HPE Community
Operating System - HP-UX
1829598 Members
1848 Online
109992 Solutions
New Discussion

DNS & Sendmail Help Needed

 
SOLVED
Go to solution
Steven Chen_1
Super Advisor

‎09-25-2003 07:39 AM

‎09-25-2003 07:39 AM

DNS & Sendmail Help Needed

Hi,

I am in dead corner trying to have unix sendmail 8.9 working again. It has been working for a year, and a power recycle make it failed to reach out. In case it is the firewall issue, I purposely to open port 25 & 53 on the firewall for the server (it did not have to before), but nslookup still resolves nothing.

Here are what I get:

nslookup -swtrace
*** Can't find server name for address 198.77.71.176: No response from server
DNS Lookup (GetHostInfoByAddr) Unsuccessful

Now that dns could not resolve anything, sendmail -v is meaningless as it is going nowhere.

I use ISP dns in resolv.conf, the the same dns is used in other windows servers that are functioning very well.

A call support to HP does not go anywhere.

Can someone help as much as possible, PLEASE? Where else I should find the fix?

Thanks a lot,

Steven



Steve
0 Kudos
Reply
13 REPLIES 13
Jeff Schussele
Honored Contributor

‎09-25-2003 08:07 AM

‎09-25-2003 08:07 AM

Solution

Re: DNS & Sendmail Help Needed

Hi Steven,

Can you reach that DNS server, via ping or traceroute?
Do you have your default gateway setup?
Do a
netstat -nr
to verify you have the default route set up.
If not, you'll have to manually add it
route add default xxx.xxx.xxx.xxx 1
where xxx.xxx.xxx.xxx is the IP for the default router & the 1 is a hop count.
Then make sure it's set up in the /etc/rc.config.d/netconf file so it loads at the next boot.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Steven E. Protter
Exalted Contributor

‎09-25-2003 08:14 AM

‎09-25-2003 08:14 AM

Re: DNS & Sendmail Help Needed

For each ip address in /etc/resolv.conf

run this command.

ping ip_address
traceroute ip_address

If you can't ping it, you can't do nslookup successfully for it.

If this problem is happening only once in a while, it could be an intermittant network problem.

If port 53 is closed to all traffic on your firewall, this will cause your symptons.

Port 53 must allow this traffic from inside your network to make this work.

Another test:
ping or tracerotue 198.77.71.176

It is possible that your firewall doesn't allow ping, so you'll need to work that out with the firewall admin.

Your firewall may be able to act as an smtp firewall. In that case you can change /etc/mail/sendmail.cf DS directive:

DS

becomes

DSfirewallhostname

save the file.

/sbin/init.d/sendmail stop
/sbin/init.d/sendmail start

Its also a good idea to look at /etc/nsswitch.conf and make sure DNS is how host resolution occurs. I'm attaching mine as a reference.


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven Chen_1
Super Advisor

‎09-25-2003 08:16 AM

‎09-25-2003 08:16 AM

Re: DNS & Sendmail Help Needed

Jeff,

I cannot ping isp dns through, traceroute terminates right away like:

********
traceroute to 198.77.71.176 (198.77.71.176), 30 hops max, 40 byte packets
1 servername (192.168.100.100) 0.649 ms !N 0.209 ms !N 0.211 ms !N
********

Help please.

Thanks a lot,

Steven
Steve
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-25-2003 08:20 AM

‎09-25-2003 08:20 AM

Re: DNS & Sendmail Help Needed

Hi (again) Steven,

What does
netstat -nr
return?
Does it return a default route like:

default xxx.xxx.xxx.xxx UG 0 lan0 0

If it does return a route, can you ping *that* IP?

Also, verify that you have the IP that you think you should & on the I/F you think you should - do

netstat -in

to make sure that the proper IP is being set up on the proper I/F.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Steven E. Protter
Exalted Contributor

‎09-25-2003 08:21 AM

‎09-25-2003 08:21 AM

Re: DNS & Sendmail Help Needed

Does the default route help?

The ping/traceroute thing is probably because icmp has been disabled on the firewall.

Thats a common response to the Blaster virus.

Try this:
nslookup
>

198.77.71.176



What does it say?

checking files?
DNS?


If it works for the windows boxes, it should work for HP-UX. Is the HP-UX box on the same network as the windows boxes? Does the firewall allow the HP IP address to have the same set of services as the Windows boxes?

A close look at /etc/rc.config.d/netconf might find a mistake.

Fascinating.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven Chen_1
Super Advisor

‎09-25-2003 08:25 AM

‎09-25-2003 08:25 AM

Re: DNS & Sendmail Help Needed

Default route is fine. Server ip is fine without subnetting.

Steven, can I see your attachment?

Thanks a lot.
Steve
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-25-2003 08:31 AM

‎09-25-2003 08:31 AM

Re: DNS & Sendmail Help Needed

OK, let's see if you can resolve anything.
Do
nslookup

>server 198.77.71.176

This sets the resolver to that DNS server.
Now let's lookup something....

>198.77.71.176

And let's see if it can reverse resolve itself. If it can't, then you have to call the ISP & tell them to fix their own DNS server entry because sendmail demands that entries be resolved in both directions.
This is not uncommon & is *usually* not a problem - but definitely is for sendmail.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Steven E. Protter
Exalted Contributor

‎09-25-2003 08:33 AM

‎09-25-2003 08:33 AM

Re: DNS & Sendmail Help Needed

Sorry about that. Forgot the attachment.

Here it is.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven Chen_1
Super Advisor

‎09-25-2003 08:51 AM

‎09-25-2003 08:51 AM

Re: DNS & Sendmail Help Needed

Jeff & Steven

Jeff: you raise an interesting point. I have tried all dns entries with your method, none is working. I am not sure ISP will buy the arguement, but I will try. But ISP will say while Windows server can do so, why hpux cannot?!

Steven: on the firewall, ping is not allowed. Ping fw or fw-ip is not allowed. Thus do we still put fw-name or fw-ip on DS of sendmail.cf?

I just do get this freaking problem!

@!!!
Steve
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-25-2003 08:55 AM

‎09-25-2003 08:55 AM

Re: DNS & Sendmail Help Needed

For my suggestion to work, the firewall must have a smtp relay feature. Symantec firewalls have this feature.

The feature will have to be turned on and your HP server will have to be authorized for relay.

If its a Symantec firewall, it will have to be fully patched otherwise it will have problem with certain mail attachments. The patching argument goes for almost any firewall.

Thought we usually don't do this here, could you post the following information for both the Windows and the HP-UX server:

Windows:
ipconfig command

HP-UX
ifconfig lan#

Make the # the lan number of the interface thats trying to get to the internet.

To list them: lanscan

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven Chen_1
Super Advisor

‎09-25-2003 09:21 AM

‎09-25-2003 09:21 AM

Re: DNS & Sendmail Help Needed

Can we work around without dns?

or should we add fw-ip on /etc/hosts while fw-ip (internal) is the gateway ip?

Any help is greatly appreciated!

Steven
Steve
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-25-2003 12:38 PM

‎09-25-2003 12:38 PM

Re: DNS & Sendmail Help Needed

Steven,

DNS is how we turn internet names (isnamerica.com) to numbers.

I would think if we established network connectivity to the firewall and got DNS informaiton from a local machine, this setup might work.

Here is how I'd approach it.

Set the first entry in the HP boxes /etc/resolv.conf file to a local DNS server inside the firewall.

Make sure the local DNS server is able to pass DNS traffic to the inside network.

DNS may not be required to pull this off in /etc/nsswitch.conf. I've never tried this.

I think it would better if you had dns set up in nsswitch.conf, if not as the first option, the second.

host file,dns

Something like that.

You will not those working Microsoft machines have DNS set.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven Chen_1
Super Advisor

‎09-26-2003 03:19 AM

‎09-26-2003 03:19 AM

Re: DNS & Sendmail Help Needed

I put internal dns on resolv.conf, then I can resolve external IP.

But I am still not able to sendmail out. The message is:

------------------------
Sep 26 10:32:49 quarry sendmail[14836]: KAA14836: to=lumboy@cablespeed.com, ctla
ddr=root (0/3), delay=00:00:46, xdelay=00:00:00, mailer=esmtp, relay=mail1.evdlo
h.cablespeed.com. [24.35.0.40], stat=Deferred: Network is unreachable
-----------------------

What else is wrong in this case?

Please help and thanks a millions.

Steven
Steve
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.