Daniel Gehriger
gehriger@linkcad.com
Wed Feb 28 08:29:00 UTC 2007
Vernon Schryver wrote: >> From: Daniel Gehriger > >>> The complaints about DNS timeouts are not good. Is something wrong >>> with your DNS system? Dccifd should have at least received NXDOMAIN >>> for 86.59.190.206.zen.spamhaus.org from your local caching DNS server. > >> There shouldn't be any issues with >> the DNS system. Most of the time, dccifd doesn't complain about timeouts >> but then I get waves of those messages until a new DCC DNS helper is >> started. > > I suspect that is turned around and that extra dns-helper processes > are not started until enough of the current helpers have gone missing in > action (and generated complaints) to convince dccifd to start more. > > Dccifd (and dccm) keep track of the numbers of active and free dns-helper > processes and try to keep at least one spare, inactive. If according > to the numbers, another helper is needed, it is created before an > attempt is made to talk to the herd of helpers. If the resolver library > timeouts are working, then the helpers don't get stuck in the resolver > library code, and there should never be a problem. If the BIND timeout > hooks are not present or not working, helpers can be busy waiting > while dccifd thinks they are idle. Dccifd should eventually realize > as much and create more helpers, not immediately. > So I suspect that your system does not have a normal BIND resolver > library. Does it have the "improved" Linux version? I have bind 9.2.2: Name : bind Version : 9.2.2 Vendor : SuSE Linux AG, Nuernberg, Germany Release : 31 Build Date : Thu Oct 2 23:15:13 2003 Install date: Wed Mar 1 21:37:35 2006 Group : Productivity/Networking/DNS/Servers Source RPM : bind-9.2.2-31.src.rpm Size : 5359971 Packager : http://www.suse.de/feedback URL : http://www.isc.org/products/BIND/bind9.html Summary : BIND - Domain Name Server > > What messages do you see in the system log from the dns-helper processes? There are only the initial startup messages in the syslog. The mail log contains, for instance: > Feb 28 09:20:14 vps183 dccifd[28510]: DNSBL helper about to exec /var/dcc/libexec/dns-helper -B set:debug=5 -B relays.ordb.org,any -B zen.spamhaus.org,any -B set:helper=4,13,1 > Feb 28 09:20:25 vps183 dccifd[27955]: no DNSBL helper answer > Feb 28 09:20:25 vps183 dccifd[27955]: 2AORSc DNSBL failed for davecarlson.com, 3.0 msg-secs remaining > Feb 28 09:20:36 vps183 dccifd[27955]: no DNSBL helper answer > Feb 28 09:20:36 vps183 dccifd[27955]: 2AORSc DNSBL exhausted 25 msg-secs for bls.hz5mnbmbnpm8wzzonzz6nhhz.acushlagc.com > Feb 28 09:21:04 vps183 dccifd[29867]: 2AORSe DNSBL answer SMTP client hit for sender 202.54.78.195 > Feb 28 09:21:04 vps183 dccifd[29867]: DNSBL client hit 195.78.54.202.zen.spamhaus.org > Feb 28 09:21:16 vps183 dccifd[29914]: 2AORSg DNSBL answer SMTP client hit for sender 202.54.78.195 > Feb 28 09:21:16 vps183 dccifd[29914]: DNSBL client hit 195.78.54.202.zen.spamhaus.org > Feb 28 09:24:04 vps183 dccifd[32522]: no DNSBL helper answer > Feb 28 09:24:04 vps183 dccifd[32522]: 2AORSi DNSBL failed for sender 206.190.52.120, 14.0 msg-secs remaining > Feb 28 09:24:15 vps183 dccifd[32522]: no DNSBL helper answer > Feb 28 09:24:15 vps183 dccifd[32522]: restart DNSBL helpers > Feb 28 09:24:15 vps183 dccifd[32522]: 2AORSi DNSBL failed for r.leadmailing.com, 3.0 msg-secs remaining > Feb 28 09:24:15 vps183 dccifd[32764]: DNSBL helper about to exec /var/dcc/libexec/dns-helper -B set:debug=5 -B relays.ordb.org,any -B zen.spamhaus.org,any -B set:helper=4,13,0 >>> However, none of that is not relevant to this case, because dccifd says >>> that it got no answers from your DNS resolver. Besides, "DCC-->spam" > >> /var/dcc/libexec/dccifd -Ivscan -tREP,10 -tCMN,50,50 -Bset:debug=5 >> -Brelays.ordb.org,any -Bzen.spamhaus.org,any -llog -wwhiteclnt >> -Uuserdirs -GIPmask/24 -p 127.0.0.1,10023 127.0.0.1/32 -o >> 127.0.0.1,10026 -SHELO -Smail_host -SSender -SList-ID > > Is fact is there a comma instead of a blank between "127.0.0.1,10023" > and "127.0.0.1/32"? Not in the output of 'ps', but in the config file, yes. I attached the dcc_conf file. > > Are you sure those are all of dccifd's args? The rejection message > for the problematic messages was > 550 5.7.1 Service unavailable; Mail rejected as SPAM > That could have been produced with a -B or -r arg, but not otherwise. You are correct of course. I removed those arguments for clarity. > > I have tried a bunch of things, but failed to duplicate anything > like the problem. I'll try installing a newer 'bind' library and we'll see if this changes anything. - Daniel -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dcc_conf URL: <http://www.rhyolite.com/pipermail/dcc/attachments/20070228/5a2fbb60/attachment.ksh>
More information about the DCC
mailing list
