https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6075
--- Comment #24 from Mark Martinec <[email protected]> 2009-03-03 04:00:04 PST --- > O.K. Let's go "named" :-). > > Well, named installed and configured with no forwarders and /etc/resolv.conf > left with only one server (10.0.0.11). > > I'm attaching the logs for your review and wait for your advice on this (I am > not sure on how to interpret it, even no hit, it seems right). So, if you want > me to do some other tests, just tell me. If you consider the log is all O.K. > and there is nothing wrong there, you can close this bug as resolved/invalid > :-) The log looks perfect, you got DNS responses to all of your 25 DNS queries, all of them within 0.8 seconds of sending a query. > BTW, although now I am using my own dns server, I keep getting that "fancy" > response when making such queries: > host 52.130.184.208.combined.njabl.org > 52.130.184.208.combined.njabl.org.net has address 216.234.246.150 > This is no normal, and I have to speak with my isp to take a look into this. > Maybe a firewall or any kind of transparent proxy on their side is filtering > the results directly into this line/route, not just dns. But this surely has > nothing to do with SA. This is a consequence of two things: - in your /etc/resolv.conf you are telling your resolver to try appending one or more fields to the domain name if the attempt with original name is unsuccessful. Get rid of your existing 'domain' and 'search' directives in that file, and supply just a 'search' with no arguments. Or at least do not specify something as vague as 'net' for your domain! (according to your tcpdump in #12), but use your exact domain name in a 'search' option, and do not use a 'domain' option. - the 'org.net' domain you have queried (appended .net to your ...njabl.org) is registered by Cyberfusion / OKDIRECT.COM. Such domains attempt to fish for traffic from innocent users which make a typo when enetering an URL, or sites like yours, which append '.net' to unsuccessful queries. Gratuitous advertising. Don't let them have your mistyped queries! Btw, I have another hypothesis why your original queries to ISP may be failing. You have 2 Gbps links from your host - but do you have gigabit connectivity all the way to your service provider? If your uplink is thin, you should have some traffic shaping with reasonable buffer size on your device sitting just before a bottleneck link - usually a firewall or a router. If this is some dumb device, your queries may have been victims of tail drop in a switch. Note that SpamAssassin made 29 queries in rapid succession, all within 22 milliseconds. A solution in such scenario would be to turn on traffic shaper on firewall/router or on your host where SpamAssassin is running. But never mind, the solution with a caching name server within your own network is much better. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
