Thank you for the explanation. With multiple DNS servers, DNSRetry is ignored is good info. Maybe put that in the GUI? So my non-standard DNSRetry shouldn't impact anything since I have 3 DNS servers definited.
My ridiculous 10 second DNS timeout has been defaulted. Still I don't understand why a NXDOMAIN that is immediately returned when I do a manual nslookup to any of my dns servers isn't apparently return or is for some other reason not satisfying ASSP's requirement of a reply. Now that we're at 2 seconds timeout, it would hang the system, but it should still return that NXDomain way faster than 2 seconds. THe next time I see one of these mails, I'll try to capture a debug info via DebugSPF. On Sun, May 5, 2019 at 2:56 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > >I figured if one DNS server is down, try again or another > > As your debug output shows. assp uses all enabled (available) DNS-Servers > in parallel (not serial ordered) - every DNS-query is sent to ALL enabled > (available) DNS-Servers at a time and the fastest valid answer is used. > > Also notice the GUI: .....*To debug the DNS queries, switch on DebugSPF, > even you don't use the SPF-check*..... > > > but maybe 1 would do that too > >*Thoughts appreciated*. > > I thought about this setting '*maybe 10 years*' ago. -> result: 1 -> > default setting: 1 - But this does'nt mean much. Especially - if you have > trouble with a feature, assume every default setting as a 'very wild guess' > made by the developer. > > How ever, if DNSretrans is set to 1 and more than one DNS-Server is used > (available at a time) the setting of DNSretry is ignored by assp. > > $retry = int($DNSretrans / (@nameservers || 1)) * $DNSretry; # line 32386 > (line 28 in sub queryDNS) > $retry = int( 1 / 2 ) * 1 > $retry = 0 * 1 > $retry = 0 > > If only one DNS-Server is available: > > $retry = int( 1 / 1 ) * 1 > $retry = 1 * 1 > $retry = 1 > > > Thomas > > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 04.05.2019 15:07 > Betreff: Re: [Assp-test] Fwd: Happening again: specific DNS query > keeps hanging ASSP > ------------------------------ > > > > UseLocalDNS: unchecked > DNSServers: our 3 internal DNS servers' IP addresses, pipe separated > DNSServerLimit: 2 (rotates between the 3) > DNSretry: *2* (default is 1) It's been 2 for as long as DNSretry has > been an ASSP option, maybe 10 years. I figured if one DNS server is down, > try again or another, but maybe 1 would do that too. The GUI information > is thin here. *Thoughts appreciated*. > DNSretrans: 1 > > also DNSReuseSocket is checked. > > > On Fri, May 3, 2019 at 12:00 PM Daniel Miller via Assp-test < > *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>> > wrote: > What are your settings for: > > UseLocalDNS > DNSServers (obfuscate if private) > DNSServerLimit > DNSretry > DNSretrans > > Daniel > > On 5/3/2019 8:19 AM, K Post wrote: > > Hi Daniel, > > > > We've only seen the problem with *spopessentials2.com* > <http://spopessentials2.com/> > > <*http://spopessentials2.com* <http://spopessentials2.com/>>. It's > Silverpop systems, now IBM mailing > > on behalf of American Airlines. The issue clearly stems from IBM having > > this setup wrong, *spopessentials2.com* <http://spopessentials2.com/> < > *http://spopessentials2.com* <http://spopessentials2.com/>> is > > registered ( > *https://whois.icann.org/en/lookup?name=spopessentials2.com* > <https://whois.icann.org/en/lookup?name=spopessentials2.com>) > > but most DNS servers on the registration seem to be unresponsive. I'd > > expect an immediate NXDOMAIN because of this, and I get that when using > > NSLOOKUP. > > > > All 3 of our DNS servers are the native Windows DNS server (a mix of > > Windows 2012 and 2016). When I look for any record in > > *spopessentials2.com* <http://spopessentials2.com/> < > *http://spopessentials2.com* <http://spopessentials2.com/>> using > nslookup using > > any of our 3 servers, I get an immediate NXDOMAIN. Great. BUT, it > > seems that when ASSP does the lookup in perl, that it times out (now > > after 2 seconds, instead of the 10 that was causing the problem before). > > > > I don't see messages from them very often, so haven't tested after the > > change from 10 to 2 seconds, but I suspect they'll just deliver now > > without timing out. > > > > The issue is why ASSP isn't getting an NXDomain from the DNS servers > > instantly, it shouldn't take the full 2 seconds.. All other DNS queries > > seem plenty fast, based on the speed of delivery. I don't know if it's > > ASSP, a perl module, a misconfiguration on my end, or what. > > > > > > > > On Wed, May 1, 2019 at 3:32 PM Daniel Miller via Assp-test > > <*assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net> > > <mailto:*assp-test@lists.sourceforge.net* > <assp-test@lists.sourceforge.net>>> wrote: > > > > Even though I'm probably way off - can I ask you to clarify a couple > > items? > > > > Is the problem a specific domain, i.e. *spopessentials2.com* > <http://spopessentials2.com/> > > <*http://spopessentials2.com* <http://spopessentials2.com/>>? > Because I > > can't find that domain, or any of the hosts you've listed, via my own > > lookups. Host/Dig/Nslookup return immediately (with no result). > > > > What are you using for your DNS resolvers? I'm using PowerDNS 4.1.1 > on > > my Ubuntu 18.04 server as the sole resolver without issue. > > > > Daniel > > > > On 4/30/2019 7:11 PM, K Post wrote: > > > Thanks for the gentle hint. I changed the dnstimeout setting > > back to 2 > > > seconds. I set it to 10 so that if things got CRAZY slow, I > > wouldn't run > > > into issues. Obviously that was short sighted, and I'm sorry > about > > > that. HOWEVER, when i run a NSLOOKUP on a non-existent hostname, > > all 3 > > > of our DNS servers respond instantly with non-existent domain. > > Could > > > there be something with the dns setup within Perl that I'm > > missing? Can > > > you think of any reason that ASSP/perl wouldn't receive an > NXDOMAIN > > > immediately? > > > > > > On Mon, Apr 29, 2019 at 10:14 AM Thomas Eckardt > > > <*thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com> > <mailto:*thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> > > <mailto:*thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com> > > <mailto:*thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>>>> > wrote: > > > > > > you've set DNSTimeout to 10 seconds (instead using the > > default of 2 > > > seconds) > > > you've not set any of noDKIMAddresses and noDKIMIP > > > your DNS-Server is not answering with NXDOMAIN within 10 > seconds > > > > > > And now you ask, how ASSP can workaround this?????? > > > > > > Thanks for wasting my time. :( > > > > > > > > > Thomas > > > > > > > > > DISCLAIMER: > > > ******************************************************* > > > This email and any files transmitted with it may be > confidential, > > > legally privileged and protected in law and are intended > > solely for > > > the use of the > > > individual to whom it is addressed. > > > This email was multiple times scanned for viruses. There > > should be > > > no known virus in this email! > > > ******************************************************* > > > > > > _______________________________________________ > > > Assp-test mailing list > > > *Assp-test@lists.sourceforge.net* > <Assp-test@lists.sourceforge.net> > > <mailto:*Assp-test@lists.sourceforge.net* > <Assp-test@lists.sourceforge.net>> > > <mailto:*Assp-test@lists.sourceforge.net* > <Assp-test@lists.sourceforge.net> > > <mailto:*Assp-test@lists.sourceforge.net* > <Assp-test@lists.sourceforge.net>>> > > > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > > > > > > > > > > > > _______________________________________________ > > > Assp-test mailing list > > > *Assp-test@lists.sourceforge.net* > <Assp-test@lists.sourceforge.net> > > <mailto:*Assp-test@lists.sourceforge.net* > <Assp-test@lists.sourceforge.net>> > > > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > > > > > > > > > _______________________________________________ > > Assp-test mailing list > > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > <mailto:*Assp-test@lists.sourceforge.net* > <Assp-test@lists.sourceforge.net>> > > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > > > > > > > > _______________________________________________ > > Assp-test mailing list > > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > > > > > _______________________________________________ > Assp-test mailing list > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
