[Rspamd-Users] Huge amount of DNS errors

[Vsevolod Stakhov]

On 30/10/2018 10:13, neotok--- via Users wrote:
> Hi users@,
> 
> we are a mail provider running rspamd. We can see a significant amount of DNS errors in the log, for example:
> 
> 2018-10-30 11:06:32 #21149(normal) <225fbe>; lua; emails.lua:55: Error querying DNS(jk853oapzk8tyfr3ua978zk7yj8heenb.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #26237(normal) <e5a143>; lua; emails.lua:55: Error querying DNS(o6ym5a53c55twtc3gf5qzbg1wr6x5bqw.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #10067(normal) <59a80d>; lua; emails.lua:55: Error querying DNS(i35ptpawe3g7urqstxnkobuyz834gjr8.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #26237(normal) <3bd56c>; lua; emails.lua:55: Error querying DNS(of5f9rrtt1wcu86d79ab4iiyii6cnojh.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #26237(normal) <3bd56c>; lua; emails.lua:55: Error querying DNS(of5f9rrtt1wcu86d79ab4iiyii6cnojh.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #10067(normal) <244d71>; lua; emails.lua:55: Error querying DNS(fb78oqnydchqqfe7gyb6qxg5dhbqgfsd.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #10067(normal) <244d71>; lua; emails.lua:55: Error querying DNS(yeee4ah4o9rrjigsinzfsjwadyco35ax.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #10067(normal) <5bb5eb>; lua; emails.lua:55: Error querying DNS(771nb7pq61cut9c69t7nb993f7jxggs3.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #10067(normal) <3311a9>; lua; emails.lua:55: Error querying DNS(xg6i7n8mnywojzi1hujdy6nu5z4gafbz.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #10067(normal) <ddca78>; lua; asn.lua:69: error querying dns (226.74.241.91.asn.rspamd.com): server fail
> 2018-10-30 11:06:33 #26237(normal) <dab65a>; lua; emails.lua:55: Error querying DNS(xg6i7n8mnywojzi1hujdy6nu5z4gafbz.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #21149(normal) <145f57>; lua; emails.lua:55: Error querying DNS(nsgj7f9kridh8p1s38jpttefh59kn71x.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #26237(normal) <ba0305>; lua; asn.lua:69: error querying dns (20.74.241.91.asn.rspamd.com): server fail
> 2018-10-30 11:06:33 #10067(normal) <cbdd0b>; lua; emails.lua:55: Error querying DNS(xg6i7n8mnywojzi1hujdy6nu5z4gafbz.email.rspamd.com): server fail
> 2018-10-30 11:06:33 #10067(normal) <d2ffd1>; lua; asn.lua:69: error querying dns (209.242.10.106.asn.rspamd.com): server fail
> 2018-10-30 11:06:34 #26237(normal) <48ba64>; lua; asn.lua:69: error querying dns (28.233.149.153.asn.rspamd.com): server fail
> 2018-10-30 11:06:34 #21149(normal) <b01313>; lua; emails.lua:55: Error querying DNS(9ib6e5nythf6je166txsrazhjmzu5uea.email.rspamd.com): server fail
> 2018-10-30 11:06:34 #21149(normal) <b246bc>; lua; emails.lua:55: Error querying DNS(94tjiah4y93rjjokdgn9mzckr6698cm9.email.rspamd.com): server fail
> 2018-10-30 11:06:34 #26237(normal) <73fe3b>; lua; asn.lua:69: error querying dns (50.75.241.91.asn.rspamd.com): server fail
> 2018-10-30 11:06:34 #26237(normal) <73fe3b>; lua; emails.lua:55: Error querying DNS(o6ym5a53c55twtc3gf5qzbg1wr6x5bqw.email.rspamd.com): server fail
> 2018-10-30 11:06:34 #10067(normal) <ce126d>; lua; emails.lua:55: Error querying DNS(94tjiah4y93rjjokdgn9mzckr6698cm9.email.rspamd.com): server fail
> 2018-10-30 11:06:34 #26237(normal) <d82642>; lua; emails.lua:55: Error querying DNS(94tjiah4y93rjjokdgn9mzckr6698cm9.email.rspamd.com): server fail
> 
> We use the local DNS resolver pdns for our purposes, mostly in its stock configuration on Debian Stretch. This is our setting in rspamd:
> 
> dns {
> 
>     timeout = 1s;
> 
>     sockets = 16;
> 
>     retransmits = 5;
> 
> }
> 
> I already tried to maximize the amount of sockets, but this does not seem to fix this issue... if it is an issue at all... Is that a problem we see right now or can we just ignore it? It happens 24/7 and is filling our logs...


The error about email.rspamd.com was caused by some misconfiguration on
one of my NS servers. ASN zone seems to be fine. What server do you
query when SERVFAIL errors take place? asn-ns.rspamd.com or
asn-ns2.rspamd.com?