Re: [Assp-user] Incorrect PTRmissing?
Micheal wrote: My suspicion is related to the known issue with Win32 and Net-DNS 0.59. I think you are seeing negative PTR lookups because Net-DNS is timing out. Could you try to downgrade to 0.57? Evan wrote: Downgrade complete. Will have same high-network-activity conditions again later this week, and will keep an eye out to see whether the downgrade seems to have solved the incorrect PTRmissing results. Thanks for the suggestion. Micheal, I idly did a search in my logfile just now for ptr missing (running in logging only mode for ptr check) and was interested to see, again, several IPs where dnsstuff reports valid PTR. This machine today has not been straining itself in any way. When under heavy load earlier in the week the problem was worse, suggesting the source of the problem (as you mentioned) is assp reporting a timed-out ptr lookup the same as a missing ptr lookup. No good way to distinguish between the two perhaps? This machine is hosted in a fantastic data center (Rackspace) so I just can't imagine it's the local DNS servers causing a problem. At any rate, the symptom persists here even running Net-DNS .57 and assp 1.2.7.1(26). I would be happy to do whatever additional debugging is possible at my end to try to help solve/discover the source of the problem... let me know. Thanks, Evan - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
Evan wrote: I idly did a search in my logfile just now for ptr missing (running in logging only mode for ptr check) and was interested to see, again, several IPs where dnsstuff reports valid PTR. Bummer. This machine today has not been straining itself in any way. When under heavy load earlier in the week the problem was worse, suggesting the source of the problem (as you mentioned) is assp reporting a timed-out ptr lookup the same as a missing ptr lookup. No good way to distinguish between the two perhaps? This machine is hosted in a fantastic data center (Rackspace) so I just can't imagine it's the local DNS servers causing a problem. Well, it was guess - but Fritz (or whoever might have done the code) was smart enough to anticipate these issues - so a timeout actually should not cause a negative condition on the function. So, I'm that way I'm glad, but then again you still have an outstanding issue. OH - this is hosted at another facility? You really need to perform your tests in the environment that ASSP is running in. You need to verify against their DNS server. At any rate, the symptom persists here even running Net-DNS .57 and assp 1.2.7.1(26). I would be happy to do whatever additional debugging is possible at my end to try to help solve/discover the source of the problem... let me know. On Win32 the only DNS problems I have ever encountered have been the result of Net:DNS 0.59. Other than confirming your issues from within the co-lo environment, I don't have any other ideas at this time. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
I think it is not worth to put so much effort in it. Just shut it off. ASSP is built to grap the resources you free by that. If it goes blind it will better hear ))). fritz - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
Micheal wrote: My suspicion is related to the known issue with Win32 and Net-DNS 0.59. I think you are seeing negative PTR lookups because Net-DNS is timing out. Could you try to downgrade to 0.57? Downgrade complete. Will have same high-network-activity conditions again later this week, and will keep an eye out to see whether the downgrade seems to have solved the incorrect PTRmissing results. Thanks for the suggestion. Evan- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
From: Evan Eggers [EMAIL PROTECTED] Sample IP addresses from earlier today reported as PTRmissing by ASSP, but having valid PTR according to dnsstuff are: 208.61.234.147 151.124.247.101 199.230.26.212 Perhaps DNSStuff is more persistent but when i tried using NSLookup from the command prompt of a windows workstation they all timed out. I tried known-good addresses and they worked properly. The DNS servers handling the reverse resolution for these boxes may be slow. Bro - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
brougham Baker wrote: From: Evan Eggers [EMAIL PROTECTED] Sample IP addresses from earlier today reported as PTRmissing by ASSP, but having valid PTR according to dnsstuff are: 208.61.234.147 151.124.247.101 199.230.26.212 Perhaps DNSStuff is more persistent but when i tried using NSLookup from the command prompt of a windows workstation they all timed out. I tried known-good addresses and they worked properly. The DNS servers handling the reverse resolution for these boxes may be slow. DNS stuff is external and using its own DNS servers. Perhaps something is wrong with your DNS servers, or any filters between you and the Internet. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
From: Micheal Espinola Jr [EMAIL PROTECTED] 208.61.234.147 151.124.247.101 199.230.26.212 Perhaps DNSStuff is more persistent but when i tried using NSLookup from the command prompt of a windows workstation they all timed out. I tried known-good addresses and they worked properly. The DNS servers handling the reverse resolution for these boxes may be slow. DNS stuff is external and using its own DNS servers. Perhaps something is wrong with your DNS servers, or any filters between you and the Internet. The known good ones answer instantly as I would expect (they are also not my ISP's servers and are unlikely to be cached by me at a least). It's just the above addresses that didn't answer for me. I tried using UDP, switching to TCP resolution does get answers eventually- but they took a long time (3-5 seconds) Bro - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
brougham Baker wrote: The known good ones answer instantly as I would expect (they are also not my ISP's servers and are unlikely to be cached by me at a least). It's just the above addresses that didn't answer for me. I tried using UDP, switching to TCP resolution does get answers eventually- but they took a long time (3-5 seconds) Those addresses returned properly for me, instantaneously. Are you doing any firewalling/deep-packet inspection - things like that? What kind of server is doing the DNS queries? Is the same delay present from any system within your local LAN ? - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
- Original Message - From: Micheal Espinola Jr [EMAIL PROTECTED] To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy assp-user@lists.sourceforge.net Sent: 09 January 2007 16:58 Subject: Re: [Assp-user] Incorrect PTRmissing? brougham Baker wrote: The known good ones answer instantly as I would expect (they are also not my ISP's servers and are unlikely to be cached by me at a least). It's just the above addresses that didn't answer for me. I tried using UDP, switching to TCP resolution does get answers eventually- but they took a long time (3-5 seconds) Those addresses returned properly for me, instantaneously. Are you doing any firewalling/deep-packet inspection - things like that? Home network, OpenBSD bridge, no deep inspection anymore- the logs were too unmanagable. What kind of server is doing the DNS queries? Another OpenBSD box- running BIND, queries root servers directly (my ISP's resolvers were a little slow a couple of years ago and I never changed back). Is the same delay present from any system within your local LAN ? Can't tell, the addresses are cached now, but I would expect they do. I traced to one of the addresses Bro - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
[Assp-user] Incorrect PTRmissing?
N00b here... First of all, my hat is off to all of you who have made ASSP what it is today... just outstanding and I'm happy to be starting to use it. My question is this, I am occasionally seeing PTRmissing in 1.2.7 for IP addresses where dnsstuff.com reports valid reverse DNS... this is a problem, yes? I love to block outright on missing PTR but can't do it as long as this is happening. Sample IP addresses from earlier today reported as PTRmissing by ASSP, but having valid PTR according to dnsstuff are: 208.61.234.147 151.124.247.101 199.230.26.212 Thanks in advance for any insight. Evan- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
Which OS and version of Net-DNS? -- ME2 (mobile) -Original Message- From: Evan Eggers [EMAIL PROTECTED] Date: Monday, Jan 8, 2007 6:44 pm Subject: [Assp-user] Incorrect PTRmissing? N00b here... First of all, my hat is off to all of you who have made ASSP what it is today... just outstanding and I'm happy to be starting to use it. My question is this, I am occasionally seeing PTRmissing in 1.2.7 for IP addresses where dnsstuff.com reports valid reverse DNS... this is a problem, yes? I love to block outright on missing PTR but can't do it as long as this is happening. Sample IP addresses from earlier today reported as PTRmissing by ASSP, but having valid PTR according to dnsstuff are: 208.61.234.147 151.124.247.101 199.230.26.212 Thanks in advance for any insight. Evan --- - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
Hi Micheal, Windows Server 2003, Net-DNS 0.59. I should also say that during the time the problem manifested, I had a lot of network activity (mostly UDP) on this machine even though the CPU was idling along at less than 20%. Makes me wonder whether PTRmissing reports a fail when in fact the reverse DNS lookup didn't complete properly? Just a theory. Evan Re: Incorrect PTRmissing? From: Micheal Espinola Jr (mobile) [EMAIL PROTECTED] - 2007-01-08 15:47 Which OS and version of Net-DNS? -- ME2 (mobile) -Original Message- From: Evan Eggers [EMAIL PROTECTED] Date: Monday, Jan 8, 2007 6:44 pm Subject: [Assp-user] Incorrect PTRmissing? N00b here... First of all, my hat is off to all of you who have made ASSP what it is today... just outstanding and I'm happy to be starting to use it. My question is this, I am occasionally seeing PTRmissing in 1.2.7 for IP addresses where dnsstuff.com reports valid reverse DNS... this is a problem, yes? I love to block outright on missing PTR but can't do it as long as this is happening. Sample IP addresses from earlier today reported as PTRmissing by ASSP, but having valid PTR according to dnsstuff are: 208.61.234.147 151.124.247.101 199.230.26.212 Thanks in advance for any insight. Evan Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Incorrect PTRmissing?
Evan Eggers wrote: Hi Micheal, Windows Server 2003, Net-DNS 0.59. I should also say that during the time the problem manifested, I had a lot of network activity (mostly UDP) on this machine even though the CPU was idling along at less than 20%. Makes me wonder whether PTRmissing reports a fail when in fact the reverse DNS lookup didn't complete properly? Just a theory. My suspicion is related to the known issue with Win32 and Net-DNS 0.59. I think you are seeing negative PTR lookups because Net-DNS is timing out. Could you try to downgrade to 0.57? - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
