Control of host address lookups is set by the hosts service entry in your service switch file. If you are on a system that has built-in service switch support, then your system is probably configured properly already. Otherwise, sendmail(1M) will consult the file /etc/service.switch, which should be created. sendmail only uses two entries: hosts and aliases, although system routines may use other services (notably the passwd service for user name lookups by getpwname).
However, some systems will do DNS lookups regardless of the
setting of the service switch entry. In particular, the system routine
gethostbyname(3N)
is used to look up host names, and many vendor versions try some
combination of DNS, NIS, and file lookup in
/etc/hosts without consulting a service switch.
sendmail makes no attempt to work around this problem, and
the DNS lookup will be done anyway. If you do not have a
nameserver configured at all, such as at a UUCP-only site,
sendmail will get a connection refused
message
when it tries to connect to the name server. If the hosts
switch entry has the service dns listed somewhere in the
list, sendmail will interpret this to mean a temporary
failure and will queue the mail for later processing; otherwise, it
ignores the name server data.
The same technique is used to decide whether to do MX lookups. If you want MX support, you must have dns listed as a service in the hosts switch entry.
The ResolverOptions option allows you to modify name server options. The command line takes a series of flags as documented in resolver(3N) (with the leading RES_ deleted). Each can be preceded by an optional plus or minus sign. For example, the line:
O ResolverOptions=+AAONLYturns on the AAONLY (accept authoritative answers only) and turns off the DNSRCH (search the domain path) options. Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE flags on and all others off. You can also include HasWildcardMX to specify that there is a wildcard MX record matching your domain; this turns off MX matching when canonifying names, which can lead to inappropriate canonifications.DNSRCH
Version level 1 configurations turn DNSRCH and DEFNAMES off when doing delivery lookups, but leave them on everywhere else. Version 8 of sendmail ignores them when doing canonification lookups (that is, when using $[ ... $]), and always does the search. If you do not want to do automatic name extension, do not call $[ ... $].
The search rules for $[ ... $] are somewhat different than usual. If the name being looked up has at least one dot, it always tries the unmodified name first. If that fails, it tries the reduced search path, and lastly tries the unmodified name (but only for names without a dot, since names with a dot have already been tried). This allows names such as utc.CS to match the site in the Czech Republic rather than the site in your local Computer Science department. It also prefers A and CNAME records over MX records; that is, if it finds an MX record it makes note of it, but keeps looking. This way, if you have a wildcard MX record matching your domain, it will not assume that all names match.
To completely turn off all name server access on systems without service switch support, you will have to recompile with -DNAMED_BIND=0 and remove -lresolv from the list of libraries to be searched when linking.