Re: Frequent timeout

2018-09-02 Thread Alex 
Hi,

> > When trying to resolve any of these manually, it just returns
> > NXDOMAIN.
>
> What does
>dig -4 71.161.85.209.hostkarma.junkemailfilter.com +trace +nodnssec
> show, and it is consistently NXDOMAIN? That ends here with:
>
> 71.161.85.209.hostkarma.junkemailfilter.com. 2100 IN A 127.0.0.3
> 71.161.85.209.hostkarma.junkemailfilter.com. 2100 IN A 127.0.1.1
> ;; Received 93 bytes from 184.105.182.249#53(rbl1.junkemailfilter.com)
> in 20 ms

It shows the same here now, at least for the ones which resolve.
Others still return NXDOMAIN. I was previously just using "host", but
I suppose it's also possible that's one I didn't do. It's also
possible they're no longer blacklisted by these RBLs.

My point was that none of them returned SERVFAIL. I thought using dig
or host to try and resolve the hosts would return the same SERVFAIL
when run manually as they did by the bind resolver. What could be
different that resulted in what appeared to be the majority of queries
to return SERVFAIL in the named.debug.log at the time the mail was
received?

Would high network utilization cause that? I assume that would cause
the timeout, but how can I be sure? Isn't ethernet designed to
communicate that at the lower levels to prevent that kind of thing
from occurring?

Is there a bind configuration that would make it more resilient?

> > I also isolated a packet with the "server failure" information, but
> > I'm unable to figure out what the data means. Would someone be
> > interested in evaluating it for me? It's a 146-byte pcap file.
> > https://drive.google.com/open?id=1Ui893Lg61psZCR8I_9SJtNqs-Sil_br
>
> That is just the reply from bind to some other process running on the
> same machine, reporting the server failure.

Oh, right, because it's over loopback. This is probably from postfix's
postscreen that's doing the querying.

This is not the same as one of the SERVFAIL entries from named.debug.log?

Do you have any other ideas on how I can isolate this problem?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Frequent timeout

2018-09-02 Thread Carl Byington 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Sat, 2018-09-01 at 23:45 -0400, Alex wrote:


> (71.161.85.209.hostkarma.junkemailfilter.com): query failed (SERVFAIL)
> (71.161.85.209.bl.score.senderscore.com): query failed (SERVFAIL)

> When trying to resolve any of these manually, it just returns
> NXDOMAIN.

What does
   dig -4 71.161.85.209.hostkarma.junkemailfilter.com +trace +nodnssec
show, and it is consistently NXDOMAIN? That ends here with:

71.161.85.209.hostkarma.junkemailfilter.com. 2100 IN A 127.0.0.3
71.161.85.209.hostkarma.junkemailfilter.com. 2100 IN A 127.0.1.1
;; Received 93 bytes from 184.105.182.249#53(rbl1.junkemailfilter.com)
in 20 ms



> I also isolated a packet with the "server failure" information, but
> I'm unable to figure out what the data means. Would someone be
> interested in evaluating it for me? It's a 146-byte pcap file.
> https://drive.google.com/open?id=1Ui893Lg61psZCR8I_9SJtNqs-Sil_br

That is just the reply from bind to some other process running on the
same machine, reporting the server failure.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAluMefIACgkQL6j7milTFsETsgCgiUbEZtaS2BnRHP4VPh4ycfhF
UvwAnitRg/6OCRXvZsj9EJTygjol7M+u
=2DAt
-END PGP SIGNATURE-


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users