I had this problem before. Bind was compromised and I switched to
djbdns. Works for me so far...
On Thu, Sep 24, 2009 at 2:29 PM, Maxwell Smart <c...@yother.com
<mailto:c...@yother.com>> wrote:
Some additional information that may help. If I start and stop my
toaster the mail is delivered immediately.
Maxwell Smart wrote:
I am still having delays of up to 20 minutes for e mail to be
delivered. Here is a snip of a header sent from the mail
server to the same mail server. These used to be virtually
simultaneous.
Content-Filter: maildrop-toaster
Return-Path: <r...@area510.net <mailto:r...@area510.net>>
Delivered-To: yother.com...@yother.com
<mailto:yother.com...@yother.com>
Received: (qmail 1363 invoked by uid 89); 24 Sep 2009 02:30:18
-0000
Received: by simscan 1.4.0 ppid: 1340, pid: 1342, t: 11.6467s
scanners: attach: 1.4.0 clamav: 0.95.2
/m:51/d:9803 spam: 3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
laetitia.area510.net <http://laetitia.area510.net>
X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0
tests=AWL,BAYES_00,RDNS_NONE
autolearn=no version=3.2.5
Received: from unknown (HELO nlpi157.prodigy.net
<http://nlpi157.prodigy.net>) (unkn...@207.115.36.171
<mailto:unkn...@207.115.36.171>)
by laetitia.area510.net <http://laetitia.area510.net> with
SMTP; 24 Sep 2009 02:30:06 -0000
Received-SPF: unknown (laetitia.area510.net
<http://laetitia.area510.net>: Maximum nesting level exceeded,
possible loop)
Received: from sophia.area510.net <http://sophia.area510.net>
(ns1.area510.net <http://ns1.area510.net> [64.168.70.132])
(authenticated bits=0)
by nlpi157.prodigy.net <http://nlpi157.prodigy.net> (8.13.8
smtpauth/dk/map_regex/8.13.8) with ESMTP id n8O2U52w001792
for <c...@yother.com <mailto:c...@yother.com>>; Wed, 23 Sep
2009 21:30:05 -0500
Received: by sophia.area510.net <http://sophia.area510.net>
(Postfix, from userid 0)
id EFB17202B9; Wed, 23 Sep 2009 19:30:05 -0700 (PDT)
If I am reading this correctly there is only 13 seconds
elapsed from the time the server received the message to the
time it sent it, yet I am not able to check it for up to 20
minutes in some cases. Any ideas where to look to try and
isolate this?
Here is another snip from the mail server to a sbc account.
Nearly 19 minutes lapse.
From - Wed Sep 23 21:45:56 2009
X-Account-Key: account4
X-UIDL: 20090924044227M04001q1vre000078
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Received: from
nlpi147.prodigy.net <http://nlpi147.prodigy.net>
([207.115.36.161])
by isp.att.net <http://isp.att.net> (frfwmxc04) with ESMTP
id <20090924044226M0400n0jore>; Thu, 24 Sep 2009
04:42:26 +0000
X-Originating-IP: [207.115.36.161]
X-Originating-IP: [64.168.70.133]
Received: from laetitia.area510.net
<http://laetitia.area510.net> (mail.yother.com
<http://mail.yother.com> [64.168.70.133])
by nlpi147.prodigy.net <http://nlpi147.prodigy.net> (8.13.8
inb ipv6 jeff0203/8.13.8) with ESMTP id n8O4gPhU017190
for <cjyot...@pacbell.net <mailto:cjyot...@pacbell.net>>;
Wed, 23 Sep 2009 23:42:26 -0500
Received: (qmail 7599 invoked by uid 89); 24 Sep 2009 04:23:50
-0000
Received: by simscan 1.4.0 ppid: 7591, pid: 7594, t: 0.0982s
scanners: attach: 1.4.0 clamav: 0.95.2
/m: 51/d:9803
Received: from unknown (HELO ?192.168.1.145?) (c...@yother.com
<mailto:c...@yother.com>@71.139.170.193 <http://71.139.170.193>)
by laetitia.area510.net <http://laetitia.area510.net> with
ESMTPA; 24 Sep 2009 04:23:50 -0000
Message-ID: <4abaf455.4030...@yother.com
<mailto:4abaf455.4030...@yother.com>>
I can also watch tail -f /var/log/qmail/smtp/current and see
an email pass through, but still not be able to retrieve it
for up to 20 minutes sometimes.
I have also tested my ISP's DNS server response times and
they are both in the 8.00ms range. The caching nameserver
appears to be working correctly too.
64 bytes from 206.13.28.12 <http://206.13.28.12>: icmp_seq=1
ttl=253 time=8.01 ms
64 bytes from 206.13.28.12 <http://206.13.28.12>: icmp_seq=2
ttl=253 time=7.81 ms
64 bytes from 206.13.28.12 <http://206.13.28.12>: icmp_seq=3
ttl=253 time=8.45 ms
64 bytes from 206.13.28.12 <http://206.13.28.12>: icmp_seq=4
ttl=253 time=7.66 ms
64 bytes from 206.13.28.12 <http://206.13.28.12>: icmp_seq=5
ttl=253 time=7.99 ms
CJ
Maxwell Smart wrote:
Thanks Jake,
That's what I was able to glean from the info I read. I
am not sure how
I am going to ultimately set this up yet. This is all
making me rethink
my entire rack configuration. I have been trying to
simplify this and
it only seems to be getting more complex.
Is it OK to see entries like this in my message file. My
understanding
is the only one that is critical is the host unreachable,
but I have
periodically checked it and it's working correctly.
Sep 23 11:15:25 laetitia named[22986]: unexpected RCODE
(SERVFAIL)
resolving '95.193.115.189.in-addr.arpa/CNAME/IN':
200.175.89.133#53
Sep 23 11:15:25 laetitia named[22986]: unexpected RCODE
(SERVFAIL)
resolving '95.193.115.189.in-addr.arpa/PTR/IN':
200.175.89.133#53
Sep 23 11:17:03 laetitia named[22986]: client
127.0.0.1#53386: error
sending response: host unreachable
Sep 23 12:05:43 laetitia named[22986]: unexpected RCODE
(REFUSED)
resolving 'pdnssr01.ebnccsb.com.my/AAAA/IN
<http://pdnssr01.ebnccsb.com.my/AAAA/IN>': 161.142.2.17#53
Sep 23 12:05:43 laetitia named[22986]: unexpected RCODE
(REFUSED)
resolving 'pdnssr01.ebnccsb.com.my/A/IN
<http://pdnssr01.ebnccsb.com.my/A/IN>': 161.142.2.17#53
Sep 23 12:05:46 laetitia named[22986]: lame server resolving
'maybank.my' (in 'maybank.my'?): 202.187.45.2#53
Sep 23 12:06:12 laetitia named[22986]: client
127.0.0.1#33727: error
sending response: host unreachable
Sep 23 12:06:45 laetitia named[22986]: client
127.0.0.1#43177: error
sending response: host unreachable
Sep 23 12:09:38 laetitia named[22986]: lame server resolving
'205.111.106.86.in-addr.arpa' (in
'111.106.86.in-addr.arpa'?): 89.38.57.5#53
Sep 23 12:09:39 laetitia named[22986]: lame server resolving
'205.111.106.86.in-addr.arpa' (in '111.106.86.in-addr.arpa'?):
86.55.208.16#53
CJ
Jake Vickers wrote:
Eric Shubert wrote:
I don't know off hand.
Hey Jake, what do you know about this? (I'm
guessing quite a bit!)
Maxwell Smart wrote:
Eric,
I think I am getting it sorted. Here is a
snip of my named.conf
file. Do I need to allow-query;? Also do I
need the forwarders,
ISP's DNS servers since the db.cache is the
ROOT SERVERS? From what
I have read it is the recommended way to set
it up.
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
version "request not permitted";
allow-notify {64.168.70.132;};
allow-transfer {"none";};
forwarders {
63.203.35.55;
206.13.28.12;
206.13.30.12;
};
};
zone "." {
type hint;
file "/etc/db.cache";
};
There are 2 mind sets to forwarders. If you do not
define your ISPs,
your server will use the root servers. You are
obviously getting the
highest authority on answers there, but resolve times
can lag a little.
By using your ISPs upstream servers for forwarders,
you're cutting
down on network traffic since your request is only
going to the ISP
office/colo instead of one of the root DNS servers
(which may be in
another state). So you have to look at it both as a
security view, and
a bandwidth view. I think by now all of the ISP DNS
servers are
patched for the cache poisoning so that is probably
not a concern,
but if your ISP does DNS redirecting for
unknown/unresolvable domains
then you may need to take that into consideration.
For allow query, you're now going to be moving into
the realm of an
authoritative and resolving server in the same box.
Perfectly fine, if
you configure correctly. Normally with allow-query you
would define an
acl (access list) that is allowed to query your
server. You can even
do some fancy stuff like I do here in my office and
have different DNS
zones for your internal network and your external network.
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com
<http://www.vickersconsulting.com>)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup,
contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com
<http://qmailtoaster.com> for the latest news,
updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com <http://www.vickersconsulting.com>)
Vickers Consulting Group offers Qmailtoaster support
and installations.
If you need professional help with your setup,
contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com
<http://qmailtoaster.com> for the latest news, updates,
and packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com <http://www.vickersconsulting.com>)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact
them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com <http://qmailtoaster.com> for
the latest news, updates, and packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com <http://www.vickersconsulting.com>)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com <http://qmailtoaster.com> for the
latest news, updates, and packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>