> My server is making a large number of DNS requests and I think it is > related > to spamassassin. When I run tcpdump, I see a large number of requests > similar to the one below. It looks like its related to the RBL checking > from spamassassin. This shows up every few seconds. Is this normal > behavior or is it something I should be concerned about. If this is not > normal, any suggestions? I don't know what the covad.net address is, but > the osirusoft address is related to RBL, I believe. > > > > 16:07:25.454770 IP 192.168.0.194.32769 > > h-68-167-172-114.lsanca54.covad.net.domain: 16002 > A?196.84.155.141.relays.osirusoft.com. (53) >
Well the osirusoft.com one Matt has already covered. The covad.net one is easy to explain - its normal practice for mailservers to do a reverse DNS lookup of ANYONE that connects to it to deliver mail. Rule about mailservers: they generate lots of DNS queries even if you don't use SpamAssassin...thats normal. If you DO use SpamAssassin, expect a LOT of DNS lookups for every message. Thats also normal. Make sure you have a proper caching DNS server on the same ethernet as the server to get good performance. Regards, Simon
