Re: Postfix smtpd DNS lookup delay

Hi Moe

Is that still supported? It's rather ancient.

I did see new 9.3 security patches a few months ago but I haven't
checked recently. They are setup as CLI only boxes BTW. Very small disk
usage footprint.

How, exactly? Is this using some application (such as ping), or is
this using one of the DNS query tools ('dig', 'dnsquery', 'host', or
'nslookup')? In the later case, look at the /etc/host.conf and
/etc/nsswitch.conf files (which DNS query tools ignore, but all
applications check first).

Yes the "host" command with -t type lookups. I dont use dig enough to
remember the switch syntax. hosts.conf is set to "hosts bind" and
nsswitch "files dns". This was a check I did weeks ago. I did remove
lwres from the default setup. Keep in mind that normal host and IP
resolution for everything else is working fine. From the usability
standpoint the only issue is the smtpd delay.

Otherwise, run a packet sniffer, and see what questions your server is
asking of which DNS. Recall that the resolver believes the first
"answer" it receives from a DNS server - even if that answer is the
equivalent of "I don't know". An NXDOMAIN response means there is no
answer, so the resolver isn't going to be asking someone else.

Yeah that was kind of the next step, tcpdump and friends. Never tried
doing that on the lo interface but I assume its okay. (The DNS and
postfix server are one and the same box) There is only one DNS in the
resolve list. The sites aren't big enough to support a secondary.

Logging - "I want to know who is trying to connect to me".

Now thats a thought too, having the DNS log queries. Never tried that
but I'll have a look. Tnxs.

Is it asking the "right" name server?

See comments above about it working for every other application. Is
smtpd configurable to look at another separate DNS? (eg like squid does)

There is only one nameserver in resolv.conf, 127.0.0.1. It uses
root.hints for the outside world and has fwd/rev zones for 192.168.x and
127.x. It doesn't use forwarders.

It's not just spammers who don't have proper DNS configurations. The
world is full of networks run by idiots who don't think it's required
to have PTR records. There are entire blocklists run to list such
networks, never mind a place like rfc-ignorant.org.

Yep am well aware of that. I was making a "you know" throw away comment
instead of expending bandwidth on a lengthy discourse.

Bob
.

Relevant Pages

  • Re: /etc/resolv.conf and sendmail
    ... I recall reading a comment that local host names for sendmail need "enough" ... and aaa.org resolver code could be ... looking any of these up because you do not have enough dots. ... and dns that said use "invalid.com". ...
    (Fedora)
  • Re: Web Site Mystery
    ... host our own web site at this location. ... So in our DNS setup, there is a pointer to the ip address of the ... Run an ipconfig /all on your server and you'll see the ... www.europacrown.com don't work from our corporate network. ...
    (microsoft.public.windows.server.general)
  • Re: Underscore in IIS 6 Host Header definition
    ... The RFC that you referenced does not define the standard for the DNS ... An underscore is not valid in a host. ...
    (microsoft.public.inetserver.iis)
  • Re: Retardedness
    ... have not written any reverse DNS code. ... Begins an asynchronous request for IPHostEntry ... information about the specified DNS host name. ... GetHostAddresses: Returns the Internet Protocol addresses for ...
    (alt.os.windows-xp)
  • Re: Unable to sentd email to certain domains...
    ... Think of reverse DNS this way. ... When you ping a host by name ... they often don't have a reverse DNS set up. ... provider should be able to set this up no problem. ...
    (microsoft.public.exchange.admin)