Re: info: dns: bad dns reply: bgread: recv() failed

Wed, 28 Sep 2022 21:02:29 -0700 

On Thu, 29 Sep 2022, Matus UHLAR - fantomas wrote:

[snip..]
/usr/local/share/perl/5.28.1/Mail/SpamAssassin/DnsResolver.pm line 742, <GEN921> line 189. Wed Sep 28 21:46:55 2022 [9418] info: dns: bad dns reply: bgread: recv() failed: Connection refused at /usr/local/share/perl/5.28.1/Mail/SpamAssassin/DnsResolver.pm line 742. 


That looks like BIND or a packet filter refusing the query packet or 
possibly a case of failed fallback to TCP when a reply was too big for UDP.



Are you certain that BIND is configured to do recursion for 127.0.0.1 and 
doesn't have anything blocking port 53 for both UDP and TCP?




root@nmail:/var/log# cat /etc/resolv.conf
nameserver 127.0.0.1


sure it is BIND running on localhost?

sudo netstat -unlpe


bind9 running

Sep 28 21:45:49 nmail named[12447]: zone 127.in-addr.arpa/IN: loaded 
serial 1
Sep 28 21:45:49 nmail named[12447]: zone 255.in-addr.arpa/IN: loaded 
serial 1
Sep 28 21:45:49 nmail named[12447]: zone domain.nmail/IN: 
sig-re-signing-interval less than 3 * refresh.
Sep 28 21:45:49 nmail named[12447]: zone domain.nmail/IN: loaded serial 1 
(DNSSEC signed)
Sep 28 21:45:49 nmail named[12447]: zone 190.120.37.in-addr.arpa/IN: 
loaded serial 1

Sep 28 21:45:49 nmail named[12447]: zone localhost/IN: loaded serial 2
Sep 28 21:45:49 nmail named[12447]: all zones loaded
Sep 28 21:45:49 nmail named[12447]: running

Sep 28 21:45:49 nmail named[12447]: zone domain.nmail/IN: reconfiguring 
zone keys
Sep 28 21:45:49 nmail named[12447]: zone domain.nmail/IN: next key event: 
28-Sep-2022 22:45:49.345


Does:
  dig @localhost google.com

get you a valid answer or does it give you an error message:

dbfunk@a-lnx000:bin> dig @localhost google.com

; <<>> DiG 9.11.2 <<>> @localhost google.com
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached


If you get that kind of an error message that tends to indicate that either your 
bind is not configured to listen on 'localhost' or there's some strange firewall 
issue going on.


locate your bind's "named.conf" file and look for a "listen-on" parameter.

It should contain the value "any" or explicitly list the various appropriate 
addresses, including the "127.0.0.1" localhost address.




--
Dave Funk                               University of Iowa
<dbfunk (at) engineering.uiowa.edu>     College of Engineering
319/335-5751   FAX: 319/384-0549        1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin         Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{






















					Reply via email to