Re: Dealing with a bad network device affecting DNS lookups

--On Wednesday, July 16, 2014 1:44 PM +0100 Martin Hepworth wrote: So whats the forwarder as it leaves your machine, a local DNS server, the appliance you think is in the way or Rackspace's DNS. If you can alter the overall forwarding so as it leaves your network can you make this google'

Re: Dealing with a bad network device affecting DNS lookups

ers@spamassassin.apache.org > > Subject: Re: Dealing with a bad network device affecting DNS > lookups > > > > --On Wednesday, July 16, 2014 2:26 AM + lists-spamassassin > > wrote: > > > >> I'm really not certain that using "time" and &

Re: Dealing with a bad network device affecting DNS lookups

Original Message > Date: Tuesday, July 15, 2014 18:39:58 -0700 > From: Quanah Gibson-Mount > To: users@spamassassin.apache.org > Subject: Re: Dealing with a bad network device affecting DNS lookups > > --On Wednesday, July 16, 2014 2:26 AM +

Re: Dealing with a bad network device affecting DNS lookups

On 16. jul. 2014 00.27.08 CEST, "Kevin A. McGrail" wrote: >> One manual lookup might work, but when a msg comes in, there's a >> little flood and your friends don't like it . >Or one of the recursion rate limiting patches... does not makes sense, this limit is not forceing interceptions, whatev

Re: Dealing with a bad network device affecting DNS lookups

On 15. jul. 2014 23.15.30 CEST, Quanah Gibson-Mount wrote: >*sigh* I DO already. That still does not prevent FIRST TIME LOOKUPS >from failing. if thats correct postfix would try one more time since dns on the sender dns server domain reject dns resolving on there sender domain dont shut the po

Re: Dealing with a bad network device affecting DNS lookups

On 15. jul. 2014 23.09.55 CEST, Quanah Gibson-Mount wrote: >> DNS requests should takes less that 1 sec. 1 sec is slow imho :) >The problem isn't the DNS requests. The problem is the appliance that >is INTERCEPTING THE REQUESTS ON THE WAY OUT. ask them about dnssec dig +trace debian.org foll

Re: Dealing with a bad network device affecting DNS lookups

--On Wednesday, July 16, 2014 2:26 AM + lists-spamassassin wrote: I'm really not certain that using "time" and "nslookup" (which is a somewhat depreciated tool at this point) gives you results that show where the problem might be. I would suggest that for debugging/proof of issue purposes

Re: Dealing with a bad network device affecting DNS lookups

Original Message > Date: Tuesday, July 15, 2014 15:04:22 -0700 > From: Quanah Gibson-Mount > To: Dave Warren , users@spamassassin.apache.org > Subject: Re: Dealing with a bad network device affecting DNS lookups > > --On Tuesday, July 15, 2014 3:52 PM

Re: Dealing with a bad network device affecting DNS lookups

On 7/15/2014 6:18 PM, Axb wrote: On 07/16/2014 12:04 AM, Quanah Gibson-Mount wrote: --On Tuesday, July 15, 2014 3:52 PM -0700 Dave Warren wrote: Are you saying that if you perform something like "dig @8.8.8.8 asdfalksdflk.example.com a", Rackspace intercepts the packet on port 53 and does som

Re: Dealing with a bad network device affecting DNS lookups

On 07/16/2014 12:04 AM, Quanah Gibson-Mount wrote: --On Tuesday, July 15, 2014 3:52 PM -0700 Dave Warren wrote: Are you saying that if you perform something like "dig @8.8.8.8 asdfalksdflk.example.com a", Rackspace intercepts the packet on port 53 and does something with it? Right And it's

Fwd: Dealing with a bad network device affecting DNS lookups

(Accidentally off list, sorry) Begin forwarded message: > From: Dominic Benson > Date: 15 July 2014 22:59:14 BST > To: Quanah Gibson-Mount > Subject: Re: Dealing with a bad network device affecting DNS lookups > > >> On 15 Jul 2014, at 22:46, Quanah Gibson-Mount wr

Re: Dealing with a bad network device affecting DNS lookups

--On Tuesday, July 15, 2014 3:52 PM -0700 Dave Warren wrote: Are you saying that if you perform something like "dig @8.8.8.8 asdfalksdflk.example.com a", Rackspace intercepts the packet on port 53 and does something with it? Right And it's taken them since October to resolve it? And you st

Re: Dealing with a bad network device affecting DNS lookups

On 2014-07-15 14:46, Quanah Gibson-Mount wrote: I've been complaining about it since last October. Supposedly it will be fixed by the end of this month. In the meantime, I still have floods of spam coming in that I'd like scored correctly. Are you saying that if you perform something like "d

Re: Dealing with a bad network device affecting DNS lookups

On 2014-07-15 14:40, John Hardin wrote: On Tue, 15 Jul 2014, Martin Hepworth wrote: On Tuesday, 15 July 2014, Quanah Gibson-Mount wrote: --On Wednesday, July 16, 2014 12:08 AM +0200 Axb wrote: and what's prevents you from running a recursor on those servers? In a halfway well connected n

Re: Dealing with a bad network device affecting DNS lookups

--On Tuesday, July 15, 2014 3:41 PM -0700 John Hardin wrote: On Tue, 15 Jul 2014, Quanah Gibson-Mount wrote: --On Wednesday, July 16, 2014 12:12 AM +0200 Axb wrote: And what appliance is that? No idea. Again, I don't run the network and what's on it. Whatever it is, if it breaks yo

Re: Dealing with a bad network device affecting DNS lookups

On Tue, 15 Jul 2014, Quanah Gibson-Mount wrote: --On Wednesday, July 16, 2014 12:12 AM +0200 Axb wrote: And what appliance is that? No idea. Again, I don't run the network and what's on it. Whatever it is, if it breaks your DNS traffic, trash it. I have no control over it or its usag

Re: Dealing with a bad network device affecting DNS lookups

On Tue, 15 Jul 2014, Martin Hepworth wrote: On Tuesday, 15 July 2014, Quanah Gibson-Mount wrote: --On Wednesday, July 16, 2014 12:08 AM +0200 Axb wrote: and what's prevents you from running a recursor on those servers? In a halfway well connected network, and Rackpace is VERY well connec

Re: Dealing with a bad network device affecting DNS lookups

Then I think we can all agree that just extending the timeout is not a fix. You have network issues that should be resolved. -- Jeremy McSpadden Flux Labs | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590x501 | Cell : 850-890-2543 | Fax : 850-254-2955

Re: Dealing with a bad network device affecting DNS lookups

--On Wednesday, July 16, 2014 12:12 AM +0200 Axb wrote: And what appliance is that? No idea. Again, I don't run the network and what's on it. Whatever it is, if it breaks your DNS traffic, trash it. I have no control over it or its usage or presence. --Quanah -- Quanah Gibson-Mount S

Re: Dealing with a bad network device affecting DNS lookups

--On Tuesday, July 15, 2014 11:13 PM +0100 Martin Hepworth wrote: Run your own caching server on the sa box itself, makes a surprising difference and something I always reconmend  *sigh* I DO already. That still does not prevent FIRST TIME LOOKUPS from failing. --Quanah -- Quanah Gibso

Re: Dealing with a bad network device affecting DNS lookups

On Tuesday, 15 July 2014, Quanah Gibson-Mount wrote: > --On Wednesday, July 16, 2014 12:08 AM +0200 Axb > wrote: > > > and what's prevents you from running a recursor on those servers? >> >> In a halfway well connected network, and Rackpace is VERY well connected, >> DNS requests should takes l

Re: Dealing with a bad network device affecting DNS lookups

On 07/15/2014 11:09 PM, Quanah Gibson-Mount wrote: --On Wednesday, July 16, 2014 12:08 AM +0200 Axb wrote: and what's prevents you from running a recursor on those servers? In a halfway well connected network, and Rackpace is VERY well connected, DNS requests should takes less that 1 sec.

Re: Dealing with a bad network device affecting DNS lookups

--On Wednesday, July 16, 2014 12:08 AM +0200 Axb wrote: and what's prevents you from running a recursor on those servers? In a halfway well connected network, and Rackpace is VERY well connected, DNS requests should takes less that 1 sec. The problem isn't the DNS requests. The problem is

Re: Dealing with a bad network device affecting DNS lookups

On 07/15/2014 10:58 PM, Quanah Gibson-Mount wrote: --On Tuesday, July 15, 2014 9:51 PM + Jeremy McSpadden wrote: Have you considered running your own DNS server locally ? I do. ;) But I don't run the network (our servers are hosted @ Rackspace), and any outbound DNS request hits the ne

Re: Dealing with a bad network device affecting DNS lookups

--On Tuesday, July 15, 2014 10:00 PM + Jeremy McSpadden wrote: Run a DNS server on your rack space servers. If your using rack space DNS your rbl queries are more than likely going to cause quite a few FPs. Never good to use ISP or hosting DNS servers. As I said... I *already* run my ow

Re: Dealing with a bad network device affecting DNS lookups

--On Tuesday, July 15, 2014 9:51 PM + Jeremy McSpadden wrote: Have you considered running your own DNS server locally ? I do. ;) But I don't run the network (our servers are hosted @ Rackspace), and any outbound DNS request hits the network appliance, so my own DNS doesn't help with

Re: Dealing with a bad network device affecting DNS lookups

Have you considered running your own DNS server locally ? -- Jeremy McSpadden Flux Labs | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590x501 | Cell : 850-890-2543 | Fax : 850-254-2955 On Jul 15, 2014, at 3:47 PM, "Quanah Gibson-Mount" mailto:qua...@

Dealing with a bad network device affecting DNS lookups

Hi, Apparently there is a network device somewhere on the network my production servers use that is causing very long delays with first time DNS lookups. This is having a significant impact on SA's ability to score spam, as the various RBL lookups time out, as well as Razor and Pyzor. I've a