[Rspamd-Users] Huge amount of DNS errors
neotok at protonmail.com
neotok at protonmail.com
Tue Oct 30 12:11:29 UTC 2018
Hi,
any ideas how I can debug that as I am not that familiar in DNS debugging. It seems to me that ns1.highsecure.ru and ns4.highsecure.ru are configured differently:
# dig -t NS email.rspamd.com @ns1.highsecure.ru
; <<>> DiG 9.10.3-P4-Debian <<>> -t NS email.rspamd.com @ns1.highsecure.ru
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24917
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
;; QUESTION SECTION:
;email.rspamd.com. IN NS
;; AUTHORITY SECTION:
email.rspamd.com. 3600 IN NS asn-ns.rspamd.com.
email.rspamd.com. 3600 IN NS asn-ns2.rspamd.com.
;; ADDITIONAL SECTION:
asn-ns.rspamd.com. 3600 IN A 148.251.81.172
asn-ns2.rspamd.com. 3600 IN A 88.99.142.120
;; Query time: 9 msec
;; SERVER: 88.99.142.95#53(88.99.142.95)
;; WHEN: Tue Oct 30 13:07:45 CET 2018
;; MSG SIZE rcvd: 120
# dig -t NS email.rspamd.com @ns4.highsecure.ru
; <<>> DiG 9.10.3-P4-Debian <<>> -t NS email.rspamd.com @ns4.highsecure.ru
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4493
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;email.rspamd.com. IN NS
;; ANSWER SECTION:
email.rspamd.com. 43200 IN NS asn-ns2.rspamd.com.
email.rspamd.com. 43200 IN NS asn-ns.rspamd.com.
;; AUTHORITY SECTION:
email.rspamd.com. 43200 IN NS asn-ns.rspamd.com.
email.rspamd.com. 43200 IN NS asn-ns2.rspamd.com.
;; Query time: 9 msec
;; SERVER: 148.251.81.172#53(148.251.81.172)
;; WHEN: Tue Oct 30 13:08:41 CET 2018
;; MSG SIZE rcvd: 120
Maybe that is related to the issue here?
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Am Dienstag, 30. Oktober 2018 12:02 schrieb Vsevolod Stakhov vsevolod at rspamd.com:
> On 30/10/2018 10:13, neotok--- via Users wrote:
>
>> Hi users@,
>> we are a mail provider running rspamd. We can see a significant amount of DNS errors in the log, for example:
>> 2018-10-30 11:06:32 #21149(normal) <225fbe>; lua; emails.lua:55: Error querying DNS(jk853oapzk8tyfr3ua978zk7yj8heenb.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #26237(normal) <e5a143>; lua; emails.lua:55: Error querying DNS(o6ym5a53c55twtc3gf5qzbg1wr6x5bqw.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #10067(normal) <59a80d>; lua; emails.lua:55: Error querying DNS(i35ptpawe3g7urqstxnkobuyz834gjr8.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #26237(normal) <3bd56c>; lua; emails.lua:55: Error querying DNS(of5f9rrtt1wcu86d79ab4iiyii6cnojh.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #26237(normal) <3bd56c>; lua; emails.lua:55: Error querying DNS(of5f9rrtt1wcu86d79ab4iiyii6cnojh.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #10067(normal) <244d71>; lua; emails.lua:55: Error querying DNS(fb78oqnydchqqfe7gyb6qxg5dhbqgfsd.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #10067(normal) <244d71>; lua; emails.lua:55: Error querying DNS(yeee4ah4o9rrjigsinzfsjwadyco35ax.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #10067(normal) <5bb5eb>; lua; emails.lua:55: Error querying DNS(771nb7pq61cut9c69t7nb993f7jxggs3.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #10067(normal) <3311a9>; lua; emails.lua:55: Error querying DNS(xg6i7n8mnywojzi1hujdy6nu5z4gafbz.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #10067(normal) <ddca78>; lua; asn.lua:69: error querying dns (226.74.241.91.asn.rspamd.com): server fail
>> 2018-10-30 11:06:33 #26237(normal) <dab65a>; lua; emails.lua:55: Error querying DNS(xg6i7n8mnywojzi1hujdy6nu5z4gafbz.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #21149(normal) <145f57>; lua; emails.lua:55: Error querying DNS(nsgj7f9kridh8p1s38jpttefh59kn71x.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #26237(normal) <ba0305>; lua; asn.lua:69: error querying dns (20.74.241.91.asn.rspamd.com): server fail
>> 2018-10-30 11:06:33 #10067(normal) <cbdd0b>; lua; emails.lua:55: Error querying DNS(xg6i7n8mnywojzi1hujdy6nu5z4gafbz.email.rspamd.com): server fail
>> 2018-10-30 11:06:33 #10067(normal) <d2ffd1>; lua; asn.lua:69: error querying dns (209.242.10.106.asn.rspamd.com): server fail
>> 2018-10-30 11:06:34 #26237(normal) <48ba64>; lua; asn.lua:69: error querying dns (28.233.149.153.asn.rspamd.com): server fail
>> 2018-10-30 11:06:34 #21149(normal) <b01313>; lua; emails.lua:55: Error querying DNS(9ib6e5nythf6je166txsrazhjmzu5uea.email.rspamd.com): server fail
>> 2018-10-30 11:06:34 #21149(normal) <b246bc>; lua; emails.lua:55: Error querying DNS(94tjiah4y93rjjokdgn9mzckr6698cm9.email.rspamd.com): server fail
>> 2018-10-30 11:06:34 #26237(normal) <73fe3b>; lua; asn.lua:69: error querying dns (50.75.241.91.asn.rspamd.com): server fail
>> 2018-10-30 11:06:34 #26237(normal) <73fe3b>; lua; emails.lua:55: Error querying DNS(o6ym5a53c55twtc3gf5qzbg1wr6x5bqw.email.rspamd.com): server fail
>> 2018-10-30 11:06:34 #10067(normal) <ce126d>; lua; emails.lua:55: Error querying DNS(94tjiah4y93rjjokdgn9mzckr6698cm9.email.rspamd.com): server fail
>> 2018-10-30 11:06:34 #26237(normal) <d82642>; lua; emails.lua:55: Error querying DNS(94tjiah4y93rjjokdgn9mzckr6698cm9.email.rspamd.com): server fail
>> We use the local DNS resolver pdns for our purposes, mostly in its stock configuration on Debian Stretch. This is our setting in rspamd:
>> dns {
>>
>> timeout = 1s;
>>
>> sockets = 16;
>>
>> retransmits = 5;
>>
>> }
>> I already tried to maximize the amount of sockets, but this does not seem to fix this issue... if it is an issue at all... Is that a problem we see right now or can we just ignore it? It happens 24/7 and is filling our logs...
>
> The error aboutemail.rspamd.com was caused by some misconfiguration on
> one of my NS servers. ASN zone seems to be fine. What server do you
> query when SERVFAIL errors take place? asn-ns.rspamd.com or
> asn-ns2.rspamd.com?
More information about the Users
mailing list