''dns'' '''


Look up addresses using DNS V8.12 and above

The dns type is an internal database map available to perform DNS lookups. It is declared like this:

Kdnslookup dns -Rlookup-type 

The -R switchwhich specifies the DNS query to performmust always be included. Table 23-11 shows the DNS queries that are supported.

Table 23-11. The dns database-map type -R switch query values

-R Value



Return IPv4 address records for the host (RFC1035)


Return IPv6 address records for the host (RFC1886)


Return an AFS server resource record (RFC1183)


Return the canonical name for the host (RFC1035)


Return a best MX record for the host (RFC1035)


Return a name sever record (RFC1035)


Return the hostname that corresponds to an IP record (RFC1035)


Return the port to use for a service (RFC2782)


Return general (human-readable) information (RFC1035)

If an -R value other than those in Table 23-11 is specified, the following two errors are printed and logged. If the -R switch is omitted, only the second error is printed and logged:

configfile: line num: dns map lookup: wrong type bad  -R value 
configfile: line num: dns map lookup: missing -R type 

To make this dns database-map type more useful, the switches shown in Table 23-12 are also available for your use.

Table 23-12. The dns database-map type K command switches






Append values for duplicate keys



Append tag on successful match


See this section

The res_search( ) _res.retry interval (V8.12 and above)



Don't fold keys to lowercase



Suppress replacement on match



Append a null byte to all keys



Never add a null byte



This database map is optional



Don't strip quotes from key


previous paragraphs

Record type to look up


See this section

The res_search( ) _res.retries limit (V8.12 and above)



Suffix to append on temporary failure



Ignore temporary errors

One possible use for this dns database map might be to do a reverse lookup of a connecting host's address and to defer the message if that address does not resolve.[10] Consider the following mc configuration, for example:

[10] We are digging at straws here for an example. Note that sendmail already does all this for you and puts the result in the ${client_resolve} macro (${client_resolve}).

Krlookup dns -RPTR -a.FOUND -d5s -r2

R $*             $: $&{client_addr}
R IPv6: $*       $# OK
R $+.$+.$+.$+    $: $(rlookup $4.$3.$2.$1.in-addr.arpa. $)
R $* . FOUND     $# OK
R $*             $#error $@ 4.1.8 $: "450 cannot resolve " $&{client_addr}

Here, under the LOCAL_CONFIG, we declare a dns-type database called rlookup. The -RPTR specifies that we will be looking up PTR (address) records. The -a.FOUND instructs sendmail to append a literal .FOUND to the value returned by a successful lookup. Finally, the -d5s and -r2 switches prevent the lookup from hanging for too long an interval.

The actual rules are under the LOCAL_RULESETS section of your mc configuration file. We place the rules under the Local_check_relay rule set (Section 7.1.1), which is used to screen incoming network connections and accept or reject them based on the hostname, domain, or IP number. The first rule matches everything and simply copies the value of the ${client_addr} macro into the workspace. That macro contains the connecting host's IP number.

The second rule checks to see if the IP address is an IPv6 address (the IPv6: prefix), and if so, accepts the address (the $#OK). If the address is a normal dotted-quad, IPv4-style address (such as, the third rule finds it in the workspace. An IPv4 address is looked up in the RHS of the third rule using the rlookup database. The key point here is that an address has to look like a hostname, so we reverse it and add a literal .in-addr.arpa. suffix to it. For example:     would look up as

The fourth rule detects the result of the lookup. If the workspace ends in a literal .FOUND, the lookup was successful and the rule set returns a $#OK, which means that the message is acceptable.

The last rule handles any lookup failure (including temporary failures). The envelope sender is rejected with a temporary error, thus causing the sending site to retain the message in its queue. If the IP address can be looked up in the future, no harm is done. Otherwise, the message will eventually bounce.

The value returned by the dns-type database map is always a single item. If a host has multiple MX, A, or AAAA records, a successful lookup will return only one such record. In the case of MX records, only a lowest-cost (most preferred) record will be returned.

This dns-type database map can be used only if sendmail was built with the NAMED_BIND and DNSMAP compile-time macros defined (which they are by default).

This dns-type database map is used primarily by the dnsbl (Section 7.2) and enhdnsbl (Section 7.2.2) features. Both of these features use the -RA and -T<TMP> switches. The enhdnsbl feature also uses the -r5 and -a. switches. These switches can be overridden for the dnsbl feature using the DNSBL_MAP_OPT mc configuration macro. For the enhdnsbl feature, only the timeout for -r can be changed using the EDNSBL_TO mc configuration macro.

    Part I: Build and Install
    Part II: Administration
    Part III: The Configuration File
    Chapter 21. The D (Define a Macro) Configuration Command
    Chapter 24. The O (Options) Configuration Command