We had an incident where both our local caching name servers stopped working. They returned SERVFAIL (see example below). They were set as the "dns-server-ip-primary" and our host-provided DNS server was set as the "dns-server-ip". Because the primaries were failing, I would expect spamdyke to automatically switch to resolve via the server set under "dns-server-ip". Instead, spamdyke just rejected all our mail for a few hours with DENIED_RDNS_MISSING. The host-provide name server was functioning fine.
This is the config: dns-server-ip-primary=127.0.0.1 # Local caching name server dns-server-ip-primary=10.128.0.9 # Another local caching name server dns-server-ip=169.254.169.254 # Host-provided name server This is an example response from a query to either of the primary DNS servers: {q@oak3~} dig @10.128.0.9 apple.com mx ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> @10.128.0.9 apple.com mx ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52266 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;apple.com. IN MX ;; Query time: 15 msec ;; SERVER: 10.128.0.9#53(10.128.0.9) ;; WHEN: Mon Mar 11 05:10:32 2019 ;; MSG SIZE rcvd: 27 Am I wrong to expect spamdyke to fail over to the non-primary server on a SERVFAIL? Quinn _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org https://spamdyke.org/mailman/listinfo/spamdyke-users