Loading ...
Sorry, an error occurred while loading the content.

postfix reports no rDNS on a host with many PTR records

Expand Messages
  • Blake Hudson
    I m seeing the following errors when a prominent North American life insurance vendor attempts to send me email. Oct 14 12:57:07 twinc postfix/smtpd[12194]:
    Message 1 of 14 , Oct 14, 2013
    • 0 Attachment
      I'm seeing the following errors when a prominent North American life
      insurance vendor attempts to send me email.

      Oct 14 12:57:07 twinc postfix/smtpd[12194]: NOQUEUE: reject: RCPT from
      unknown[216.163.249.229]: 450 4.7.1 Client host rejected: cannot find
      your reverse hostname, [216.163.249.229];
      from=<redacted@...> to=<redacted@...>
      proto=ESMTP helo=<ms1.metlifecommercial.com>


      The crux is that this host does have (an abundance of) rDNS:

      [blake@twinc ~]# host 216.163.249.229
      ;; Truncated, retrying in TCP mode.
      229.249.163.216.in-addr.arpa domain name pointer ms2.dmmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.egadbprod.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.iimetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.afimetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.arsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.avsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.dlmmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.dnumetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.docviewweb.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.edwmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.eesmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.epmmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.erpmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.iibmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.metlifenet.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.mmpmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.prfmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.rpgmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.stimetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.alpsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.amnpmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.calcmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.catsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.glifmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.ibcsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.lifemetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.lsmsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.massmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.ribsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.smrsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.statmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.tajsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.witnessgold.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.witnessprod.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.dmassmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.emonemetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.linusmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.metlife-ihub.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.murexmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.parismetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.pmacsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.xtivametlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.avenuemetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.bdwisemetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.caesarmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.citrixmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.grpannmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.ifecadmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.legal-lawdept.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.siebelmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.tlarsametlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.tlazawmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.charliemetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.crcsurfmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.metcommpipedev.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.paragonmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.powerimageprod.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.ermskanametlife.
      229.249.163.216.in-addr.arpa domain name pointer ms2.glif-pm-metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.intelccometlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.kamakurametlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.orangesmmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.prosightmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.securitypricing.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.startrakmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.workdeskmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.reconplusmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.tinternetmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.tlacalltrmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.bpsconsumemetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.incomeprojections.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.qeconsumermetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.qeintranetmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.sbcpricingmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.tlaannuitymetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.bpsconsumermetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.internallidmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.ltcvignettemetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.prod-erpdbametlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.remedyitsm-metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms2.fieldpayrollmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms2.metcaretngdrmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms2.metcarecgprodmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms2.sbrereportingmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms2.metcaretngprodmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer
      www.fegli04.com.249.163.216.in-addr.arpa.
      229.249.163.216.in-addr.arpa domain name pointer
      www.fegli04.net.249.163.216.in-addr.arpa.
      229.249.163.216.in-addr.arpa domain name pointer
      www.fegli04.org.249.163.216.in-addr.arpa.
      229.249.163.216.in-addr.arpa domain name pointer
      www.fegli2004.com.249.163.216.in-addr.arpa.
      229.249.163.216.in-addr.arpa domain name pointer
      www.fegli2004.net.249.163.216.in-addr.arpa.
      229.249.163.216.in-addr.arpa domain name pointer
      www.fegli2004.org.249.163.216.in-addr.arpa.
      229.249.163.216.in-addr.arpa domain name pointer entlic.com.
      229.249.163.216.in-addr.arpa domain name pointer metcss.com.
      229.249.163.216.in-addr.arpa domain name pointer metmis.com.
      229.249.163.216.in-addr.arpa domain name pointer ins-uis.com.
      229.249.163.216.in-addr.arpa domain name pointer inv-met.com.
      229.249.163.216.in-addr.arpa domain name pointer methdsystems.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.crcbsp.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metdir.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metdlm.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metscc.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.mettpm.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.meticms.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metrisc.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.wpsnefn.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metemail.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.mao-cfeed.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metdeploy.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.cecmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.easmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.efametlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.inv-metcam.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.lifeadvice.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metcalligo.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metconnect.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metibwsreg.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metliferis.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifetsm.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metnotices.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metproject.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metpserpwf.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.nefannuity.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.nefletters.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.retirelink.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.tlcmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.wpsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.comsmailing.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.ibppmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metcommpipe.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.meteservice.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifebank.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifetech.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metpresents.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.peppmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.enewbusiness.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metfastforms.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifee401k.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifeleads.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifeleads.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlntlnslnv.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metpserpwfqa.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.nefnservices.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.reversetango.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.genamservices.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.mao-autoapply.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metaproposreq.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlife-deriv.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.nefctsreports.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.wpsgenamerica.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.doctechmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.fielddirectory.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifeseclend.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifeservice.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifestorage.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.regsvcsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.sir2000metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.lifecad-metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.methyattnotices.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metinvestmetreg.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.nefconnectcycle.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.investmetsupport.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metclientsitereg.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.metlifehomeloans.net.
      229.249.163.216.in-addr.arpa domain name pointer ms.taxdatacollection.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.lifeservicesmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms.lpmservices-metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms.metlifeillustrations.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms.metcommercialservices.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms.metlifecorporateactuarial.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms.mao-ev15fixedannualstatements.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms.mao-ev15dailyfinancialconfirms.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.meteas.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metsdo.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metecap.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metetad.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.ecap-dca.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.itrbrmet.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metables.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metables.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.ahreports.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.efabusobj.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.fegli2004.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metcrtsdb.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metptgweb.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.ausmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.bcpmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.cdfmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.csametlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.efametlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.fpwmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.fwsmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.idwmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.iismetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.instmetdba.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metcommapp.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifedco.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms1.metlifedco.met_smartoffice.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeega.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metliferic.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metpaybase.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metsadbreg.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.pasmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.securemail.metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.srdmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.isprmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.kms-metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metaddisppm.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metbusiness.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metdatamart.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metewintest.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.remedymlihd.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.detadmin-met.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.instmetdbaqa.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.itpm-metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metipmetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlife-itrc.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifee401k.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeforms.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeschda.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.annuities1on1.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metalarmpoint.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metdisability.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metinstreport.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeentkms.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeitrisk.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.bdcats-metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.ithelp-metlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.itpm-metlifeqa.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metclarityprod.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.meticontactreg.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeagloans.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.met_smartoffice.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeahdirect.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metclarityreports.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.metlifecommercial.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.nbcwebsitemetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer ms1.dataarchivemetlife.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms1.metlifetechnologies.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms1.metlifebrokeropmetric.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms1.contentdistributionhub.com.
      229.249.163.216.in-addr.arpa domain name pointer
      ms1.metlifecoralnotification.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.fas91.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.tlait.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.ot2dba.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.udbmet.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.ctxprod.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.acts-met.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.bdproddb.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.metenlic.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.bonusprod.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.crpsysmet.com.
      229.249.163.216.in-addr.arpa domain name pointer ms2.dasportal.com.

      I've temproarily whitelisted the sending server. However, what to do
      about the DNS issue (this isn't the first sender that I've ran into this
      issue with)? Is this an error in Postfix or with my system (RHEL 5)?

      --Blake
    • Wietse Venema
      ... Please do not blame the messenger. ... Postfix does not make the DNS query. The DNS query is made by the SYSTEM LIBRARY functions getnameinfo() and
      Message 2 of 14 , Oct 14, 2013
      • 0 Attachment
        Blake Hudson:
        > I'm seeing the following errors when a prominent North American life
        > insurance vendor attempts to send me email.
        >
        > Oct 14 12:57:07 twinc postfix/smtpd[12194]: NOQUEUE: reject: RCPT from
        > unknown[216.163.249.229]: 450 4.7.1 Client host rejected: cannot find
        > your reverse hostname, [216.163.249.229];
        > from=<redacted@...> to=<redacted@...>
        > proto=ESMTP helo=<ms1.metlifecommercial.com>

        Please do not blame the messenger.
        >
        > The crux is that this host does have (an abundance of) rDNS:
        >
        > [blake@twinc ~]# host 216.163.249.229
        > ;; Truncated, retrying in TCP mode.

        Postfix does not make the DNS query.

        The DNS query is made by the SYSTEM LIBRARY functions getnameinfo()
        and getaddrinfo(). Postfix has no control over how they work.

        When I test this with Postfix test programs for these functions:

        % ./getnameinfo 216.163.249.229
        Hostname: ms.metlifeleads.com
        Address: 216.163.249.229

        % ./getaddrinfo ms.metlifeleads.com
        Hostname: ms.metlifeleads.com
        Addresses: 216.163.249.229

        (The test programs are in the Postfix source code distribution
        under auxiliary/name-addr-test/)

        My non-Linux system returns one PTR result (ms.metlifeleads.com);
        the A record for this name is 216.163.249.229, and Postfix would
        be satisfied with the result.

        I suspect that it doesn't work this way on your system. Some Linux
        distributions require extra configuration to handle more than reply
        per query. I have forgotten what the option is.

        Wietse
      • Jeroen Geilman
        ... Notwithstanding Wietse s reply (he would know how postfix deals with DNS), if you look up that address range from the root on down (dig -4 +trace ns
        Message 3 of 14 , Oct 14, 2013
        • 0 Attachment
          On 10/14/2013 08:41 PM, Blake Hudson wrote:
          > I'm seeing the following errors when a prominent North American life
          > insurance vendor attempts to send me email.
          >
          > Oct 14 12:57:07 twinc postfix/smtpd[12194]: NOQUEUE: reject: RCPT from
          > unknown[216.163.249.229]: 450 4.7.1 Client host rejected: cannot find
          > your reverse hostname, [216.163.249.229];
          > from=<redacted@...> to=<redacted@...>
          > proto=ESMTP helo=<ms1.metlifecommercial.com>
          >
          >
          > The crux is that this host does have (an abundance of) rDNS:
          >
          > [blake@twinc ~]# host 216.163.249.229
          > ;; Truncated, retrying in TCP mode.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.dmmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.egadbprod.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.iimetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.afimetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.arsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.avsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.dlmmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.dnumetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.docviewweb.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.edwmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.eesmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.epmmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.erpmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.iibmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.metlifenet.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.mmpmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.prfmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.rpgmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.stimetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.alpsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.amnpmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.calcmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.catsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.glifmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.ibcsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.lifemetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.lsmsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.massmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.ribsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.smrsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.statmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.tajsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.witnessgold.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.witnessprod.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.dmassmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.emonemetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.linusmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.metlife-ihub.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.murexmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.parismetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.pmacsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.xtivametlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.avenuemetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.bdwisemetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.caesarmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.citrixmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.grpannmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.ifecadmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.legal-lawdept.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.siebelmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.tlarsametlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.tlazawmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.charliemetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.crcsurfmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.metcommpipedev.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.paragonmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.powerimageprod.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.ermskanametlife.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.glif-pm-metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.intelccometlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.kamakurametlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.orangesmmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.prosightmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.securitypricing.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.startrakmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.workdeskmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.reconplusmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.tinternetmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.tlacalltrmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.bpsconsumemetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.incomeprojections.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.qeconsumermetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.qeintranetmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.sbcpricingmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.tlaannuitymetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.bpsconsumermetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.internallidmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.ltcvignettemetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.prod-erpdbametlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.remedyitsm-metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.fieldpayrollmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.metcaretngdrmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.metcarecgprodmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.sbrereportingmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms2.metcaretngprodmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > www.fegli04.com.249.163.216.in-addr.arpa.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > www.fegli04.net.249.163.216.in-addr.arpa.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > www.fegli04.org.249.163.216.in-addr.arpa.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > www.fegli2004.com.249.163.216.in-addr.arpa.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > www.fegli2004.net.249.163.216.in-addr.arpa.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > www.fegli2004.org.249.163.216.in-addr.arpa.
          > 229.249.163.216.in-addr.arpa domain name pointer entlic.com.
          > 229.249.163.216.in-addr.arpa domain name pointer metcss.com.
          > 229.249.163.216.in-addr.arpa domain name pointer metmis.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ins-uis.com.
          > 229.249.163.216.in-addr.arpa domain name pointer inv-met.com.
          > 229.249.163.216.in-addr.arpa domain name pointer methdsystems.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.crcbsp.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metdir.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metdlm.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metscc.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.mettpm.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.meticms.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metrisc.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.wpsnefn.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metemail.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.mao-cfeed.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metdeploy.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.cecmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.easmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.efametlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.inv-metcam.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.lifeadvice.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metcalligo.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metconnect.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metibwsreg.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metliferis.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifetsm.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metnotices.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metproject.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metpserpwf.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.nefannuity.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.nefletters.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.retirelink.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.tlcmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.wpsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.comsmailing.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.ibppmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metcommpipe.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.meteservice.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifebank.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifetech.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metpresents.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.peppmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.enewbusiness.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metfastforms.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifee401k.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifeleads.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifeleads.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlntlnslnv.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metpserpwfqa.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.nefnservices.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.reversetango.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.genamservices.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.mao-autoapply.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metaproposreq.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlife-deriv.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.nefctsreports.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.wpsgenamerica.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.doctechmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.fielddirectory.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifeseclend.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifeservice.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifestorage.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.regsvcsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.sir2000metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.lifecad-metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.methyattnotices.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metinvestmetreg.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.nefconnectcycle.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.investmetsupport.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metclientsitereg.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms.metlifehomeloans.net.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms.taxdatacollection.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms.lifeservicesmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms.lpmservices-metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms.metlifeillustrations.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms.metcommercialservices.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms.metlifecorporateactuarial.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms.mao-ev15fixedannualstatements.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms.mao-ev15dailyfinancialconfirms.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.meteas.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metsdo.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metecap.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metetad.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.ecap-dca.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.itrbrmet.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metables.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metables.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.ahreports.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.efabusobj.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.fegli2004.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metcrtsdb.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metptgweb.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.ausmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.bcpmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.cdfmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.csametlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.efametlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.fpwmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.fwsmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.idwmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.iismetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.instmetdba.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metcommapp.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlifedco.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.metlifedco.met_smartoffice.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeega.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metliferic.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metpaybase.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metsadbreg.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.pasmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.securemail.metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.srdmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.isprmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.kms-metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metaddisppm.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metbusiness.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metdatamart.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metewintest.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.remedymlihd.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.detadmin-met.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.instmetdbaqa.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.itpm-metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metipmetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlife-itrc.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlifee401k.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeforms.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeschda.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.annuities1on1.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metalarmpoint.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metdisability.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metinstreport.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeentkms.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeitrisk.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.bdcats-metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.ithelp-metlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.itpm-metlifeqa.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metclarityprod.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.meticontactreg.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeagloans.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.met_smartoffice.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms1.metlifeahdirect.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.metclarityreports.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.metlifecommercial.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.nbcwebsitemetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.dataarchivemetlife.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.metlifetechnologies.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.metlifebrokeropmetric.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.contentdistributionhub.com.
          > 229.249.163.216.in-addr.arpa domain name pointer
          > ms1.metlifecoralnotification.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.fas91.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.tlait.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.ot2dba.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.udbmet.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.ctxprod.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.acts-met.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.bdproddb.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.metenlic.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.bonusprod.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.crpsysmet.com.
          > 229.249.163.216.in-addr.arpa domain name pointer ms2.dasportal.com.
          >
          > I've temproarily whitelisted the sending server. However, what to do
          > about the DNS issue (this isn't the first sender that I've ran into
          > this issue with)? Is this an error in Postfix or with my system (RHEL 5)?
          >
          > --Blake
          >

          Notwithstanding Wietse's reply (he would know how postfix deals with
          DNS), if you look up that address range from the root on down (dig -4
          +trace ns 216.163.249.229), we get this:

          249.163.216.in-addr.arpa. 86400 IN NS ns2.metlife.com.
          249.163.216.in-addr.arpa. 86400 IN NS ns3.metlife.com.
          249.163.216.in-addr.arpa. 86400 IN NS ns.metlife.com.

          Asking each of these in turn leads to ns2 returning that ridiculous list
          you showed.
          The other two don't respond at all - that's right: they do not respond
          to DNS queries.

          Something is definitely Up with their DNS - from the looks of that
          response, it is comprehensively misconfigured.

          Perhaps your resolver gives up when no UDP answer is received for a PTR
          query; that would explain the postfix error.

          --
          J.
        • Blake Hudson
          ... Hm, no failures here... UDP and TCP both work. I won t disagree with the ridiculousness of the response. # dig @ns.metlife.com -x 216.163.249.229 +ignore ;
          Message 4 of 14 , Oct 15, 2013
          • 0 Attachment
            Jeroen Geilman wrote the following on 10/14/2013 7:05 PM:
            > On 10/14/2013 08:41 PM, Blake Hudson wrote:
            >> I'm seeing the following errors when a prominent North American life
            >> insurance vendor attempts to send me email.
            >>
            >> Oct 14 12:57:07 twinc postfix/smtpd[12194]: NOQUEUE: reject: RCPT
            >> from unknown[216.163.249.229]: 450 4.7.1 Client host rejected: cannot
            >> find your reverse hostname, [216.163.249.229];
            >> from=<redacted@...> to=<redacted@...>
            >> proto=ESMTP helo=<ms1.metlifecommercial.com>
            >>
            >>
            >> The crux is that this host does have (an abundance of) rDNS:
            >>
            >> [blake@twinc ~]# host 216.163.249.229
            >> ;; Truncated, retrying in TCP mode.
            >> 229.249.163.216.in-addr.arpa domain name pointer ms2.dmmetlife.com.
            >> 229.249.163.216.in-addr.arpa domain name pointer ms2.egadbprod.com.
            >> 229.249.163.216.in-addr.arpa domain name pointer ms2.iimetlife.com.
            >> 229.249.163.216.in-addr.arpa domain name pointer ms2.afimetlife.com.
            >> ...
            >>
            >> I've temproarily whitelisted the sending server. However, what to do
            >> about the DNS issue (this isn't the first sender that I've ran into
            >> this issue with)? Is this an error in Postfix or with my system (RHEL
            >> 5)?
            >>
            >> --Blake
            >>
            >
            > Notwithstanding Wietse's reply (he would know how postfix deals with
            > DNS), if you look up that address range from the root on down (dig -4
            > +trace ns 216.163.249.229), we get this:
            >
            > 249.163.216.in-addr.arpa. 86400 IN NS ns2.metlife.com.
            > 249.163.216.in-addr.arpa. 86400 IN NS ns3.metlife.com.
            > 249.163.216.in-addr.arpa. 86400 IN NS ns.metlife.com.
            >
            > Asking each of these in turn leads to ns2 returning that ridiculous
            > list you showed.
            > The other two don't respond at all - that's right: they do not respond
            > to DNS queries.
            >
            > Something is definitely Up with their DNS - from the looks of that
            > response, it is comprehensively misconfigured.
            >
            > Perhaps your resolver gives up when no UDP answer is received for a
            > PTR query; that would explain the postfix error.
            >

            Hm, no failures here... UDP and TCP both work. I won't disagree with the
            ridiculousness of the response.

            # dig @... -x 216.163.249.229 +ignore

            ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> @... -x
            216.163.249.229 +ignore
            ; (1 server found)
            ;; global options: printcmd
            ;; Got answer:
            ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40752
            ;; flags: qr aa tc rd; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0

            ;; QUESTION SECTION:
            ;229.249.163.216.in-addr.arpa. IN PTR

            ;; ANSWER SECTION:
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.idwmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metscc.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.witnessgold.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.smrsmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metecap.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.ribsmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.tlait.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metpaybase.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.prfmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR
            ms.metlifecorporateactuarial.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.mmpmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metconnect.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.ahreports.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metptgweb.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms.genamservices.com.

            ;; Query time: 54 msec
            ;; SERVER: 216.163.249.248#53(216.163.249.248)
            ;; WHEN: Tue Oct 15 09:40:59 2013
            ;; MSG SIZE rcvd: 487

            # dig @... -x 216.163.249.229 +ignore

            ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> @... -x
            216.163.249.229 +ignore
            ; (1 server found)
            ;; global options: printcmd
            ;; Got answer:
            ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32222
            ;; flags: qr aa tc rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0

            ;; QUESTION SECTION:
            ;229.249.163.216.in-addr.arpa. IN PTR

            ;; ANSWER SECTION:
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.sbcpricingmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.nbcwebsitemetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.metcaretngdrmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.lifemetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.isprmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR
            www.fegli04.com.249.163.216.in-addr.arpa.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.efametlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms.wpsnefn.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.meticontactreg.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.epmmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.lsmsmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.ahreports.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metlifetech.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR
            www.fegli2004.org.249.163.216.in-addr.arpa.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms.mettpm.com.

            ;; Query time: 61 msec
            ;; SERVER: 216.163.240.251#53(216.163.240.251)
            ;; WHEN: Tue Oct 15 09:41:03 2013
            ;; MSG SIZE rcvd: 508

            # dig @... -x 216.163.249.229 +ignore

            ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> @... -x
            216.163.249.229 +ignore
            ; (1 server found)
            ;; global options: printcmd
            ;; Got answer:
            ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3067
            ;; flags: qr aa tc rd; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 0

            ;; QUESTION SECTION:
            ;229.249.163.216.in-addr.arpa. IN PTR

            ;; ANSWER SECTION:
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metcrtsdb.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metetad.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.itpm-metlifeqa.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metproject.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.siebelmetlife.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metcommpipe.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metables.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.powerimageprod.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metdir.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metables.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.crpsysmet.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR
            www.fegli2004.com.249.163.216.in-addr.arpa.
            229.249.163.216.in-addr.arpa. 1800 IN PTR metmis.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.bdproddb.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metlifeahdirect.com.
            229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.metlife-ihub.com.

            ;; Query time: 54 msec
            ;; SERVER: 204.146.159.27#53(204.146.159.27)
            ;; WHEN: Tue Oct 15 09:41:07 2013
            ;; MSG SIZE rcvd: 508
          • Wietse Venema
            ... I get a similar result on a Linux box: $ ./getnameinfo 216.163.249.229 Hostname: ms2.smrsmetlife.com Address: 216.163.249.229 $ ./getaddrinfo
            Message 5 of 14 , Oct 15, 2013
            • 0 Attachment
              Wietse Venema:
              > The DNS query is made by the SYSTEM LIBRARY functions getnameinfo()
              > and getaddrinfo(). Postfix has no control over how they work.
              >
              > When I test this with Postfix test programs for these functions:
              >
              > % ./getnameinfo 216.163.249.229
              > Hostname: ms.metlifeleads.com
              > Address: 216.163.249.229
              >
              > % ./getaddrinfo ms.metlifeleads.com
              > Hostname: ms.metlifeleads.com
              > Addresses: 216.163.249.229
              >
              > (The test programs are in the Postfix source code distribution
              > under auxiliary/name-addr-test/)
              >
              > My non-Linux system returns one PTR result (ms.metlifeleads.com);
              > the A record for this name is 216.163.249.229, and Postfix would
              > be satisfied with the result.

              I get a similar result on a Linux box:

              $ ./getnameinfo 216.163.249.229
              Hostname: ms2.smrsmetlife.com
              Address: 216.163.249.229

              $ ./getaddrinfo ms2.smrsmetlife.com
              Hostname: ms2.smrsmetlife.com
              Addresses: 216.163.249.229

              Again, Postfix should work OK with this.

              I'm starting to suspect that the OP may have a bad DNS implementation.
              Maybe some cheap router?

              > I suspect that it doesn't work this way on your system. Some Linux
              > distributions require extra configuration to handle more than reply
              > per query. I have forgotten what the option is.

              This is the "multi on" option in /etc/host.conf; documentation
              says that this affects /etc/hosts lookups, so not applicable to
              DNS queries.

              Wietse
            • Blake Hudson
              ... Thanks for the reminder about where to locate the test programs Wietse. I confirmed this appears to be an issue with RHEL5 (all patches applied today). The
              Message 6 of 14 , Oct 15, 2013
              • 0 Attachment
                Wietse Venema wrote the following on 10/15/2013 9:55 AM:
                > Wietse Venema:
                >> The DNS query is made by the SYSTEM LIBRARY functions getnameinfo()
                >> and getaddrinfo(). Postfix has no control over how they work.
                >>
                >> When I test this with Postfix test programs for these functions:
                >>
                >> % ./getnameinfo 216.163.249.229
                >> Hostname: ms.metlifeleads.com
                >> Address: 216.163.249.229
                >>
                >> % ./getaddrinfo ms.metlifeleads.com
                >> Hostname: ms.metlifeleads.com
                >> Addresses: 216.163.249.229
                >>
                >> (The test programs are in the Postfix source code distribution
                >> under auxiliary/name-addr-test/)
                >>
                >> My non-Linux system returns one PTR result (ms.metlifeleads.com);
                >> the A record for this name is 216.163.249.229, and Postfix would
                >> be satisfied with the result.
                > I get a similar result on a Linux box:
                >
                > $ ./getnameinfo 216.163.249.229
                > Hostname: ms2.smrsmetlife.com
                > Address: 216.163.249.229
                >
                > $ ./getaddrinfo ms2.smrsmetlife.com
                > Hostname: ms2.smrsmetlife.com
                > Addresses: 216.163.249.229
                >
                > Again, Postfix should work OK with this.
                >
                > I'm starting to suspect that the OP may have a bad DNS implementation.
                > Maybe some cheap router?
                >
                >> I suspect that it doesn't work this way on your system. Some Linux
                >> distributions require extra configuration to handle more than reply
                >> per query. I have forgotten what the option is.
                > This is the "multi on" option in /etc/host.conf; documentation
                > says that this affects /etc/hosts lookups, so not applicable to
                > DNS queries.
                >
                > Wietse

                Thanks for the reminder about where to locate the test programs Wietse.
                I confirmed this appears to be an issue with RHEL5 (all patches applied
                today). The issue is resolved in RHEL6. I am running a local instance of
                BIND (bind-9.3.6-20.P1.el5_8.6) on the affected server(s).

                # ./getnameinfo 216.163.249.229
                getnameinfo 216.163.249.229: Name or service not known

                # host 216.163.249.229
                ;; Truncated, retrying in TCP mode.
                229.249.163.216.in-addr.arpa domain name pointer ms.metcalligo.com.
                229.249.163.216.in-addr.arpa domain name pointer ms1.metlifee401k.com.
                229.249.163.216.in-addr.arpa domain name pointer
                ms2.fieldpayrollmetlife.com.
                229.249.163.216.in-addr.arpa domain name pointer ms.nefannuity.com.
                ...


                --Blake
              • Jeroen Geilman
                ... This is utterly reproducible for me; running a local BIND 9.9.2 on Slackware 14.0/kernel 3.2.29: root@fusion:~# dig @ns.metlife.com -x 216.163.249.229
                Message 7 of 14 , Oct 15, 2013
                • 0 Attachment
                  On 10/15/2013 05:03 PM, Blake Hudson wrote:
                  >
                  > Wietse Venema wrote the following on 10/15/2013 9:55 AM:
                  >> Wietse Venema:
                  >>> The DNS query is made by the SYSTEM LIBRARY functions getnameinfo()
                  >>> and getaddrinfo(). Postfix has no control over how they work.
                  >>>
                  >>> When I test this with Postfix test programs for these functions:
                  >>>
                  >>> % ./getnameinfo 216.163.249.229
                  >>> Hostname: ms.metlifeleads.com
                  >>> Address: 216.163.249.229
                  >>>
                  >>> % ./getaddrinfo ms.metlifeleads.com
                  >>> Hostname: ms.metlifeleads.com
                  >>> Addresses: 216.163.249.229
                  >>>
                  >>> (The test programs are in the Postfix source code distribution
                  >>> under auxiliary/name-addr-test/)
                  >>>
                  >>> My non-Linux system returns one PTR result (ms.metlifeleads.com);
                  >>> the A record for this name is 216.163.249.229, and Postfix would
                  >>> be satisfied with the result.
                  >> I get a similar result on a Linux box:
                  >>
                  >> $ ./getnameinfo 216.163.249.229
                  >> Hostname: ms2.smrsmetlife.com
                  >> Address: 216.163.249.229
                  >>
                  >> $ ./getaddrinfo ms2.smrsmetlife.com
                  >> Hostname: ms2.smrsmetlife.com
                  >> Addresses: 216.163.249.229
                  >>
                  >> Again, Postfix should work OK with this.
                  >>
                  >> I'm starting to suspect that the OP may have a bad DNS implementation.
                  >> Maybe some cheap router?
                  >>
                  >>> I suspect that it doesn't work this way on your system. Some Linux
                  >>> distributions require extra configuration to handle more than reply
                  >>> per query. I have forgotten what the option is.
                  >> This is the "multi on" option in /etc/host.conf; documentation
                  >> says that this affects /etc/hosts lookups, so not applicable to
                  >> DNS queries.
                  >>
                  >> Wietse
                  >

                  This is utterly reproducible for me; running a local BIND 9.9.2 on
                  Slackware 14.0/kernel 3.2.29:

                  root@fusion:~# dig @... -x 216.163.249.229 +ignore

                  ; <<>> DiG 9.9.2-P2 <<>> @... -x 216.163.249.229 +ignore
                  ; (1 server found)
                  ;; global options: +cmd
                  ;; connection timed out; no servers could be reached
                  root@fusion:~# dig -v
                  DiG 9.9.2-P2

                  root@fusion:~# dig @... -x 216.163.249.229 +ignore

                  ; <<>> DiG 9.9.2-P2 <<>> @... -x 216.163.249.229 +ignore
                  ; (1 server found)
                  ;; global options: +cmd
                  ;; connection timed out; no servers could be reached

                  root@fusion:~# dig @... -x 216.163.249.229 +ignore

                  ; <<>> DiG 9.9.2-P2 <<>> @... -x 216.163.249.229 +ignore
                  ; (1 server found)
                  ;; global options: +cmd
                  ;; Got answer:
                  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55576
                  ;; flags: qr aa tc rd ra; QUERY: 1, ANSWER: 38, AUTHORITY: 0, ADDITIONAL: 1

                  ;; OPT PSEUDOSECTION:
                  ; EDNS: version: 0, flags:; udp: 1280
                  ;; QUESTION SECTION:
                  ;229.249.163.216.in-addr.arpa. IN PTR

                  ;; ANSWER SECTION:
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms.tlcmetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metaddisppm.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.metcommpipedev.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.met_smartoffice.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.metcaretngprodmetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.massmetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metecap.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.instmetdba.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metcommpipe.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metconnect.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metbusiness.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metlifeitrisk.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms.wpsgenamerica.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metsdo.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.orangesmmetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.crcsurfmetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.meteas.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metpaybase.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.pmacsmetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.instmetdbaqa.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.nbcwebsitemetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR entlic.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.ctxprod.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.prod-erpdbametlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.efabusobj.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.dmmetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.qeintranetmetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.csametlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metdeploy.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metlifeleads.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.lifemetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR
                  www.fegli2004.com.249.163.216.in-addr.arpa.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms1.metlifeforms.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms.meteservice.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms.metcommercialservices.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.internallidmetlife.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR
                  ms.mao-ev15fixedannualstatements.com.
                  229.249.163.216.in-addr.arpa. 1800 IN PTR ms2.qeconsumermetlife.com.

                  ;; Query time: 132 msec
                  ;; SERVER: 216.163.240.251#53(216.163.240.251)
                  ;; WHEN: Wed Oct 16 00:22:11 2013
                  ;; MSG SIZE rcvd: 1247

                  It seems totally random, and apparently bound by geographic location (I
                  am not in the US).

                  The previous query to ns2 returned over 120 records, and different ones
                  kept showing up for every repeat query.

                  Let's hope they are better at guarding your insurance money :)

                  --
                  J.
                • Peter
                  ... el5 also has bind97 packages, try upgrading to that and see if it fixes your issue. Peter
                  Message 8 of 14 , Oct 16, 2013
                  • 0 Attachment
                    On 10/16/2013 04:03 AM, Blake Hudson wrote:
                    >
                    > Thanks for the reminder about where to locate the test programs Wietse.
                    > I confirmed this appears to be an issue with RHEL5 (all patches applied
                    > today). The issue is resolved in RHEL6. I am running a local instance of
                    > BIND (bind-9.3.6-20.P1.el5_8.6) on the affected server(s).

                    el5 also has bind97 packages, try upgrading to that and see if it fixes
                    your issue.


                    Peter
                  • Blake Hudson
                    ... BIND seems to be working fine as far as I can tell... All the normal tools: dig, host, nslookup are working when querying either the local BIND 9.3
                    Message 9 of 14 , Oct 17, 2013
                    • 0 Attachment
                      Peter wrote the following on 10/16/2013 5:32 PM:
                      > On 10/16/2013 04:03 AM, Blake Hudson wrote:
                      >> Thanks for the reminder about where to locate the test programs Wietse.
                      >> I confirmed this appears to be an issue with RHEL5 (all patches applied
                      >> today). The issue is resolved in RHEL6. I am running a local instance of
                      >> BIND (bind-9.3.6-20.P1.el5_8.6) on the affected server(s).
                      > el5 also has bind97 packages, try upgrading to that and see if it fixes
                      > your issue.
                      >
                      >
                      > Peter
                      BIND seems to be working fine as far as I can tell... All the normal
                      tools: dig, host, nslookup are working when querying either the local
                      BIND 9.3 instance or a remote 9.8 instance. The problem seems limited to
                      applications that rely on the kernel function getnameinfo. How would
                      updating to bind 9.7 resolve that?

                      --Blake
                    • /dev/rob0
                      ... Yes, that sounds correct. When dig returns what you expect, DNS is working. ... FWIW that is a libc function, not a kernel function. And yes, you re right
                      Message 10 of 14 , Oct 17, 2013
                      • 0 Attachment
                        On Thu, Oct 17, 2013 at 12:01:39PM -0500, Blake Hudson wrote:
                        > Peter wrote the following on 10/16/2013 5:32 PM:
                        > >On 10/16/2013 04:03 AM, Blake Hudson wrote:
                        > >>Thanks for the reminder about where to locate the test programs
                        > >>Wietse. I confirmed this appears to be an issue with RHEL5 (all
                        > >>patches applied today). The issue is resolved in RHEL6. I am
                        > >>running a local instance of BIND (bind-9.3.6-20.P1.el5_8.6) on
                        > >>the affected server(s).

                        > >el5 also has bind97 packages, try upgrading to that and see if
                        > >it fixes your issue.
                        > >
                        > BIND seems to be working fine as far as I can tell... All the
                        > normal tools: dig, host, nslookup are working when querying either
                        > the local BIND 9.3 instance or a remote 9.8 instance. The problem

                        Yes, that sounds correct. When dig returns what you expect, DNS is
                        working.

                        > seems limited to applications that rely on the kernel function
                        > getnameinfo. How would updating to bind 9.7 resolve that?

                        FWIW that is a libc function, not a kernel function. And yes, you're
                        right again; changing BIND won't help.

                        Did you look at Red Hat's bug database? Perhaps they fixed this for
                        RHEL5 also?
                        --
                        http://rob0.nodns4.us/ -- system administration and consulting
                        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
                      • Blake Hudson
                        ... Thanks for the confirmation Rob. I had gotten a couple suggestions (on and off list) to switch to different DNS software and was honestly curious if that
                        Message 11 of 14 , Oct 17, 2013
                        • 0 Attachment
                          /dev/rob0 wrote the following on 10/17/2013 12:17 PM:
                          > On Thu, Oct 17, 2013 at 12:01:39PM -0500, Blake Hudson wrote:
                          >> Peter wrote the following on 10/16/2013 5:32 PM:
                          >>> On 10/16/2013 04:03 AM, Blake Hudson wrote:
                          >>>> Thanks for the reminder about where to locate the test programs
                          >>>> Wietse. I confirmed this appears to be an issue with RHEL5 (all
                          >>>> patches applied today). The issue is resolved in RHEL6. I am
                          >>>> running a local instance of BIND (bind-9.3.6-20.P1.el5_8.6) on
                          >>>> the affected server(s).
                          >>> el5 also has bind97 packages, try upgrading to that and see if
                          >>> it fixes your issue.
                          >>>
                          >> BIND seems to be working fine as far as I can tell... All the
                          >> normal tools: dig, host, nslookup are working when querying either
                          >> the local BIND 9.3 instance or a remote 9.8 instance. The problem
                          > Yes, that sounds correct. When dig returns what you expect, DNS is
                          > working.
                          >
                          >> seems limited to applications that rely on the kernel function
                          >> getnameinfo. How would updating to bind 9.7 resolve that?
                          > FWIW that is a libc function, not a kernel function. And yes, you're
                          > right again; changing BIND won't help.
                          >
                          > Did you look at Red Hat's bug database? Perhaps they fixed this for
                          > RHEL5 also?

                          Thanks for the confirmation Rob. I had gotten a couple suggestions (on
                          and off list) to switch to different DNS software and was honestly
                          curious if that would have any impact.

                          Based on your suggestion, I did find the following bug report for glibc
                          from 2008 (that looks like Wietse had an indirect hand in):
                          http://sourceware.org/bugzilla/show_bug.cgi?id=5790

                          It appears that the issue was resolved in glibc due to Leonardo's
                          diligence. Unfortunately, although the issue was reported to RH via
                          their Fedora bugzilla it doesn't appear RH ever took any action. Based
                          on my results, I don't believe RH ever backported this fix to any
                          version of RHEL. I'm not too worried about it since we've migrated most
                          of our servers to RHEL 6 and the issue is resolved in the version of
                          glibc used in there. However, I will see if I can file a bug report and
                          have RHEL take action to prevent others from running into the same issue.

                          Thank you for your and Weitse's comments and suggestions which helped
                          confirm where this issue was so I can address the problem directly and
                          mitigate any additional customer impact.

                          --Blake
                        • Leonardo Rodrigues
                          ... i was about to reply that i had similar problems some years ago ... just have, at this exact moment, the URL on my clipboard for pasting :) i m the
                          Message 12 of 14 , Oct 17, 2013
                          • 0 Attachment
                            Em 17/10/13 15:09, Blake Hudson escreveu:
                            >
                            > Based on your suggestion, I did find the following bug report for
                            > glibc from 2008 (that looks like Wietse had an indirect hand in):
                            > http://sourceware.org/bugzilla/show_bug.cgi?id=5790
                            >
                            > It appears that the issue was resolved in glibc due to Leonardo's
                            > diligence. Unfortunately, although the issue was reported to RH via
                            > their Fedora bugzilla it doesn't appear RH ever took any action. Based
                            > on my results, I don't believe RH ever backported this fix to any
                            > version of RHEL. I'm not too worried about it since we've migrated
                            > most of our servers to RHEL 6 and the issue is resolved in the version
                            > of glibc used in there. However, I will see if I can file a bug report
                            > and have RHEL take action to prevent others from running into the same
                            > issue.
                            >
                            > Thank you for your and Weitse's comments and suggestions which helped
                            > confirm where this issue was so I can address the problem directly and
                            > mitigate any additional customer impact.
                            >

                            i was about to reply that i had similar problems some years ago ...
                            just have, at this exact moment, the URL on my clipboard for pasting :)

                            i'm the Leonardo that filed that bug report ...




                            --


                            Atenciosamente / Sincerily,
                            Leonardo Rodrigues
                            Solutti Tecnologia
                            http://www.solutti.com.br

                            Minha armadilha de SPAM, NÃO mandem email
                            gertrudes@...
                            My SPAMTRAP, do not email it
                          • Blake Hudson
                            ... Thanks Leonardo. In fact, I remembered your issue (or one similar to it), but not with enough clarity to lead me to the exact problem without some
                            Message 13 of 14 , Oct 18, 2013
                            • 0 Attachment
                              Leonardo Rodrigues wrote the following on 10/17/2013 2:04 PM:
                              > Em 17/10/13 15:09, Blake Hudson escreveu:
                              >>
                              >> Based on your suggestion, I did find the following bug report for
                              >> glibc from 2008 (that looks like Wietse had an indirect hand in):
                              >> http://sourceware.org/bugzilla/show_bug.cgi?id=5790
                              >>
                              >> It appears that the issue was resolved in glibc due to Leonardo's
                              >> diligence. Unfortunately, although the issue was reported to RH via
                              >> their Fedora bugzilla it doesn't appear RH ever took any action.
                              >> Based on my results, I don't believe RH ever backported this fix to
                              >> any version of RHEL. I'm not too worried about it since we've
                              >> migrated most of our servers to RHEL 6 and the issue is resolved in
                              >> the version of glibc used in there. However, I will see if I can file
                              >> a bug report and have RHEL take action to prevent others from running
                              >> into the same issue.
                              >>
                              >> Thank you for your and Weitse's comments and suggestions which helped
                              >> confirm where this issue was so I can address the problem directly
                              >> and mitigate any additional customer impact.
                              >>
                              >
                              > i was about to reply that i had similar problems some years ago
                              > ... just have, at this exact moment, the URL on my clipboard for
                              > pasting :)
                              >
                              > i'm the Leonardo that filed that bug report ...
                              >
                              Thanks Leonardo. In fact, I remembered your issue (or one similar to
                              it), but not with enough clarity to lead me to the exact problem without
                              some additional help.

                              I went ahead and filed a bug against RHEL 5 through RedHat's bugzilla
                              (https://bugzilla.redhat.com/show_bug.cgi?id=1020486). I received a
                              response within 24 hours that RH will "... consider this bug while we
                              scope issues to fix for the next release.". I'm guessing that means that
                              in RHEL 5.10 there's a slim chance this issue might be resolved. Perhaps
                              we will save someone else from wasting time with the same issue. Thanks
                              for your diligence investigating and reporting this issue to RH and the
                              glibc guys.

                              --Blake
                            • Blake Hudson
                              ... Looks like we missed the RHEL 5.10 deadline, but should have this fixed
                              Message 14 of 14 , Nov 26, 2013
                              • 0 Attachment
                                Blake Hudson wrote the following on 10/18/2013 4:40 PM:
                                >
                                > Leonardo Rodrigues wrote the following on 10/17/2013 2:04 PM:
                                >> Em 17/10/13 15:09, Blake Hudson escreveu:
                                >>>
                                >>> Based on your suggestion, I did find the following bug report for
                                >>> glibc from 2008 (that looks like Wietse had an indirect hand in):
                                >>> http://sourceware.org/bugzilla/show_bug.cgi?id=5790
                                >>>
                                >>> It appears that the issue was resolved in glibc due to Leonardo's
                                >>> diligence. Unfortunately, although the issue was reported to RH via
                                >>> their Fedora bugzilla it doesn't appear RH ever took any action.
                                >>> Based on my results, I don't believe RH ever backported this fix to
                                >>> any version of RHEL. I'm not too worried about it since we've
                                >>> migrated most of our servers to RHEL 6 and the issue is resolved in
                                >>> the version of glibc used in there. However, I will see if I can
                                >>> file a bug report and have RHEL take action to prevent others from
                                >>> running into the same issue.
                                >>>
                                >>> Thank you for your and Weitse's comments and suggestions which
                                >>> helped confirm where this issue was so I can address the problem
                                >>> directly and mitigate any additional customer impact.
                                >>>
                                >>
                                >> i was about to reply that i had similar problems some years ago
                                >> ... just have, at this exact moment, the URL on my clipboard for
                                >> pasting :)
                                >>
                                >> i'm the Leonardo that filed that bug report ...
                                >>
                                > Thanks Leonardo. In fact, I remembered your issue (or one similar to
                                > it), but not with enough clarity to lead me to the exact problem
                                > without some additional help.
                                >
                                > I went ahead and filed a bug against RHEL 5 through RedHat's bugzilla
                                > (https://bugzilla.redhat.com/show_bug.cgi?id=1020486). I received a
                                > response within 24 hours that RH will "... consider this bug while we
                                > scope issues to fix for the next release.". I'm guessing that means
                                > that in RHEL 5.10 there's a slim chance this issue might be resolved.
                                > Perhaps we will save someone else from wasting time with the same
                                > issue. Thanks for your diligence investigating and reporting this
                                > issue to RH and the glibc guys.
                                >
                                > --Blake
                                Looks like we missed the RHEL 5.10 deadline, but should have this fixed
                                in RHEL 5.11 based on the following bugzilla comment:
                                > Jeff Law 2013-11-26 11:36:54 EST
                                > Just an FYI from the planning call. This will be ack'd by PM and is expected
                                > to be within QE capacity for RHEL 5.11.
                              Your message has been successfully submitted and would be delivered to recipients shortly.