If the name server receives a question via UDP, that's how it will answer,
necessarily. The client could have asked via TCP, but it doesn't know how
large the response will be when it sends the question.
The general intention here is that the client will receive either an ICMP
message or a
Am 2017-07-05 11:51, schrieb Rick Moen:
Glad to hear it!
I've been too early pleased - problem still exists. I now forward
dyne.org to Google DNS.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Am 2017-07-05 10:47, schrieb Rick Moen:
edns-buffer-size:
...
tation reassembly problems, usually seen as timeouts,
then a
value of 1480 can fix it.
I did some more tests (ping ns.dyne.org with different packet sizes) and
found that 1480 is
Quoting Joachim Fahrner (j...@fahrner.name):
> Looks like that solved it. Same problem is described here:
> https://serverfault.com/questions/405650/why-are-these-udp-packets-being-dropped
Glad to hear it!
> But shouldn't DNSSEC use tcp instead of udp?
Only if the response is larger than the
Am 2017-07-05 10:47, schrieb Rick Moen:
edns-buffer-size:
Number of bytes size to advertise as the EDNS reassembly
buffer
size. This is the value put into datagrams over UDP
towards
peers. The actual buffer size is determined by
Quoting Joachim Fahrner (j...@fahrner.name):
> Am 2017-07-05 09:43, schrieb Joachim Fahrner:
>
> >Jul 5 09:37:46 server unbound: [22751:0] info: NSEC3s for the
> >referral proved no DS.
>
> Could it be that my problem has to do with DNSSEC?
Obviously, you could test this hypothesis by
Am 2017-07-05 09:43, schrieb Joachim Fahrner:
Jul 5 09:37:46 server unbound: [22751:0] info: NSEC3s for the
referral proved no DS.
Could it be that my problem has to do with DNSSEC?
___
Dng mailing list
Dng@lists.dyne.org
Am 2017-07-05 09:24, schrieb Joachim Fahrner:
I now increased unbounds verbosity and see if there is further
information in the log.
Some more info. unbounds verbosity level is now 2. I did a "dig
tupac2.dyne.org", which had a timeout.
This is in the log:
Jul 5 09:37:29 server unbound:
Quoting Joachim Fahrner (j...@fahrner.name):
> There are no errors in the unbound log. And I'm wondering why these
> timeouts are only with dyne.org. I never had such failures with
> other domains since years. Maybe there is a problem in my providers
> network, but then that should happen with
Am 2017-07-05 09:08, schrieb Rick Moen:
So, in general terms, I certainly encourage your approach. It's not
obvious from present evidence why you are getting timeouts querying
your
local recursive nameserver. You'll have to do further diagnosis
locally. (Lacking any better ideas at the
Quoting Joachim Fahrner (j...@fahrner.name):
> That's right. And my local unbound is the only nameserver in
> /etc/resolv.conf
>
> I cannot use other nameservers because my postfix queries some RBLs
> that allow only limited numbers of queries (they are free for
> personal use, but costs for
Am 2017-07-05 08:51, schrieb Rick Moen:
I believe you said that you are running an instance of Unbound as a
local recursive nameserver. If so, I hope you are listing it first in
/etc/resolv.conf (perhaps by localhost IP). Anyway, that's where you
should start looking, to find your problem.
Quoting Joachim Fahrner (j...@fahrner.name):
> By now it comes apparent that timeouts from the dns servers are the
> problem:
Well... hold that thought, please.
> Can the short SOA EXPIRE be the cause?
No. SOA EXPIRE is how long a secondary nameserver will still treat its
copy of the zone
Am 2017-07-05 00:18, schrieb Rick Moen:
On a quick, broad check, dyne.org DNS seems robust.
There are three network-diverse authoritative nameservers (refreshing
to
see after observing far too many domains attempting to get by with two,
when RFCs require 3-7 auth nameservers[1]), all
Quoting Joachim Fahrner (j...@fahrner.name):
> Normally name resolution works fine, and tupac2.dyne.org is the only
> server with such errors in my postfix log. I'm using unbound on
> Devuan as a local caching recursive dns server.
Good choice.
> Could it be that dyne.org name servers have
Am 2017-07-04 18:27, schrieb Alessandro Selli:
I'm afraid this has to do with the DNS server you're using (;;
SERVER:
127.0.0.1#53(127.0.0.1), that is), as I get these values:
Enter "dyne.org" here: http://www.dnsqueries.com/en/dns_lookup.php and
select "ALL". That delivers the same
Am 2017-07-04 18:27, schrieb Alessandro Selli:
I'm afraid this has to do with the DNS server you're using (;;
SERVER:
127.0.0.1#53(127.0.0.1), that is), as I get these values:
[alessandro@draco ~]$ dig tupac2.dyne.org
; <<>> DiG 9.9.5-9+deb8u11-Debian <<>> tupac2.dyne.org
;; global options:
Am 2017-07-04 15:37, schrieb Alessandro Selli:
I really wonder what did mxtoolbox.com check, as I cannot see what
dns.org
and shockmedia.com have to do with dyne.org:
That's strange. Something in my test changed dyne.org magically to
dns.org. But that was not me, I used cut ;-)
The
On Tue, 04 Jul 2017 at 09:51:55 +0200
Joachim Fahrner wrote:
> Am 2017-07-04 09:39, schrieb Joachim Fahrner:
>
>> Could it be that dyne.org name servers have temporary connection
>> problems?
>
> When checking dns for tupac2.dyne.org I get 1 error and 3 warnings:
>
>
Am 2017-07-04 09:39, schrieb Joachim Fahrner:
Could it be that dyne.org name servers have temporary connection
problems?
When checking dns for tupac2.dyne.org I get 1 error and 3 warnings:
https://mxtoolbox.com/domain/tupac2.dns.org/
E https dns.org The Certificate has a
Am 2017-07-03 22:27, schrieb Gregory Nowak:
I'm not seeing this here, and the A record for tupac2.dyne.org
resolves correctly. Could there be a DNS issue on your end perhaps?
Normally name resolution works fine, and tupac2.dyne.org is the only
server with such errors in my postfix log.
I'm
Hi there,
On Mon, 3 Jul 2017, Antony Stone wrote:
On Monday 03 July 2017 at 22:27:44, Gregory Nowak wrote:
> On Mon, Jul 03, 2017 at 07:09:29PM +0200, Joachim Fahrner wrote:
>
> > I get lots of those errors in my postfix log:
> >
> > Jul 3 18:09:16 server postfix/smtpd[2840]: NOQUEUE: reject:
On Monday 03 July 2017 at 22:27:44, Gregory Nowak wrote:
> On Mon, Jul 03, 2017 at 07:09:29PM +0200, Joachim Fahrner wrote:
> > I get lots of those errors in my postfix log:
> >
> > Jul 3 18:09:16 server postfix/smtpd[2840]: NOQUEUE: reject: RCPT
> > from tupac2.dyne.org[178.62.188.7]: 450
On Mon, Jul 03, 2017 at 07:09:29PM +0200, Joachim Fahrner wrote:
> I get lots of those errors in my postfix log:
>
> Jul 3 18:09:16 server postfix/smtpd[2840]: NOQUEUE: reject: RCPT
> from tupac2.dyne.org[178.62.188.7]: 450 4.7.1 :
> Helo command rejected: Host not found;
>
Hello,
I get lots of those errors in my postfix log:
Jul 3 18:09:16 server postfix/smtpd[2840]: NOQUEUE: reject: RCPT from
tupac2.dyne.org[178.62.188.7]: 450 4.7.1 : Helo command
rejected: Host not found; from=
to= proto=ESMTP helo=
Is there
25 matches
Mail list logo