I'm posting this over the new cablemodem connection. The installation went reasonably well; the installer as such came in and did his job and didn't give me a hard time about not having a consumer-level computer setup. There was an extra guy called the "Inspector" who seemed to thoeretically be there to rate the installer's performance, but actually just spent an hour watching me play Freecol while the installer hooked up the wires. I could have done without that and no doubt the installer could have too, but whatever.
IP connectivity even easier than with the DSL, because the cable modem provides a DHCP lease directly over Ethernet, whereas the DSL I'd been using was PPPoE. But every silver lining has its thorn, and it's probably a good thing I didn't discover this one until after the installer and the inspector left, because there would have been nothing they could do about it and they didn't need to hear my cussing at their bosses.
It turns out that Rogers's DNS servers do not return failure on failure, but instead they return the address of a co-branded Yahoo search engine. As a result, when my firewall box downloaded the backlogged email and passed it to its local Sendmail, the local sendmail looked up the name of my desktop machine, which doesn't exist on the external DNS, and what was supposed to happen was that that would fail and then the local sendmail would look in its hosts file and get the 10.* address of the desktop machine and send the mail there. Instead, because the Rogers DNS doesn't return failure properly, it got the address of the co-branded Yahoo search engine and tried to send all my mail there. Fortunately, that machine didn't accept it.
In the short term I am working around the problem by using Google's public DNS instead of the one Rogers recommends in the DHCP lease. One big part of the problem is a mistake in my own configuration, and my fault: my local Sendmail shouldn't depend on external DNS resolution to send mail internally to the LAN. I don't know why the hosts file doesn't override DNS; surely it should look there first? More research is needed. Sendmail should probably be using a hardcoded IP address to reach the other local machine instead of looking it up anywhere, anyway. The lookup exists for a reason, but it looks like lossage from broken lookups is likely to be a bigger problem than lossage from hardcoding the address.
In the longer term I'll probably be setting up my own DNS rather than relying on the broken one provided by Rogers, or the probably unbroken, but not really trustworthy, DNS from Google. None of this excuses Rogers's configuration, though. If they purport to provide DNS, they ought to provide real DNS, which means returning failure when the lookup fails. It's especially offensive because it's clearly deliberate brokenness. They didn't just misconfigure their servers through incompetence or not caring; they had to go to a fair bit of effort to set up this bullshit on purpose. That doesn't give me a warm fuzzy feeling about doing business with them.3 comments