Re: [DNG] Listserver configuration

If the name server receives a question via UDP, that's how it will answer, necessarily. The client could have asked via TCP, but it doesn't know how large the response will be when it sends the question. The general intention here is that the client will receive either an ICMP message or a

Re: [DNG] Listserver configuration

Am 2017-07-05 11:51, schrieb Rick Moen: Glad to hear it! I've been too early pleased - problem still exists. I now forward dyne.org to Google DNS. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Listserver configuration

Am 2017-07-05 10:47, schrieb Rick Moen: edns-buffer-size: ... tation reassembly problems, usually seen as timeouts, then a value of 1480 can fix it. I did some more tests (ping ns.dyne.org with different packet sizes) and found that 1480 is

Re: [DNG] Listserver configuration

Quoting Joachim Fahrner (j...@fahrner.name): > Looks like that solved it. Same problem is described here: > https://serverfault.com/questions/405650/why-are-these-udp-packets-being-dropped Glad to hear it! > But shouldn't DNSSEC use tcp instead of udp? Only if the response is larger than the

Re: [DNG] Listserver configuration

Am 2017-07-05 10:47, schrieb Rick Moen: edns-buffer-size: Number of bytes size to advertise as the EDNS reassembly buffer size. This is the value put into datagrams over UDP towards peers. The actual buffer size is determined by

Re: [DNG] Listserver configuration

Quoting Joachim Fahrner (j...@fahrner.name): > Am 2017-07-05 09:43, schrieb Joachim Fahrner: > > >Jul 5 09:37:46 server unbound: [22751:0] info: NSEC3s for the > >referral proved no DS. > > Could it be that my problem has to do with DNSSEC? Obviously, you could test this hypothesis by

Re: [DNG] Listserver configuration

Am 2017-07-05 09:43, schrieb Joachim Fahrner: Jul 5 09:37:46 server unbound: [22751:0] info: NSEC3s for the referral proved no DS. Could it be that my problem has to do with DNSSEC? ___ Dng mailing list Dng@lists.dyne.org

Re: [DNG] Listserver configuration

Am 2017-07-05 09:24, schrieb Joachim Fahrner: I now increased unbounds verbosity and see if there is further information in the log. Some more info. unbounds verbosity level is now 2. I did a "dig tupac2.dyne.org", which had a timeout. This is in the log: Jul 5 09:37:29 server unbound:

Re: [DNG] Listserver configuration

Quoting Joachim Fahrner (j...@fahrner.name): > There are no errors in the unbound log. And I'm wondering why these > timeouts are only with dyne.org. I never had such failures with > other domains since years. Maybe there is a problem in my providers > network, but then that should happen with

Re: [DNG] Listserver configuration

Am 2017-07-05 09:08, schrieb Rick Moen: So, in general terms, I certainly encourage your approach. It's not obvious from present evidence why you are getting timeouts querying your local recursive nameserver. You'll have to do further diagnosis locally. (Lacking any better ideas at the

Re: [DNG] Listserver configuration

Quoting Joachim Fahrner (j...@fahrner.name): > That's right. And my local unbound is the only nameserver in > /etc/resolv.conf > > I cannot use other nameservers because my postfix queries some RBLs > that allow only limited numbers of queries (they are free for > personal use, but costs for

Re: [DNG] Listserver configuration

Am 2017-07-05 08:51, schrieb Rick Moen: I believe you said that you are running an instance of Unbound as a local recursive nameserver. If so, I hope you are listing it first in /etc/resolv.conf (perhaps by localhost IP). Anyway, that's where you should start looking, to find your problem.

Re: [DNG] Listserver configuration

Quoting Joachim Fahrner (j...@fahrner.name): > By now it comes apparent that timeouts from the dns servers are the > problem: Well... hold that thought, please. > Can the short SOA EXPIRE be the cause? No. SOA EXPIRE is how long a secondary nameserver will still treat its copy of the zone

Re: [DNG] Listserver configuration

Am 2017-07-05 00:18, schrieb Rick Moen: On a quick, broad check, dyne.org DNS seems robust. There are three network-diverse authoritative nameservers (refreshing to see after observing far too many domains attempting to get by with two, when RFCs require 3-7 auth nameservers[1]), all

Re: [DNG] Listserver configuration

Quoting Joachim Fahrner (j...@fahrner.name): > Normally name resolution works fine, and tupac2.dyne.org is the only > server with such errors in my postfix log. I'm using unbound on > Devuan as a local caching recursive dns server. Good choice. > Could it be that dyne.org name servers have

Re: [DNG] Listserver configuration

Am 2017-07-04 18:27, schrieb Alessandro Selli: I'm afraid this has to do with the DNS server you're using (;; SERVER: 127.0.0.1#53(127.0.0.1), that is), as I get these values: Enter "dyne.org" here: http://www.dnsqueries.com/en/dns_lookup.php and select "ALL". That delivers the same

Re: [DNG] Listserver configuration

Am 2017-07-04 18:27, schrieb Alessandro Selli: I'm afraid this has to do with the DNS server you're using (;; SERVER: 127.0.0.1#53(127.0.0.1), that is), as I get these values: [alessandro@draco ~]$ dig tupac2.dyne.org ; <<>> DiG 9.9.5-9+deb8u11-Debian <<>> tupac2.dyne.org ;; global options:

Re: [DNG] Listserver configuration

Am 2017-07-04 15:37, schrieb Alessandro Selli: I really wonder what did mxtoolbox.com check, as I cannot see what dns.org and shockmedia.com have to do with dyne.org: That's strange. Something in my test changed dyne.org magically to dns.org. But that was not me, I used cut ;-) The

Re: [DNG] Listserver configuration

On Tue, 04 Jul 2017 at 09:51:55 +0200 Joachim Fahrner wrote: > Am 2017-07-04 09:39, schrieb Joachim Fahrner: > >> Could it be that dyne.org name servers have temporary connection >> problems? > > When checking dns for tupac2.dyne.org I get 1 error and 3 warnings: > >

Re: [DNG] Listserver configuration

Am 2017-07-04 09:39, schrieb Joachim Fahrner: Could it be that dyne.org name servers have temporary connection problems? When checking dns for tupac2.dyne.org I get 1 error and 3 warnings: https://mxtoolbox.com/domain/tupac2.dns.org/ E https dns.org The Certificate has a

Re: [DNG] Listserver configuration

Am 2017-07-03 22:27, schrieb Gregory Nowak: I'm not seeing this here, and the A record for tupac2.dyne.org resolves correctly. Could there be a DNS issue on your end perhaps? Normally name resolution works fine, and tupac2.dyne.org is the only server with such errors in my postfix log. I'm

Re: [DNG] Listserver configuration

Hi there, On Mon, 3 Jul 2017, Antony Stone wrote: On Monday 03 July 2017 at 22:27:44, Gregory Nowak wrote: > On Mon, Jul 03, 2017 at 07:09:29PM +0200, Joachim Fahrner wrote: > > > I get lots of those errors in my postfix log: > > > > Jul 3 18:09:16 server postfix/smtpd[2840]: NOQUEUE: reject:

Re: [DNG] Listserver configuration

On Monday 03 July 2017 at 22:27:44, Gregory Nowak wrote: > On Mon, Jul 03, 2017 at 07:09:29PM +0200, Joachim Fahrner wrote: > > I get lots of those errors in my postfix log: > > > > Jul 3 18:09:16 server postfix/smtpd[2840]: NOQUEUE: reject: RCPT > > from tupac2.dyne.org[178.62.188.7]: 450

Re: [DNG] Listserver configuration

On Mon, Jul 03, 2017 at 07:09:29PM +0200, Joachim Fahrner wrote: > I get lots of those errors in my postfix log: > > Jul 3 18:09:16 server postfix/smtpd[2840]: NOQUEUE: reject: RCPT > from tupac2.dyne.org[178.62.188.7]: 450 4.7.1 : > Helo command rejected: Host not found; >

[DNG] Listserver configuration

Hello, I get lots of those errors in my postfix log: Jul 3 18:09:16 server postfix/smtpd[2840]: NOQUEUE: reject: RCPT from tupac2.dyne.org[178.62.188.7]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Is there