Steffen Nurpmeso wrote in <20210422212628.esxga%stef...@sdaoden.eu>: |Since a few weeks ago i sometimes see mail delivery from a few |domains (most often: mx2.freebsd.org, lesser so netbsd.org, |ietf.org, crux.nu) being blocked by a simple-minded postfix |log parser on my side (that i finally started using some months |ago). Since i realized what was going on i (1) changed the |upstream DNS server=s of dnsmasq, (2) changed neg-ttl and |increased cache-size to lower impact, finally started verifying |postfix DNS reports which until now avoids blocking precious |upstream servers: ... |What _is_ new on my side is that i have "dnssec" enabled now.
So before changing back to dnssec-less (because i mysteriously even saw failures for wikipedia etc. coming up since yesterday) a USR1 dump: cache size 10000, 0/13855 cache insertions re-used unexpired cache entries. queries forwarded 11524, queries answered locally 4083 queries for authoritative zones 0 pool memory in use 36336, max 47808, allocated 480000 server 8.8.8.8#53: queries sent 8107, retried or failed 218 server 217.160.188.24#53: queries sent 10416, retried or failed 775 Now cache size 10000, 0/1188 cache insertions re-used unexpired cache entries. queries forwarded 817, queries answered locally 888 queries for authoritative zones 0 pool memory in use 48, max 48, allocated 2400 server 8.8.8.8#53: queries sent 418, retried or failed 10 [to be removed again, leftover] server 217.160.188.24#53: queries sent 194, retried or failed 3 server 217.144.128.34#53: queries sent 569, retried or failed 8 |What seems to happen is that the dnsmasq cache entry expires, and |a following DNS lookup fails, so that negative cache entries are |delivered for a while. For example Well, whatever. A pity, EDNS sometimes, others want TCP, i do not know. I suspend delivery again :), it was just a thought that this possibly is a regression, i have not used dnssec before, i just wonder why the picture is so bad ... and maybe other people would have found surprises in logs, too. Whatever. Ciao and a nice Sunday i wish from Germany, --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss