Re: [qmailtoaster] DNS temporary failure if one DNS server dont work.
That is not correct! If localhost runs a caching DNS server, it will fetch DNS information from forwarding DNS servers, which can be the ISP's, Google's, whatever. The whole point of having a local caching DNS server is that it not only takes care of using all DNS servers it knows about to fetch data, but also to store that data and prevent DNS-lookup-heavy applications (like E-Mail servers) to generate lots of additional traffic and overhead. So, if Marek runs a local DNS server and still gets problems, then we need to look at that config. If not, he really should install a caching DNS server (named, djbdns, etc.) In any case, resolv.conf is just fine only pointing to the local server. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 07:59 schrieb Bruno De Leone: That means your only DNS is your local DNS so the qmail will never find any server outside it's network... You should add the DNS of your preference. For example, to add google's DNS, edit the file /etc/resolv.conf and add these lines at the end of the file: nameserver 8.8.8.8 nameserver 4.4.4.4 On Mon, Feb 14, 2011 at 4:39 AM, d...@demod.pl wrote: In resolv.conf I have only: search localdomain nameserver 127.0.0.1 - Original Message - From: Tony White t...@ycs.com.au To: qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 2:55 AM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Marek, What order are the dns servers in /etc/resolv.conf? If they are the failing one on line one then reverse them. On 14/02/2011 9:03 AM, d...@demod.pl wrote: Thanks for fast reply. I use 2 named servers. everyone in different locations. One DNS server is on the same machine as qmailtoaster and always on. But when secondary DNS on the other location die i canot send email outside. - Original Message - From: Carlos Herrera Polo carlos.herrerap...@gmail.com To: qmailtoaster-list@qmailtoaster.com Sent: Sunday, February 13, 2011 10:02 PM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Djbdns or named 2011/2/13, Martin Waschbüsch mar...@waschbuesch.de: What you could try is this: Have a local caching DNS server and that takes care of resolving to as many 'real' DNS servers as you like. Doing so means that your DNS server (local) is ALWAYS on (unless the daemon dies) and this problem won't occur again. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 13.02.2011 um 19:48 schrieb d...@demod.pl d...@demod.pl: Hello everyone I have a problem with my qmailtoster. When one of my DNS server is down i cant send email. When i try send email outside i have an error message: DNS temporary failure. This hapen even if one DNS server works correctly. Does anyone know how can I solve it? Thanx for you help. Marek __ Informacja programu ESET NOD32 Antivirus, wersja bazy sygnatur wirusow 5835 (20110131) __ Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. http://www.eset.pl lub http://www.eset.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- best wishes Tony White - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com __ Informacja programu ESET NOD32 Antivirus, wersja bazy sygnatur wirusow 5835 (20110131) __ Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. http://www.eset.pl lub http://www.eset.com
Re: [qmailtoaster] DNS temporary failure if one DNS server dont work.
On 02/13/2011 01:48 PM, d...@demod.pl wrote: Hello everyone I have a problem with my qmailtoster. When one of my DNS server is down i cant send email. When i try send email outside i have an error message:DNS temporary failure. This hapen even if one DNS serverworks correctly. Does anyone know how can I solve it? Sounds like you have lookups configured incorrectly on the system. When a message is sent, a MX lookup in DNS takes place during the smtp process. It will fail during this transaction, since the system cannot lookup remote MX records to determine where to send mail to. Double check your lookup configuration on this host. I thought I read somewhere later in the thread that you have 127.0.0.1 listed in resolv.conf - this would lead me to assume you have a caching DNS server setup on this machine as well. If this is the case, for Bind, check your named.conf file to ensure your forwarders include more than just the one DNS server that goes down.
Re: [qmailtoaster] DNS temporary failure if one DNS server dont work.
Hi, So what/where are the two dns servers Marek says he is using? On 14/02/2011 7:02 PM, Martin Waschbüsch wrote: That is not correct! If localhost runs a caching DNS server, it will fetch DNS information from forwarding DNS servers, which can be the ISP's, Google's, whatever. The whole point of having a local caching DNS server is that it not only takes care of using all DNS servers it knows about to fetch data, but also to store that data and prevent DNS-lookup-heavy applications (like E-Mail servers) to generate lots of additional traffic and overhead. So, if Marek runs a local DNS server and still gets problems, then we need to look at that config. If not, he really should install a caching DNS server (named, djbdns, etc.) In any case, resolv.conf is just fine only pointing to the local server. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 07:59 schrieb Bruno De Leone: That means your only DNS is your local DNS so the qmail will never find any server outside it's network... You should add the DNS of your preference. For example, to add google's DNS, edit the file /etc/resolv.conf and add these lines at the end of the file: nameserver 8.8.8.8 nameserver 4.4.4.4 On Mon, Feb 14, 2011 at 4:39 AM,d...@demod.pl wrote: In resolv.conf I have only: search localdomain nameserver 127.0.0.1 - Original Message - From: Tony Whitet...@ycs.com.au To:qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 2:55 AM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Marek, What order are the dns servers in /etc/resolv.conf? If they are the failing one on line one then reverse them. On 14/02/2011 9:03 AM, d...@demod.pl wrote: Thanks for fast reply. I use 2 named servers. everyone in different locations. One DNS server is on the same machine as qmailtoaster and always on. But when secondary DNS on the other location die i canot send email outside. - Original Message - From: Carlos Herrera Polocarlos.herrerap...@gmail.com To:qmailtoaster-list@qmailtoaster.com Sent: Sunday, February 13, 2011 10:02 PM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Djbdns or named 2011/2/13, Martin Waschbüschmar...@waschbuesch.de: What you could try is this: Have a local caching DNS server and that takes care of resolving to as many 'real' DNS servers as you like. Doing so means that your DNS server (local) is ALWAYS on (unless the daemon dies) and this problem won't occur again. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 13.02.2011 um 19:48 schriebd...@demod.pl d...@demod.pl: Hello everyone I have a problem with my qmailtoster. When one of my DNS server is down i cant send email. When i try send email outside i have an error message: DNS temporary failure. This hapen even if one DNS server works correctly. Does anyone know how can I solve it? Thanx for you help. Marek __ Informacja programu ESET NOD32 Antivirus, wersja bazy sygnatur wirusow 5835 (20110131) __ Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. http://www.eset.pl lub http://www.eset.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- best wishes Tony White - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com __ Informacja programu ESET NOD32 Antivirus, wersja bazy sygnatur wirusow 5835 (20110131) __ Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. http://www.eset.pl lub http://www.eset.com
Re: [qmailtoaster] DNS temporary failure if one DNS server dont work.
Seeing as it does not work right now, I don't know where the servers are listed on his system. Clearly there must be some configuration issue. But at the same time, IMHO it is the best solution to ensure there is a properly configured local DNS server. Such a local DNS server has a config where you can list forwarding DNS servers and that is where his name servers should be configured. Imagine resolv.conf lists the two outside DNS servers directly. Let's assume that the first entry (will be queried first) is down. Although the system tries to send 50 individual mails to some...@googlemail.com, the mail server will experience a timeout for the first name server and only then query the secondary server. All that happens 50 times(!) Now, if you have a working caching DNS server, as soon as the first timeout happened and the secondary DNS server was queried, the local server has the DNS entry stored and the remaining 49 messages do not encounter any timeout at all. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 09:06 schrieb Tony White: Hi, So what/where are the two dns servers Marek says he is using? On 14/02/2011 7:02 PM, Martin Waschbüsch wrote: That is not correct! If localhost runs a caching DNS server, it will fetch DNS information from forwarding DNS servers, which can be the ISP's, Google's, whatever. The whole point of having a local caching DNS server is that it not only takes care of using all DNS servers it knows about to fetch data, but also to store that data and prevent DNS-lookup-heavy applications (like E-Mail servers) to generate lots of additional traffic and overhead. So, if Marek runs a local DNS server and still gets problems, then we need to look at that config. If not, he really should install a caching DNS server (named, djbdns, etc.) In any case, resolv.conf is just fine only pointing to the local server. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 07:59 schrieb Bruno De Leone: That means your only DNS is your local DNS so the qmail will never find any server outside it's network... You should add the DNS of your preference. For example, to add google's DNS, edit the file /etc/resolv.conf and add these lines at the end of the file: nameserver 8.8.8.8 nameserver 4.4.4.4 On Mon, Feb 14, 2011 at 4:39 AM,d...@demod.pl wrote: In resolv.conf I have only: search localdomain nameserver 127.0.0.1 - Original Message - From: Tony Whitet...@ycs.com.au To:qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 2:55 AM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Marek, What order are the dns servers in /etc/resolv.conf? If they are the failing one on line one then reverse them. On 14/02/2011 9:03 AM, d...@demod.pl wrote: Thanks for fast reply. I use 2 named servers. everyone in different locations. One DNS server is on the same machine as qmailtoaster and always on. But when secondary DNS on the other location die i canot send email outside. - Original Message - From: Carlos Herrera Polocarlos.herrerap...@gmail.com To:qmailtoaster-list@qmailtoaster.com Sent: Sunday, February 13, 2011 10:02 PM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Djbdns or named 2011/2/13, Martin Waschbüschmar...@waschbuesch.de: What you could try is this: Have a local caching DNS server and that takes care of resolving to as many 'real' DNS servers as you like. Doing so means that your DNS server (local) is ALWAYS on (unless the daemon dies) and this problem won't occur again. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 13.02.2011 um 19:48 schriebd...@demod.pl d...@demod.pl: Hello everyone I have a problem with my qmailtoster. When one of my DNS server is down i cant send email. When i try send email outside i have an error message: DNS temporary failure. This hapen even if one DNS server works correctly. Does anyone know how can I solve it? Thanx for you help. Marek __ Informacja programu ESET NOD32 Antivirus, wersja bazy sygnatur wirusow 5835 (20110131) __ Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. http://www.eset.pl lub http://www.eset.com - Qmailtoaster is sponsored by Vickers Consulting Group
[qmailtoaster] Re: sa-update
On 02/12/2011 10:14 PM, Eric Broch wrote: On 2/12/2011 6:53 PM, Eric Shubert wrote: On 02/12/2011 10:56 AM, Eric Broch wrote: Hello list, I am receiving the following error via cron email, after having done some updates, from one of my toasters: /etc/cron.daily/qtp-sa-update: /etc/cron.daily/qtp-sa-update: line 2: sa-update: command not found I searched for the sa-update file on the toaster to no avail. Is this program only available with newer versions of Spamassassin? I currently have spamassassin-toaster-3.0.4-1.2.4 Thanks! Eric B. - I don't know when that program was introduced, but that appears to be the case. Upgrading is rather painless when you use qtp-newmodel. I don't know of a good reason to be running a version of spamassassin which is that old. Do you? Eric, I don't see any good reason I should put this off any longer either. I am just a little nervous about running qtp-newmodel on a production server that has toaster software as old as it is on this machine. I installed it between 2003 and 2005 with only occasional upgrades to clamav when it was absolutely necessary--when SMTP and Simscan quit working properly. It was originally a virus and spam gateway until the client's exchange server crashed and I made the toaster (mail gateway) the main email server. Anyway, I'll put a backup email server on sight, just in case, and finish the upgrade on this machine and see if that works. Eric B. - I think you'll be ok. qtp-newmodel is very safe, as it builds and installs all of the packages in the sandbox before doing anything with the running 'live' server. The dependencies for SA/perl don't appear to be in the rpmforge repo, so you might have to use CPAN for those modules. As long as you're at it, I would strongly recommend getting to CentOS5.x as well. Being current is a good thing. I think that upgrading to 5.x will ultimately be easier than trying to keep the latest QMT running reliably on 4.x. End of Regular Lifecycle for COS4(RHEL4) is only a year away anywise. See https://access.redhat.com/support/policy/updates/errata/ -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: DNS temporary failure if one DNS server dont work.
I agree whole heartedly with Martin (whatever that's worth). Two key questions which haven't been answered yet by Marek: 1) which software is he using (bind or djbdns) 2) is he using the local resolver as an authoritative DNS server as well? (I would hope not, but you never know). I gotta chuckle regarding Marek's name, as there is a commercial email server called Marek Mail. :) Thanks, Martin. I'll let you finish up with this one. -- -Eric 'shubes' On 02/14/2011 01:39 AM, Martin Waschbüsch wrote: Seeing as it does not work right now, I don't know where the servers are listed on his system. Clearly there must be some configuration issue. But at the same time, IMHO it is the best solution to ensure there is a properly configured local DNS server. Such a local DNS server has a config where you can list forwarding DNS servers and that is where his name servers should be configured. Imagine resolv.conf lists the two outside DNS servers directly. Let's assume that the first entry (will be queried first) is down. Although the system tries to send 50 individual mails to some...@googlemail.com, the mail server will experience a timeout for the first name server and only then query the secondary server. All that happens 50 times(!) Now, if you have a working caching DNS server, as soon as the first timeout happened and the secondary DNS server was queried, the local server has the DNS entry stored and the remaining 49 messages do not encounter any timeout at all. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 09:06 schrieb Tony White: Hi, So what/where are the two dns servers Marek says he is using? On 14/02/2011 7:02 PM, Martin Waschbüsch wrote: That is not correct! If localhost runs a caching DNS server, it will fetch DNS information from forwarding DNS servers, which can be the ISP's, Google's, whatever. The whole point of having a local caching DNS server is that it not only takes care of using all DNS servers it knows about to fetch data, but also to store that data and prevent DNS-lookup-heavy applications (like E-Mail servers) to generate lots of additional traffic and overhead. So, if Marek runs a local DNS server and still gets problems, then we need to look at that config. If not, he really should install a caching DNS server (named, djbdns, etc.) In any case, resolv.conf is just fine only pointing to the local server. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 07:59 schrieb Bruno De Leone: That means your only DNS is your local DNS so the qmail will never find any server outside it's network... You should add the DNS of your preference. For example, to add google's DNS, edit the file /etc/resolv.conf and add these lines at the end of the file: nameserver 8.8.8.8 nameserver 4.4.4.4 On Mon, Feb 14, 2011 at 4:39 AM,d...@demod.pl wrote: In resolv.conf I have only: search localdomain nameserver 127.0.0.1 - Original Message - From: Tony Whitet...@ycs.com.au To:qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 2:55 AM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Marek, What order are the dns servers in /etc/resolv.conf? If they are the failing one on line one then reverse them. On 14/02/2011 9:03 AM, d...@demod.pl wrote: Thanks for fast reply. I use 2 named servers. everyone in different locations. One DNS server is on the same machine as qmailtoaster and always on. But when secondary DNS on the other location die i canot send email outside. - Original Message - From: Carlos Herrera Polocarlos.herrerap...@gmail.com To:qmailtoaster-list@qmailtoaster.com Sent: Sunday, February 13, 2011 10:02 PM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Djbdns or named 2011/2/13, Martin Waschbüschmar...@waschbuesch.de: What you could try is this: Have a local caching DNS server and that takes care of resolving to as many 'real' DNS servers as you like. Doing so means that your DNS server (local) is ALWAYS on (unless the daemon dies) and this problem won't occur again. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 13.02.2011 um 19:48 schriebd...@demod.pl d...@demod.pl: Hello everyone I have a problem with my qmailtoster. When one of my DNS server is down i cant send email. When i try send email outside i have an error message: DNS temporary failure. This hapen even if one DNS server works correctly. Does anyone know how can I solve it? Thanx for you
Re: [qmailtoaster] Re: sa-update
On Feb 14, 2011, at 10:06 AM, Eric Shubert wrote: The dependencies for SA/perl don't appear to be in the rpmforge repo, so you might have to use CPAN for those modules. hey folks! sorry i haven't been following this thread closely. which dependencies are missing from RPMforge? please let me know so that we can fix it. :) -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v PGP 8477B706 (A92A 1F7E 6D76 16A0 BFF9 E61D AD54 0251 8477 B706) PGP.sig Description: This is a digitally signed message part
[qmailtoaster] Re: sa-update
On 02/14/2011 08:45 AM, Steve Huff wrote: On Feb 14, 2011, at 10:06 AM, Eric Shubert wrote: The dependencies for SA/perl don't appear to be in the rpmforge repo, so you might have to use CPAN for those modules. hey folks! sorry i haven't been following this thread closely. which dependencies are missing from RPMforge? please let me know so that we can fix it. :) -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v PGP 8477B706 (A92A 1F7E 6D76 16A0 BFF9 E61D AD54 0251 8477 B706) That was a separate thread (sorry about that). I noticed right after I posted it, that I neglected to mention COS4.8 specifically (sorry about that as well). On CentOS 4.8, Eric Broch got: Could not find update match for perl(Getopt::Long) Could not find update match for perl(Net::Ident) Could not find update match for perl(Crypt::OpenSSL::Bignum) Could not find update match for perl(IO::Socket::SSL) Could not find update match for perl(Net::DNS) Could not find update match for perl(DB_File) Could not find update match for perl(Mail::DomainKeys) Could not find update match for perl(Compress::Zlib) Could not find update match for perl(Mail::SPF) Could not find update match for which Could not find update match for perl(Net::SMTP) Could not find update match for perl(DBI) Could not find update match for perl(MIME::Base64) Could not find update match for perl(IP::Country::Fast) Could not find update match for perl(Encode::Detect) Could not find update match for perl(HTTP::Date) Could not find update match for ncurses-devel Could not find update match for procmail Could not find update match for perl(Mail::DKIM) Could not find update match for perl(Time::HiRes) Could not find update match for perl(Digest::SHA1) Could not find update match for perl(Archive::Tar) Could not find update match for perl(IO::Zlib) Could not find update match for perl(LWP::UserAgent) Could not find update match for perl(Razor2::Client::Agent) Could not find update match for perl(IO::Socket::INET6) Could not find update match for perl(HTML::Parser) I presumed that they just weren't in the rpmforge repo, but I suppose there could be a bug somewhere. I don't have any 4.x hosts any more to test with. I expect that it's not worth the time to fix anything, given 4.x's relatively short remaining lifetime. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: DNS temporary failure if one DNS server dont work.
Thank You for advice. I think, I must learn about DNS much more as I thought before i wrote these emails. I'm using BIND (named). Yes it's authoritative DNS server and i think it's a local resolver. Now I understand it's wrong practice? Now i'm going to try apply you advices and read something more about DNS server. I will let you know about my progress regards Marek - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 4:24 PM Subject: [qmailtoaster] Re: DNS temporary failure if one DNS server dont work. I agree whole heartedly with Martin (whatever that's worth). Two key questions which haven't been answered yet by Marek: 1) which software is he using (bind or djbdns) 2) is he using the local resolver as an authoritative DNS server as well? (I would hope not, but you never know). I gotta chuckle regarding Marek's name, as there is a commercial email server called Marek Mail. :) Thanks, Martin. I'll let you finish up with this one. -- -Eric 'shubes' On 02/14/2011 01:39 AM, Martin Waschbüsch wrote: Seeing as it does not work right now, I don't know where the servers are listed on his system. Clearly there must be some configuration issue. But at the same time, IMHO it is the best solution to ensure there is a properly configured local DNS server. Such a local DNS server has a config where you can list forwarding DNS servers and that is where his name servers should be configured. Imagine resolv.conf lists the two outside DNS servers directly. Let's assume that the first entry (will be queried first) is down. Although the system tries to send 50 individual mails to some...@googlemail.com, the mail server will experience a timeout for the first name server and only then query the secondary server. All that happens 50 times(!) Now, if you have a working caching DNS server, as soon as the first timeout happened and the secondary DNS server was queried, the local server has the DNS entry stored and the remaining 49 messages do not encounter any timeout at all. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 09:06 schrieb Tony White: Hi, So what/where are the two dns servers Marek says he is using? On 14/02/2011 7:02 PM, Martin Waschbüsch wrote: That is not correct! If localhost runs a caching DNS server, it will fetch DNS information from forwarding DNS servers, which can be the ISP's, Google's, whatever. The whole point of having a local caching DNS server is that it not only takes care of using all DNS servers it knows about to fetch data, but also to store that data and prevent DNS-lookup-heavy applications (like E-Mail servers) to generate lots of additional traffic and overhead. So, if Marek runs a local DNS server and still gets problems, then we need to look at that config. If not, he really should install a caching DNS server (named, djbdns, etc.) In any case, resolv.conf is just fine only pointing to the local server. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 07:59 schrieb Bruno De Leone: That means your only DNS is your local DNS so the qmail will never find any server outside it's network... You should add the DNS of your preference. For example, to add google's DNS, edit the file /etc/resolv.conf and add these lines at the end of the file: nameserver 8.8.8.8 nameserver 4.4.4.4 On Mon, Feb 14, 2011 at 4:39 AM,d...@demod.pl wrote: In resolv.conf I have only: search localdomain nameserver 127.0.0.1 - Original Message - From: Tony Whitet...@ycs.com.au To:qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 2:55 AM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Marek, What order are the dns servers in /etc/resolv.conf? If they are the failing one on line one then reverse them. On 14/02/2011 9:03 AM, d...@demod.pl wrote: Thanks for fast reply. I use 2 named servers. everyone in different locations. One DNS server is on the same machine as qmailtoaster and always on. But when secondary DNS on the other location die i canot send email outside. - Original Message - From: Carlos Herrera Polocarlos.herrerap...@gmail.com To:qmailtoaster-list@qmailtoaster.com Sent: Sunday, February 13, 2011 10:02 PM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Djbdns or named 2011/2/13, Martin Waschbüschmar...@waschbuesch.de: What you could try is this: Have a local caching DNS server and that takes care of resolving to as many 'real' DNS servers as you like. Doing so means that your DNS server
[qmailtoaster] Re: DNS temporary failure if one DNS server dont work.
Hey Marek, Using Bind is fine, but using a single server/process for both authoritative and resolver purposes is not a good practice. It can be done, but I would try very hard to keep them separate before endeavoring to put them together. It can be done, but it's a bit tricky to do well (accurately and securely). If at all possible, I would use an authoritative DNS server that's external to QMT, then simply install the caching-nameserver package on QMT to use as a resolver. You should also modify the resolver's configuration to use forwarders, but that's not absolutely necessary. caching-nameserver configuration should work ok as is. Martin, do you have anything to add? (Sorry for jumping in again) -- -Eric 'shubes' On 02/14/2011 12:14 PM, d...@demod.pl wrote: Thank You for advice. I think, I must learn about DNS much more as I thought before i wrote these emails. I'm using BIND (named). Yes it's authoritative DNS server and i think it's a local resolver. Now I understand it's wrong practice? Now i'm going to try apply you advices and read something more about DNS server. I will let you know about my progress regards Marek - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 4:24 PM Subject: [qmailtoaster] Re: DNS temporary failure if one DNS server dont work. I agree whole heartedly with Martin (whatever that's worth). Two key questions which haven't been answered yet by Marek: 1) which software is he using (bind or djbdns) 2) is he using the local resolver as an authoritative DNS server as well? (I would hope not, but you never know). I gotta chuckle regarding Marek's name, as there is a commercial email server called Marek Mail. :) Thanks, Martin. I'll let you finish up with this one. -- -Eric 'shubes' On 02/14/2011 01:39 AM, Martin Waschbüsch wrote: Seeing as it does not work right now, I don't know where the servers are listed on his system. Clearly there must be some configuration issue. But at the same time, IMHO it is the best solution to ensure there is a properly configured local DNS server. Such a local DNS server has a config where you can list forwarding DNS servers and that is where his name servers should be configured. Imagine resolv.conf lists the two outside DNS servers directly. Let's assume that the first entry (will be queried first) is down. Although the system tries to send 50 individual mails to some...@googlemail.com, the mail server will experience a timeout for the first name server and only then query the secondary server. All that happens 50 times(!) Now, if you have a working caching DNS server, as soon as the first timeout happened and the secondary DNS server was queried, the local server has the DNS entry stored and the remaining 49 messages do not encounter any timeout at all. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 09:06 schrieb Tony White: Hi, So what/where are the two dns servers Marek says he is using? On 14/02/2011 7:02 PM, Martin Waschbüsch wrote: That is not correct! If localhost runs a caching DNS server, it will fetch DNS information from forwarding DNS servers, which can be the ISP's, Google's, whatever. The whole point of having a local caching DNS server is that it not only takes care of using all DNS servers it knows about to fetch data, but also to store that data and prevent DNS-lookup-heavy applications (like E-Mail servers) to generate lots of additional traffic and overhead. So, if Marek runs a local DNS server and still gets problems, then we need to look at that config. If not, he really should install a caching DNS server (named, djbdns, etc.) In any case, resolv.conf is just fine only pointing to the local server. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 07:59 schrieb Bruno De Leone: That means your only DNS is your local DNS so the qmail will never find any server outside it's network... You should add the DNS of your preference. For example, to add google's DNS, edit the file /etc/resolv.conf and add these lines at the end of the file: nameserver 8.8.8.8 nameserver 4.4.4.4 On Mon, Feb 14, 2011 at 4:39 AM,d...@demod.pl wrote: In resolv.conf I have only: search localdomain nameserver 127.0.0.1 - Original Message - From: Tony Whitet...@ycs.com.au To:qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 2:55 AM Subject: Re: [qmailtoaster] DNS temporary failure if one DNS server dont work. Marek, What order are the dns servers in /etc/resolv.conf? If they are the failing one on line one then reverse them. On 14/02/2011 9:03 AM,
Re: [qmailtoaster] Re: DNS temporary failure if one DNS server dont work.
Hi thanks again for quick reply. Do I understand right? Would it be accurate if i put an authoritative DNS server and QMT on separate computers? Marek - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 8:58 PM Subject: [qmailtoaster] Re: DNS temporary failure if one DNS server dont work. Hey Marek, Using Bind is fine, but using a single server/process for both authoritative and resolver purposes is not a good practice. It can be done, but I would try very hard to keep them separate before endeavoring to put them together. It can be done, but it's a bit tricky to do well (accurately and securely). If at all possible, I would use an authoritative DNS server that's external to QMT, then simply install the caching-nameserver package on QMT to use as a resolver. You should also modify the resolver's configuration to use forwarders, but that's not absolutely necessary. caching-nameserver configuration should work ok as is. Martin, do you have anything to add? (Sorry for jumping in again) -- -Eric 'shubes' On 02/14/2011 12:14 PM, d...@demod.pl wrote: Thank You for advice. I think, I must learn about DNS much more as I thought before i wrote these emails. I'm using BIND (named). Yes it's authoritative DNS server and i think it's a local resolver. Now I understand it's wrong practice? Now i'm going to try apply you advices and read something more about DNS server. I will let you know about my progress regards Marek - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 4:24 PM Subject: [qmailtoaster] Re: DNS temporary failure if one DNS server dont work. I agree whole heartedly with Martin (whatever that's worth). Two key questions which haven't been answered yet by Marek: 1) which software is he using (bind or djbdns) 2) is he using the local resolver as an authoritative DNS server as well? (I would hope not, but you never know). I gotta chuckle regarding Marek's name, as there is a commercial email server called Marek Mail. :) Thanks, Martin. I'll let you finish up with this one. -- -Eric 'shubes' On 02/14/2011 01:39 AM, Martin Waschbüsch wrote: Seeing as it does not work right now, I don't know where the servers are listed on his system. Clearly there must be some configuration issue. But at the same time, IMHO it is the best solution to ensure there is a properly configured local DNS server. Such a local DNS server has a config where you can list forwarding DNS servers and that is where his name servers should be configured. Imagine resolv.conf lists the two outside DNS servers directly. Let's assume that the first entry (will be queried first) is down. Although the system tries to send 50 individual mails to some...@googlemail.com, the mail server will experience a timeout for the first name server and only then query the secondary server. All that happens 50 times(!) Now, if you have a working caching DNS server, as soon as the first timeout happened and the secondary DNS server was queried, the local server has the DNS entry stored and the remaining 49 messages do not encounter any timeout at all. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 09:06 schrieb Tony White: Hi, So what/where are the two dns servers Marek says he is using? On 14/02/2011 7:02 PM, Martin Waschbüsch wrote: That is not correct! If localhost runs a caching DNS server, it will fetch DNS information from forwarding DNS servers, which can be the ISP's, Google's, whatever. The whole point of having a local caching DNS server is that it not only takes care of using all DNS servers it knows about to fetch data, but also to store that data and prevent DNS-lookup-heavy applications (like E-Mail servers) to generate lots of additional traffic and overhead. So, if Marek runs a local DNS server and still gets problems, then we need to look at that config. If not, he really should install a caching DNS server (named, djbdns, etc.) In any case, resolv.conf is just fine only pointing to the local server. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 07:59 schrieb Bruno De Leone: That means your only DNS is your local DNS so the qmail will never find any server outside it's network... You should add the DNS of your preference. For example, to add google's DNS, edit the file /etc/resolv.conf and add these lines at the end of the file: nameserver 8.8.8.8 nameserver 4.4.4.4 On Mon, Feb 14, 2011 at 4:39 AM,d...@demod.pl wrote: In resolv.conf I have only: search localdomain nameserver
Re: [qmailtoaster] Re: DNS temporary failure if one DNS server dont work.
I use a caching name server on my QMT server. Here is what I have in my /etc/resolv.conf file: nameserver 127.0.0.1 nameserver 4.2.2.3 nameserver 4.2.2.4 This way if it does not resolve it locally, it will resolve it using one of the other DNS servers listed. Once it is resolved once, my local server will hold onto it for a period of time so that future look-ups will be faster. Hope this helps. Scott On Mon, Feb 14, 2011 at 1:58 PM, Eric Shubert e...@shubes.net wrote: Hey Marek, Using Bind is fine, but using a single server/process for both authoritative and resolver purposes is not a good practice. It can be done, but I would try very hard to keep them separate before endeavoring to put them together. It can be done, but it's a bit tricky to do well (accurately and securely). If at all possible, I would use an authoritative DNS server that's external to QMT, then simply install the caching-nameserver package on QMT to use as a resolver. You should also modify the resolver's configuration to use forwarders, but that's not absolutely necessary. caching-nameserver configuration should work ok as is. Martin, do you have anything to add? (Sorry for jumping in again) -- -Eric 'shubes' On 02/14/2011 12:14 PM, d...@demod.pl wrote: Thank You for advice. I think, I must learn about DNS much more as I thought before i wrote these emails. I'm using BIND (named). Yes it's authoritative DNS server and i think it's a local resolver. Now I understand it's wrong practice? Now i'm going to try apply you advices and read something more about DNS server. I will let you know about my progress regards Marek - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 4:24 PM Subject: [qmailtoaster] Re: DNS temporary failure if one DNS server dont work. I agree whole heartedly with Martin (whatever that's worth). Two key questions which haven't been answered yet by Marek: 1) which software is he using (bind or djbdns) 2) is he using the local resolver as an authoritative DNS server as well? (I would hope not, but you never know). I gotta chuckle regarding Marek's name, as there is a commercial email server called Marek Mail. :) Thanks, Martin. I'll let you finish up with this one. -- -Eric 'shubes' On 02/14/2011 01:39 AM, Martin Waschbüsch wrote: Seeing as it does not work right now, I don't know where the servers are listed on his system. Clearly there must be some configuration issue. But at the same time, IMHO it is the best solution to ensure there is a properly configured local DNS server. Such a local DNS server has a config where you can list forwarding DNS servers and that is where his name servers should be configured. Imagine resolv.conf lists the two outside DNS servers directly. Let's assume that the first entry (will be queried first) is down. Although the system tries to send 50 individual mails to some...@googlemail.com, the mail server will experience a timeout for the first name server and only then query the secondary server. All that happens 50 times(!) Now, if you have a working caching DNS server, as soon as the first timeout happened and the secondary DNS server was queried, the local server has the DNS entry stored and the remaining 49 messages do not encounter any timeout at all. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 09:06 schrieb Tony White: Hi, So what/where are the two dns servers Marek says he is using? On 14/02/2011 7:02 PM, Martin Waschbüsch wrote: That is not correct! If localhost runs a caching DNS server, it will fetch DNS information from forwarding DNS servers, which can be the ISP's, Google's, whatever. The whole point of having a local caching DNS server is that it not only takes care of using all DNS servers it knows about to fetch data, but also to store that data and prevent DNS-lookup-heavy applications (like E-Mail servers) to generate lots of additional traffic and overhead. So, if Marek runs a local DNS server and still gets problems, then we need to look at that config. If not, he really should install a caching DNS server (named, djbdns, etc.) In any case, resolv.conf is just fine only pointing to the local server. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 07:59 schrieb Bruno De Leone: That means your only DNS is your local DNS so the qmail will never find any server outside it's network... You should add the DNS of your preference. For example, to add google's DNS, edit the file /etc/resolv.conf and
[qmailtoaster] QMT as gateway SMTP
I need QMT+spamdike (WAN) work as relay SMTP for Microsoft Exchange (in LAN), there are any handbook ? I understand QMT and Exchange routes (/var/qmail/control/smtproutes) , thats all ??
[qmailtoaster] Re: DNS temporary failure if one DNS server dont work.
On 02/14/2011 01:24 PM, d...@demod.pl wrote: Hi thanks again for quick reply. Do I understand right? Would it be accurate if i put an authoritative DNS server and QMT on separate computers? Correct. And do put a DNS resolver (aka caching nameserver) on QMT. Marek - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Monday, February 14, 2011 8:58 PM Subject: [qmailtoaster] Re: DNS temporary failure if one DNS server dont work. Hey Marek, Using Bind is fine, but using a single server/process for both authoritative and resolver purposes is not a good practice. It can be done, but I would try very hard to keep them separate before endeavoring to put them together. It can be done, but it's a bit tricky to do well (accurately and securely). If at all possible, I would use an authoritative DNS server that's external to QMT, then simply install the caching-nameserver package on QMT to use as a resolver. You should also modify the resolver's configuration to use forwarders, but that's not absolutely necessary. caching-nameserver configuration should work ok as is. Martin, do you have anything to add? (Sorry for jumping in again) -- -Eric 'shubes' -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: DNS temporary failure if one DNS server dont work.
On 02/14/2011 01:57 PM, Scott Hughes wrote:
I use a caching name server on my QMT server. Here is what I have in my
/etc/resolv.conf file:
nameserver 127.0.0.1
nameserver 4.2.2.3
nameserver 4.2.2.4
This way if it does not resolve it locally, it will resolve it using one
of the other DNS servers listed. Once it is resolved once, my local
server will hold onto it for a period of time so that future look-ups
will be faster.
I don't believe that's quite right, Scott. I believe it will only cache
hits that are satisfied by the localhost (127.0.0.1) resolver. I think
it would be better to specify forwarders in the named.conf file. Then,
indeed, hits from alternate resolvers would be cached.
This is what I have in my named.conf:
//
// named.conf
//
options {
forward first;
forwarders {
205.171.3.25;
208.67.222.220;
205.171.2.25;
208.67.222.222;
};
};
logging {
category lame-servers { null; };
};
These IPs are for my ISP (Qwest) and OpenDNS. I think that by specifying
forwarders, it relieves some stress on the root name servers, which is a
good thing.
Martin, am I off base on this? I could be.
Hope this helps.
Scott
On Mon, Feb 14, 2011 at 1:58 PM, Eric Shubert e...@shubes.net
mailto:e...@shubes.net wrote:
Hey Marek,
Using Bind is fine, but using a single server/process for both
authoritative and resolver purposes is not a good practice. It can
be done, but I would try very hard to keep them separate before
endeavoring to put them together. It can be done, but it's a bit
tricky to do well (accurately and securely).
If at all possible, I would use an authoritative DNS server that's
external to QMT, then simply install the caching-nameserver package
on QMT to use as a resolver. You should also modify the resolver's
configuration to use forwarders, but that's not absolutely
necessary. caching-nameserver configuration should work ok as is.
Martin, do you have anything to add? (Sorry for jumping in again)
--
-Eric 'shubes'
On 02/14/2011 12:14 PM, d...@demod.pl mailto:d...@demod.pl wrote:
Thank You for advice.
I think, I must learn about DNS much more as I thought before i
wrote
these emails.
I'm using BIND (named).
Yes it's authoritative DNS server and i think it's a local
resolver. Now
I understand it's wrong practice?
Now i'm going to try apply you advices and read something more
about DNS
server.
I will let you know about my progress
regards
Marek
- Original Message - From: Eric Shubert
e...@shubes.net mailto:e...@shubes.net
To: qmailtoaster-list@qmailtoaster.com
mailto:qmailtoaster-list@qmailtoaster.com
Sent: Monday, February 14, 2011 4:24 PM
Subject: [qmailtoaster] Re: DNS temporary failure if one DNS
server dont
work.
I agree whole heartedly with Martin (whatever that's worth).
Two key questions which haven't been answered yet by Marek:
1) which software is he using (bind or djbdns)
2) is he using the local resolver as an authoritative DNS
server as
well? (I would hope not, but you never know).
I gotta chuckle regarding Marek's name, as there is a
commercial email
server called Marek Mail. :)
Thanks, Martin. I'll let you finish up with this one.
--
-Eric 'shubes'
On 02/14/2011 01:39 AM, Martin Waschbüsch wrote:
Seeing as it does not work right now, I don't know where
the servers
are listed on his system. Clearly there must be some
configuration
issue.
But at the same time, IMHO it is the best solution to
ensure there is
a properly configured local DNS server.
Such a local DNS server has a config where you can list
forwarding
DNS servers and that is where his name servers should be
configured.
Imagine resolv.conf lists the two outside DNS servers
directly.
Let's assume that the first entry (will be queried
first) is down.
Although the system tries to send 50 individual mails to
some...@googlemail.com mailto:some...@googlemail.com,
the mail server will experience a timeout for
the first name server and only then query the secondary
server. All
that happens 50 times(!)
Now, if you have a working caching DNS server, as soon
as the first
timeout happened and the secondary DNS server was
