Loading ...
Sorry, an error occurred while loading the content.

Re: intermittent DNS lookup failure in combination with reject_unknown_client_hostname

Expand Messages
  • Viktor Dukhovni
    ... If you see this for all remote MTAs, the problem is with your DNS software or network connectivity. If it is just for certain remote MTAs and not the rest,
    Message 1 of 9 , Dec 1, 2012
    • 0 Attachment
      On Sat, Dec 01, 2012 at 09:31:41PM +0100, IMAP List Administration wrote:

      > At any rate, we periodically see (1-5 times per day) a "Client host rejected:
      > cannot find your hostname" rejection, followed by a successful retry from the
      > remote MTA. When we check the DNS records, they always appear to be in order.
      > The remote MTAs belong to various organizations, but typically ones where one
      > would expect the DNS config to be well-maintained. (see bottom for an example
      > rejection and the ensuing successful retry).

      If you see this for all remote MTAs, the problem is with your DNS
      software or network connectivity. If it is just for certain remote
      MTAs and not the rest, the problem is with their DNS.

      > 1) is it possible that we are observing a bug in postfix in conjunction with
      > DNS-queries? Are there any such known bugs?

      No such bugs are known, likely or observed by other sites. DNS
      clients are much simpler than DNS servers, look for bugs in DNS
      configuration then the DNS servers or in the network.

      > 2) can someone give me a tip on how to configure BIND to log the information I
      > need to figure out why DNS lookups may be failing intermittently, and how to
      > read it properly?

      This is not simple. First use your Postfix logs to find out which domains
      or IPs exhibit the transient errors, and whether such errors are
      random or tied to specific domains.

      --
      Viktor.
      >
    • Wietse Venema
      ... Obviously, the above attempts all share the same problem, i.e. the problem is your network or something beyond your network. Try running nsping (name
      Message 2 of 9 , Dec 1, 2012
      • 0 Attachment
        IMAP List Administration:
        > Summary:
        > - upgraded OS
        > - upgraded Postfix
        > - cut local named out of system
        >
        > but no change. Anyone have a suggestion as to how to pursue this problem?

        Obviously, the above attempts all share the same problem, i.e. the
        problem is your network or something beyond your network.

        Try running nsping (name server ping) over a long stretch of time
        (e.g., 24 hours). It will tell you about dropped queries a variations
        in response times.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.