current-users: Re: Postfix Ignoring resolv.conf

Subject: Re: Postfix Ignoring resolv.conf
To: None <current-users@netbsd.org>
From: Curt Sampson <cjs@cynic.net>
List: current-users
Date: 02/05/2003 20:10:26
"Oops! Never mind!"

I worked out the problem, and it turned out to be a slightly contorted
chain of events that led to this.

Yesterday I changed the umask for my account from 022 to 027. That
evening, when I went home, I did a my ppp dialup and my /etc/ppp/ip-up
script did its modifications to /etc/resolv.conf. However, it moves the
old one out of the way and then uses sed to create a new one, and since
I had started pppd from my account, the process that did this inherited
my account's umask, thus setting /etc/resolv.conf world not-readable.

However, it was still group readable, and since my account is in the
wheel group so I can su, and wheel was the group of /etc/resolv.conf, I
and everything owned by me could read it just fine. Postfix, however,
not running under an ID in the wheel group, could not read it. Thus,
when it did a res_init(), not being able to read /etc/resolv.conf, it
defaulted to 127.0.0.1 for nameserver lookups.

So I guess the moral of the story is to be a bit more careful when
writing scripts that run as root....

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC

On Wed, 5 Feb 2003, Curt Sampson wrote:

>
> For some reason, just today, postfix on my current-as-of-late-November
> system has gone weird as far as name lookups. I've not done any upgrades
> recently, and I can't think of any config file changes that would have
> been relevant.
>
> Basically, despite the fact that /etc/resolv.conf and
> /var/spool/postfix/etc/resolv.conf have another server's IP address
> as the only nameserver line, postfix, when it tries to resolve DNS
> names, is sending the request over the loopback to 127.0.0.1 instead of
> over the network to the "real" nameserver on this network. It's only
> postfix doing this, not ping or nc or telnet. This started this morning,
> after I shut down my dialup connection at home (where I do use a local
> nameserver) and brought up my system at the office (where I still start
> named, but put the local office nameserver in resolv.conf as my named
> can't get through the firewall--and I've since shut down my named
> anyway).
>
> I've been through a lot of restarts of postfix, as well as a reboot of
> the entire system, and the problem persists.
>
> Can anybody think of any reason why this would be happening?
>
> cjs
>