All, Sorry for the top post :)
Sven, Yes, it does not matter. With the DNS proxy enabled on the raptor, all outbound 53/udp is proxied. NS Resources are dropped completely. If you disable the proxy and open outbound port 53/udp and use an internal DNS look at root hints, or use an external nameserver, everything is fine. There is supposedly a new release of the raptor software where NS resolution is 'experimental'... Go figure. Jeff, I have not filed a bugzilla on no SURBL functionality without NS resolution yet because I havent had time to debug it out and provide a patch yet. Seeing this effects a very small amount of installs, it is not real high on my to-do list... Although it does effect everyone else by creating 1 more DNS query per URI, so I guess that could be more important that no hits without NS resolution. Dallas > -----Original Message----- > From: Sven Ehret [mailto:[EMAIL PROTECTED] > Sent: Monday, November 29, 2004 4:07 AM > To: Dallas L. Engelken > Subject: Re: No NS resolving, but Net::DNS OK > > yeah, symantec raptor firewall here... unfortunately using a > different, external DNS server did not help. Is there any > known way to resolve the problem with raptor fws? > > > On Fri, 26 Nov 2004 08:41:29 -0600, Dallas L. Engelken > <[EMAIL PROTECTED]> wrote: > > > > > > > hello List, > > > > > > the name resolver works just fine on my new mailserver, but > > > spamassassin cannot resolve anything. spamassassin -D --lint says > > > > > > "debug: is Net::DNS::Resolver available? yes > > > debug: Net::DNS version: 0.48 > > > debug: trying (3) cingular.com... > > > debug: looking up NS for 'cingular.com' > > > debug: NS lookup of cingular.com failed horribly => Perhaps your > > > resolv.conf isn't pointing at a valid server? > > > debug: All NS queries failed => DNS unavailable (set > dns_available > > > to override) > > > debug: is DNS available? 0" > > > > > > Name resolving per se works: > > > > > > [EMAIL PROTECTED]:~> nslookup intel.com -sil > > > Server: 192.168.0.1 > > > Address: 192.168.0.1#53 > > > > > > Non-authoritative answer: > > > Name: intel.com > > > Address: 198.175.96.33 > > > > > > [EMAIL PROTECTED]:~> > > > > > > Net::DNS is up to date. > > > > > > > Symantec's raptor and velociraptor firewall has an internal caching > > nameserver that will not resolve NS records, but everything else > > resolves fine. Dunno if this is what you are using or not, > but I had > > the same issue a week ago with a client that had that firewall. > > > > You can hardcode > > dns_available yes > > In your local.cf and restart to make SA skip DNS checking. > However, I > > have found SURBL lookups are dependant on NS lookups, strange as it > > sounds! Without proper NS resolution, no SURBL rules will > ever fire. > > > > Dallas > > >
