Date: Tue, 18 Feb 2014 18:06:20 -0500 From: Janos Dohanics <web@3dresearch.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Reverse DNS question Message-ID: <20140218180620.0807880cf0dd661482e394b9@3dresearch.com>
next in thread | raw e-mail | index | archive | help
Hello List, Could you please explain this odd behavior: My Postfix logs show entries like this: Feb 18 08:35:13 barrida postfix/smtpd[86649]: connect from unknown[207.238.171.17] Feb 18 08:35:13 barrida postfix/smtpd[86705]: connect from spam2.continental-realestate.com[207.238.171.17] This host is a source of legitimate messages, and sends a number of messages every day. However, it seems that more often than not, Postfix is unable to resolve the name for 207.238.171.17. Postfix queries a resolver (djbdns) which runs on the same machine. I understand that DNS lookups can fail for reasons other than records not existing. However, every time I check with host: # host 207.238.171.17 17.171.238.207.in-addr.arpa domain name pointer mail1.continental-realestate.com. 17.171.238.207.in-addr.arpa domain name pointer mail.continental-realestate.com. 17.171.238.207.in-addr.arpa domain name pointer spam2.continental-realestate.com. or with dig: # dig -x 207.238.171.17 ; <<>> DiG 9.9.3-P2 <<>> -x 207.238.171.17 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32993 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;17.171.238.207.in-addr.arpa. IN PTR ;; ANSWER SECTION: 17.171.238.207.in-addr.arpa. 38333 IN PTR mail1.continental-realestate.com. 17.171.238.207.in-addr.arpa. 38333 IN PTR mail.continental-realestate.com. 17.171.238.207.in-addr.arpa. 38333 IN PTR spam2.continental-realestate.com. ;; Query time: 5 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Feb 18 17:41:23 EST 2014 ;; MSG SIZE rcvd: 130 I get replies as expected. Of all the hosts which send e-mail regularly, this is the only one with such odd behavior. So, my questions are: 1. Other than network congestion, what might cause this recurring name resolution failure? 2. If you look at the time stamps of the above 2 log entries: How is it possible that precisely at the same time, name resolution BOTH does not succeed AND does succeed? This "coinciding" time stamp isn't unique either; I could show a number of other instances. The system is FreeBSD 9.2-STABLE, postfix-2.10.2,1, djbdns-1.05. -- Janos Dohanics
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140218180620.0807880cf0dd661482e394b9>