> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Wolfe > Sent: Saturday, 11 October 2008 5:58 AM > To: postfix-users@postfix.org > Subject: cannot find reverse hostname for ip with enormous result > > Hello, > > We use reject_unknown_client to fail messages from hosts with no rDNS. > We have a situation with the host 216.163.249.229, which > give the following results: > > > NOQUEUE: reject: RCPT from unknown[216.163.249.229]: 450 > 4.7.1 Client host rejected: cannot find your reverse > hostname, [216.163.249.229]; > > There actually is reverse DNS for this address... 239 PTR records! > using 'host' returns them all, with a warning: > > ;; Truncated, retrying in TCP mode. > .. and then all the results > > So I guess the result is so large that UDP cannot contain it, > and within postfix the TCP method either isn't being tried or > isn't working. Is this a problem with my resolver or > something I can fix in postfix? The lookup does work on this > machine using 'host' with the above error. > > -Aaron >
While there may be problems with the fact that some of the PTRs are unresolvable, I also suggest checking what might be thought of as the obvious, namely, that your firewall is not blocking *UDP* DNS lookup. I had this same problem a few months back, and didn't initially think to ask the question. It turned out that our external firewall (maintained by a separate group) was only permitting TCP queries. The problem didn't emerge until we tried resolving hosts with many multiple PTRs (36 for one particular host); the 10s of thousands of other DNS queries were working perfectly. Enabling UDP over port 53 fixed things for that one host as if by magic.
