being disabled.

In order to achieve this I considered smart host, dnsmasq and even bind9.

The 3-liner solution that I've found seems the simplest, least intrusive
and appears to be working fine.
Post by Max Nikulin
I assume that you are not trying to achieve "smart host" configuration
for sending mail.
Perhaps you can run a dedicated dnsmasq instance with no upstream DNS
servers. Option that might help: --dns-rr, --mx-host, --mx-target.
Loading...