[Rspamd-Users] Resolvers and Upstreams

G.W. Haywood rspamd at jubileegroup.co.uk
Mon Aug 28 10:47:22 UTC 2023


Hi there,

On Mon, 28 Aug 2023, George Asenov wrote:

> In the documentation there is a link to upstreams section.

It would help me if you could supply a pointer to the document to
which you refer.

> ... we have cluster of over 40 private resolvers ...
> ... not all resolvers are up at any time and when DKIM signing 
> module happen to try one that is not working then it doesn't sign.

How does mail get sent without having the services of a resolver?  My
blood stream is a little low on caffeine just now, I do hope I haven't
misunderstood something...

My immediate reaction is that you need to fix your name resolution.

The DNS goes to great lengths to deal with temporary failures so that
it is very reliable.  It seems to me that, whatever else your cluster
might provide, it does not provide sufficient reliability.

> Is there a way to have a health check for the resolvers to filter out 
> temporary the nonworking entries?

IMO that shouldn't be necessary.  DNS resolution should Just Work.
Failures should be so rare that the failure rate is acceptable, and
there should be a process to remedy them, ASAP, when they happen.  If
it is inevitable that one of your resolvers may be unavailable to your
application, I'd have said there should be a way for requests to fail
transparently from one which isn't available to one which is.

-- 

73,
Ged.


More information about the Users mailing list