https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7739
Bug ID: 7739
Summary: ns-kam.surriel.com returning NXDOMAIN for valid names
Product: Spamassassin
Version: 3.4.0
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: Rules
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
>From a spamd -d debug:
Fri Jul 19 10:27:35 2019 [3297] dbg: dns: dns reply to
16535/IN/A/224.32.166.188.psbl.surriel.com: NXDOMAIN
The DNS query and answer for it:
Frame 174325: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on
interface 3
Ethernet II, Src: AsustekC_c4:92:6a (00:1f:c6:c4:92:6a), Dst: Netgear_f5:1e:4a
(6c:b0:ce:f5:1e:4a)
Internet Protocol Version 4, Src: server.example.com (10.75.22.247), Dst:
ns-kam.surriel.com (38.124.232.21)
User Datagram Protocol, Src Port: 63212 (63212), Dst Port: domain (53)
Domain Name System (query)
Transaction ID: 0x14ff
Flags: 0x0010 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data: Acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
224.32.166.188.psbl.surriel.com: type A, class IN
Name: 224.32.166.188.psbl.surriel.com
[Name Length: 31]
[Label Count: 7]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Response In: 174337]
Frame 174337: 140 bytes on wire (1120 bits), 140 bytes captured (1120 bits) on
interface 3
Ethernet II, Src: Netgear_f5:1e:4a (6c:b0:ce:f5:1e:4a), Dst: AsustekC_c4:92:6a
(00:1f:c6:c4:92:6a)
Internet Protocol Version 4, Src: ns-kam.surriel.com (38.124.232.21), Dst:
server.example.com (10.75.22.247)
User Datagram Protocol, Src Port: domain (53), Dst Port: 63212 (63212)
Domain Name System (response)
Transaction ID: 0x14ff
Flags: 0x8403 Standard query response, No such name
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0011 = Reply code: No such name (3)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 0
Queries
224.32.166.188.psbl.surriel.com: type A, class IN
Name: 224.32.166.188.psbl.surriel.com
[Name Length: 31]
[Label Count: 7]
Type: A (Host Address) (1)
Class: IN (0x0001)
Authoritative nameservers
psbl.surriel.com: type SOA, class IN, mname rbldnsd.surriel.com
Name: psbl.surriel.com
Type: SOA (Start Of a zone of Authority) (6)
Class: IN (0x0001)
Time to live: 600
Data length: 37
Primary name server: rbldnsd.surriel.com
Responsible authority's mailbox: root.rbldnsd.surriel.com
Serial Number: 1563546242
Refresh Interval: 600 (10 minutes)
Retry Interval: 600 (10 minutes)
Expire limit: 86400 (1 day)
Minimum TTL: 600 (10 minutes)
[Request In: 174325]
[Time: 0.038576000 seconds]
A few minutes later from a spamassassin CLI examination for the same spam:
Frame 229796: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on
interface 3
Ethernet II, Src: AsustekC_c4:92:6a (00:1f:c6:c4:92:6a), Dst: Netgear_f5:1e:4a
(6c:b0:ce:f5:1e:4a)
Internet Protocol Version 4, Src: server.example.com (10.75.22.247), Dst:
psbl.org (96.67.55.151)
User Datagram Protocol, Src Port: 29685 (29685), Dst Port: domain (53)
Domain Name System (query)
Transaction ID: 0x9238
Flags: 0x0010 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data: Acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
224.32.166.188.psbl.surriel.com: type A, class IN
Name: 224.32.166.188.psbl.surriel.com
[Name Length: 31]
[Label Count: 7]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Response In: 229869]
Frame 229869: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits) on
interface 3
Ethernet II, Src: Netgear_f5:1e:4a (6c:b0:ce:f5:1e:4a), Dst: AsustekC_c4:92:6a
(00:1f:c6:c4:92:6a)
Internet Protocol Version 4, Src: psbl.org (96.67.55.151), Dst:
server.example.com (10.75.22.247)
User Datagram Protocol, Src Port: domain (53), Dst Port: 29685 (29685)
Domain Name System (response)
Transaction ID: 0x9238
Flags: 0x8400 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 2
Additional RRs: 0
Queries
224.32.166.188.psbl.surriel.com: type A, class IN
Name: 224.32.166.188.psbl.surriel.com
[Name Length: 31]
[Label Count: 7]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
224.32.166.188.psbl.surriel.com: type A, class IN, addr 127.0.0.2
Name: 224.32.166.188.psbl.surriel.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 2100
Data length: 4
Address: 224.32.166.188.psbl.surriel.com (127.0.0.2)
Authoritative nameservers
psbl.surriel.com: type NS, class IN, ns ns-kam.surriel.com
Name: psbl.surriel.com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 86400
Data length: 9
Name Server: ns-kam.surriel.com
psbl.surriel.com: type NS, class IN, ns rbldnsd.surriel.com
Name: psbl.surriel.com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 86400
Data length: 10
Name Server: rbldnsd.surriel.com
[Request In: 229796]
[Time: 0.066822000 seconds]
Why the difference/discrepancy?
--
You are receiving this mail because:
You are the assignee for the bug.
