Re: dnsblog lookup error questions
On 11/10/2012 7:32 PM, Alex wrote: If you are running a local recursing resolver, such as pdns-recursor, on this host, then the IP of this host is relevant to Spamhaus. If bind works okay, and any errors seem to be related to spamhaus itself, does it really warrant changing it to another name server? I read a little about it, and see they have an RPM. I have bind configured to use the root servers, and it's running okay, so I don't know that I need to change it. Your bind setup should be fine. There's probably no need to change anything. The issue is likely that the configured DNS resolvers are public servers that have been banned by Spamhaus in the past. As others have mentioned there are many ISP type DNS resolvers that are not allowed to query Spamhaus' servers. Yes, I've changed postscreen to use the host given to me specifically, and it seems to be working okay. I should have mentioned that I was only using the public DNS servers during testing, before I realized spamhaus had my server blocked. To be clear, Spamhaus only blocks queries from DNS resolvers. So you're saying your bind server was being blocked? Or you were using ATT or Quest resolvers, for example? Thanks so much for everyone's help. You're welcome Alex. ;) Apologies if I 'leaked' any details you may not have wanted public, but since I'm maintaining your anonymity I figured this would be fine. Nah, not worried. I think I'm a good judge of character :-) :) Thanks again for your help. Nearly all of the last two weeks without power, yet I managed to support my network remotely with hardly the customers being impacted, and their users had absolutely no idea. I'd say this old sysadmin did pretty darn good :-) Indeed. -- Stan
Re: dnsblog lookup error questions
Hi, If you are running a local recursing resolver, such as pdns-recursor, on this host, then the IP of this host is relevant to Spamhaus. If bind works okay, and any errors seem to be related to spamhaus itself, does it really warrant changing it to another name server? I read a little about it, and see they have an RPM. I have bind configured to use the root servers, and it's running okay, so I don't know that I need to change it. The issue is likely that the configured DNS resolvers are public servers that have been banned by Spamhaus in the past. As others have mentioned there are many ISP type DNS resolvers that are not allowed to query Spamhaus' servers. Yes, I've changed postscreen to use the host given to me specifically, and it seems to be working okay. I should have mentioned that I was only using the public DNS servers during testing, before I realized spamhaus had my server blocked. Thanks so much for everyone's help. You're welcome Alex. ;) Apologies if I 'leaked' any details you may not have wanted public, but since I'm maintaining your anonymity I figured this would be fine. Nah, not worried. I think I'm a good judge of character :-) Thanks again for your help. Nearly all of the last two weeks without power, yet I managed to support my network remotely with hardly the customers being impacted, and their users had absolutely no idea. I'd say this old sysadmin did pretty darn good :-)
Re: dnsblog lookup error questions
/ Reindl Harald wrote on Fri 2.Nov'12 at 11:57:15 +0100 / Am 02.11.2012 08:38, schrieb Jamie Paul Griffin: / Han Boetes wrote on Thu 1.Nov'12 at 15:15:51 +0100 / I do have a name server running on my lan. I wouldn't set up a mailserver system without it. I have been doing that for quite some time now the main question here is how your nameserver is configured recursion or just forward to any other dns-server My named is set up for recursive queries from my localnetwork. I set up named using the documentation provided by OpenBSD (my OS) and also FreeBSD I don't forward any requests to extenal nameservers, as advised in the documentation I used for my OS. if you do not make recursion at your own thats may be the reason because if your LAN dns is forwarding to 8.8.8.8 and more and more peole are doing this 8.8.8.8 will be more and more rate-controlled AND do NOT forward to any ISP-DNS they are all not trustable/relieable I agree with you there and certainly don't do that.
Re: dnsblog lookup error questions
/ Han Boetes wrote on Thu 1.Nov'12 at 15:15:51 +0100 / Consider setting up a caching nameserver like unbound on your server. Having a local cache on a mailserver is good thing™ I do have a name server running on my lan. I wouldn't set up a mailserver system without it. I have been doing that for quite some time now.
Re: dnsblog lookup error questions
Am 02.11.2012 08:38, schrieb Jamie Paul Griffin: / Han Boetes wrote on Thu 1.Nov'12 at 15:15:51 +0100 / Consider setting up a caching nameserver like unbound on your server. Having a local cache on a mailserver is good thing™ I do have a name server running on my lan. I wouldn't set up a mailserver system without it. I have been doing that for quite some time now the main question here is how your nameserver is configured recursion or just forward to any other dns-server if you do not make recursion at your own thats may be the reason because if your LAN dns is forwarding to 8.8.8.8 and more and more peole are doing this 8.8.8.8 will be more and more rate-controlled AND do NOT forward to any ISP-DNS they are all not trustable/relieable signature.asc Description: OpenPGP digital signature
Re: dnsblog lookup error questions
On 11/1/2012 9:46 PM, Alex wrote: Hi, You cannot query the ZEN list via the Google Servers... Ah, yes, of course. He may not be allowed to from his own resolvers either, possibly causing this problem. Alex at one time you had a Spamhaus datafeed subscription. Some time ago your load had dropped below the daily limit Yes, it's been renewed, but this host may not be recorded in their database. If you are running a local recursing resolver, such as pdns-recursor, on this host, then the IP of this host is relevant to Spamhaus. If this host does not have a local recursing resolver, and is using external resolvers, then the IPs of those external resolvers are relevant to Spamhaus. I.e. it's the host that actually queries UDP 53 on Spamhaus systems that needs to be in their database. It doesn't even receive all that much mail, and otherwise has no association with the company. Anyway, they've given us a special host to query. I'll add that and see if it helps. I believe this could also be a firewall/domain issue, but with the hurricane I've had to postpone the investigation for a day or two. The issue is likely that the configured DNS resolvers are public servers that have been banned by Spamhaus in the past. As others have mentioned there are many ISP type DNS resolvers that are not allowed to query Spamhaus' servers. Due to this, and DNS performance reasons in general, it is wise for anyone wishing to query the free Spamhaus servers to install a local recursing DNS daemon on the Postfix host itself. In the case of pdns-recursor, which I use, the setup is brain dead simply, takes a few minutes to install/configure. The benefits are substantial, and the resources WRT CPU/RAM are tiny. Thanks so much for everyone's help. You're welcome Alex. ;) Apologies if I 'leaked' any details you may not have wanted public, but since I'm maintaining your anonymity I figured this would be fine. -- Stan
Re: dnsblog lookup error questions
* Alex mysqlstud...@gmail.com: Hi, I have a fc15 server with postfix-2.8.10 and have enabled postscreen. I've enabled it before without any difficulty, so I'm not sure what I'm doing wrong in this case. For some reason it is printing these errors periodically: Oct 31 23:41:15 portal postfix/dnsblog[1520]: warning: dnsblog_query: lookup error for DNS query 23.49.18.189.zen.spamhaus.org: Host or domain name not found. Name service error for name=23.49.18.189.zen.spamhaus.org type=A: Host not found, try again cat /etc/resolv.conf postfix check what's the output of those? Does this simply mean it wasn't found in spamhaus and is recording that? No, it's a DNS lookup error (SERVFAIL) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: dnsblog lookup error questions
Hi, I have a fc15 server with postfix-2.8.10 and have enabled postscreen. I've enabled it before without any difficulty, so I'm not sure what I'm doing wrong in this case. For some reason it is printing these errors periodically: Oct 31 23:41:15 portal postfix/dnsblog[1520]: warning: dnsblog_query: lookup error for DNS query 23.49.18.189.zen.spamhaus.org: Host or domain name not found. Name service error for name=23.49.18.189.zen.spamhaus.org type=A: Host not found, try again cat /etc/resolv.conf postfix check what's the output of those? It's set up to use the local caching server, and doesn't otherwise have any resolution issues. Even when I try to resolve that host using 8.8.4.4, it returns NXDOMAIN. I've changed resolv.conf to use 8.8.4.4 and it returns the same result: Nov 1 08:54:46 portal postfix/dnsblog[18803]: warning: dnsblog_query: lookup error for DNS query 7.39.158.213.zen.spamhaus.org: Host or domain name not found. Name service error for name=7.39.158.213.zen.spamhaus.org type=A: Host not found, try again # host 7.39.158.213.zen.spamhaus.org 8.8.4.4 Using domain server: Name: 8.8.4.4 Address: 8.8.4.4#53 Aliases: 7.39.158.213.zen.spamhaus.org has address 127.0.0.4 Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN) Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN) It seems like it may always been an issue with spamhaus. Perhaps I have that configuration wrong? dnsblog seems to do fine with barracuda: Nov 1 08:54:51 portal postfix/dnsblog[19203]: addr 85.59.175.220 listed by domain b.barracudacentral.org as 127.0.0.2 Thanks again, Alex
Re: dnsblog lookup error questions
* Alex mysqlstud...@gmail.com: cat /etc/resolv.conf postfix check what's the output of those? It's set up to use the local caching server, good. Which server is the caching server asking? and doesn't otherwise have any resolution issues. Even when I try to resolve that host using 8.8.4.4, it returns NXDOMAIN. NXDOMAIN is ok. I've changed resolv.conf to use 8.8.4.4 and it returns the same result: ... 7.39.158.213.zen.spamhaus.org has address 127.0.0.4 Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN) Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN) NXDOMAIN is OK (it's a negative result), and not an error like: *** Name service error * for name=23.49.18.189.zen.spamhaus.org type=A: Host not found, try again It seems like it may always been an issue with spamhaus. Perhaps I have that configuration wrong? dnsblog seems to do fine with barracuda: Nov 1 08:54:51 portal postfix/dnsblog[19203]: addr 85.59.175.220 listed by domain b.barracudacentral.org as 127.0.0.2 You cannot query the ZEN list via the Google Servers... -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: dnsblog lookup error questions
/ Alex wrote on Thu 1.Nov'12 at 9:03:00 -0400 / Hi, I have a fc15 server with postfix-2.8.10 and have enabled postscreen. I've enabled it before without any difficulty, so I'm not sure what I'm doing wrong in this case. For some reason it is printing these errors periodically: Oct 31 23:41:15 portal postfix/dnsblog[1520]: warning: dnsblog_query: lookup error for DNS query 23.49.18.189.zen.spamhaus.org: Host or domain name not found. Name service error for name=23.49.18.189.zen.spamhaus.org type=A: Host not found, try again cat /etc/resolv.conf postfix check what's the output of those? It's set up to use the local caching server, and doesn't otherwise have any resolution issues. Even when I try to resolve that host using 8.8.4.4, it returns NXDOMAIN. I've changed resolv.conf to use 8.8.4.4 and it returns the same result: Nov 1 08:54:46 portal postfix/dnsblog[18803]: warning: dnsblog_query: lookup error for DNS query 7.39.158.213.zen.spamhaus.org: Host or domain name not found. Name service error for name=7.39.158.213.zen.spamhaus.org type=A: Host not found, try again # host 7.39.158.213.zen.spamhaus.org 8.8.4.4 Using domain server: Name: 8.8.4.4 Address: 8.8.4.4#53 Aliases: 7.39.158.213.zen.spamhaus.org has address 127.0.0.4 Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN) Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN) It seems like it may always been an issue with spamhaus. Perhaps I have that configuration wrong? dnsblog seems to do fine with barracuda: Nov 1 08:54:51 portal postfix/dnsblog[19203]: addr 85.59.175.220 listed by domain b.barracudacentral.org as 127.0.0.2 Thanks again, Alex For what it's worth, I've been seeing the same problem on my Mac server; that is, zen.spamhaus.org not resolving.
Re: dnsblog lookup error questions
On 11/1/2012 8:08 AM, Ralf Hildebrandt wrote: You cannot query the ZEN list via the Google Servers... He may not be allowed to from his own resolvers either, possibly causing this problem. Alex at one time you had a Spamhaus datafeed subscription. Some time ago your load had dropped below the daily limit and stayed there. You dropped the subscription thinking you could use the free service again, even though you are providing commercial service with your boxen, which requires the subscription. Spamhaus are not fools. Did they cut you off? Alex, have you renewed your subscription? If not you probably need to speak with Spamhaus, as these problems are likely related. They have nothing to do with Postfix. Worth noting, from my local resolver: $ host 23.49.18.189.zen.spamhaus.org 23.49.18.189.zen.spamhaus.org has address 127.0.0.11 23.49.18.189.zen.spamhaus.org has address 127.0.0.4 ~$ host 7.39.158.213.zen.spamhaus.org 7.39.158.213.zen.spamhaus.org has address 127.0.0.4 -- Stan
Re: dnsblog lookup error questions
Hi, You cannot query the ZEN list via the Google Servers... Ah, yes, of course. He may not be allowed to from his own resolvers either, possibly causing this problem. Alex at one time you had a Spamhaus datafeed subscription. Some time ago your load had dropped below the daily limit Yes, it's been renewed, but this host may not be recorded in their database. It doesn't even receive all that much mail, and otherwise has no association with the company. Anyway, they've given us a special host to query. I'll add that and see if it helps. I believe this could also be a firewall/domain issue, but with the hurricane I've had to postpone the investigation for a day or two. Thanks so much for everyone's help. Regards, Alex
