We had an incident where both our local caching name servers stopped working.
They returned SERVFAIL (see example below). They were set as the
"dns-server-ip-primary" and our host-provided DNS server was set as the
"dns-server-ip". Because the primaries were failing, I would expect spamdyke to
automatically switch to resolve via the server set under "dns-server-ip".
Instead, spamdyke just rejected all our mail for a few hours with
DENIED_RDNS_MISSING. The host-provide name server was functioning fine.
This is the config:
dns-server-ip-primary=127.0.0.1 # Local caching name server
dns-server-ip-primary=10.128.0.9 # Another local caching name server
dns-server-ip=169.254.169.254 # Host-provided name server
This is an example response from a query to either of the primary DNS servers:
{q@oak3~} dig @10.128.0.9 apple.com mx
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> @10.128.0.9
apple.com mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52266
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;apple.com. IN MX
;; Query time: 15 msec
;; SERVER: 10.128.0.9#53(10.128.0.9)
;; WHEN: Mon Mar 11 05:10:32 2019
;; MSG SIZE rcvd: 27
Am I wrong to expect spamdyke to fail over to the non-primary server on a
SERVFAIL?
Quinn
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users
