spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Axb <axb.li...@gmail.com>
Subject Re: DNS and RBL problems
Date Sat, 15 Sep 2018 16:43:47 GMT
So this is the moment where this becomes SA OT and your ISP or 
networking guys/support & Wireshark / hping, etc should help you out.


On 9/15/18 6:28 PM, Alex wrote:
> Hi,
> 
> On Sat, Sep 15, 2018 at 5:31 AM Benny Pedersen <me@junc.eu> wrote:
>>
>> Pedro David Marco skrev den 2018-09-15 09:46:
>>> Sorry, typo issue.. i meant 512 bytes
>>
>> and with EDNS0 its upto 4096
>>
>> but not all dns servers support it
>>
>> one could force tcp if wanted
>>
>> or drop buggy rbl zones
> 
> Thank you all so much for your help. The only thing between this
> system and the Internet is the Optonline modem/router. I've even gone
> without any local firewall rules to eliminate that possibility.
> 
> Just last night I implemented htb shaping to limit the outgoing SMTP
> traffic rate to be sure it's not consuming the entire pipe, preventing
> UDP traffic from being received. I don't think that's the problem,
> though, as it happens during all times of the day.
> 
>> zone "hostkarma.junkemailfilter.com" { type forward; forward first;
>> forwarders {}; };
> 
> I'm not sure this would help, as our nameservers aren't set up for
> forwarding at all.
> 
>> Can you place a sniffer on LAN and WAN interfaces of your Firewall?
> 
> I've done this, and even posted packets for people to look at on the
> bind-users list, and it was inconclusive. The packet involving the
> "SERVFAIL" error doesn't provide any info as to why it failed. It
> appears there was just never a response to the packet and the query
> timed out.
> 
>> Just in case of unexpected throttling by someone/something in the middle... have
you tried with a VPN (only for DNS traffic)?
> 
> I'll try that to see if somehow Optonline/Cablevision/Altice is
> dropping my packets. However, it does also happen to our DIA ethernet
> circuit, so I'm not hopeful.
> 
> Here's the packet trace of one of the failed packets, in case someone
> has some ideas or was curious.
> 
> No.     Time           Source                Destination
> Protocol Length Info
>     9083 11.730327      127.0.0.1             127.0.0.1             DNS
>       104    Standard query response 0xded6 Server failure A
> 25.188.223.216.wl.mailspike.net OPT
> 
> Frame 9083: 104 bytes on wire (832 bits), 104 bytes captured (832 bits)
>      Encapsulation type: Linux cooked-mode capture (25)
>      Arrival Time: Sep 13, 2018 15:46:36.633305000 EDT
>      [Time shift for this packet: 0.000000000 seconds]
>      Epoch Time: 1536867996.633305000 seconds
>      [Time delta from previous captured frame: 0.000969000 seconds]
>      [Time delta from previous displayed frame: 0.006367000 seconds]
>      [Time since reference or first frame: 11.730327000 seconds]
>      Frame Number: 9083
>      Frame Length: 104 bytes (832 bits)
>      Capture Length: 104 bytes (832 bits)
>      [Frame is marked: False]
>      [Frame is ignored: False]
>      [Protocols in frame: sll:ethertype:ip:udp:dns]
>      [Coloring Rule Name: UDP]
>      [Coloring Rule String: udp]
> Linux cooked capture
>      Packet type: Unicast to us (0)
>      Link-layer address type: 772
>      Link-layer address length: 6
>      Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
>      Unused: 6fc0
>      Protocol: IPv4 (0x0800)
> Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
>      0100 .... = Version: 4
>      .... 0101 = Header Length: 20 bytes (5)
>      Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
>          0000 00.. = Differentiated Services Codepoint: Default (0)
>          .... ..00 = Explicit Congestion Notification: Not ECN-Capable
> Transport (0)
>      Total Length: 88
>      Identification: 0x2dff (11775)
>      Flags: 0x0000
>          0... .... .... .... = Reserved bit: Not set
>          .0.. .... .... .... = Don't fragment: Not set
>          ..0. .... .... .... = More fragments: Not set
>          ...0 0000 0000 0000 = Fragment offset: 0
>      Time to live: 64
>      Protocol: UDP (17)
>      Header checksum: 0x4e94 [validation disabled]
>      [Header checksum status: Unverified]
>      Source: 127.0.0.1
>      Destination: 127.0.0.1
> User Datagram Protocol, Src Port: 53, Dst Port: 12304
>      Source Port: 53
>      Destination Port: 12304
>      Length: 68
>      Checksum: 0xfe57 [unverified]
>      [Checksum Status: Unverified]
>      [Stream index: 320]
> Domain Name System (response)
>      Transaction ID: 0xded6
>      Flags: 0x8182 Standard query response, Server failure
>          1... .... .... .... = Response: Message is a response
>          .000 0... .... .... = Opcode: Standard query (0)
>          .... .0.. .... .... = Authoritative: Server is not an
> authority for domain
>          .... ..0. .... .... = Truncated: Message is not truncated
>          .... ...1 .... .... = Recursion desired: Do query recursively
>          .... .... 1... .... = Recursion available: Server can do
> recursive queries
>          .... .... .0.. .... = Z: reserved (0)
>          .... .... ..0. .... = Answer authenticated: Answer/authority
> portion was not authenticated by the server
>          .... .... ...0 .... = Non-authenticated data: Unacceptable
>          .... .... .... 0010 = Reply code: Server failure (2)
>      Questions: 1
>      Answer RRs: 0
>      Authority RRs: 0
>      Additional RRs: 1
>      Queries
>          25.188.223.216.wl.mailspike.net: type A, class IN
>              Name: 25.188.223.216.wl.mailspike.net
>              [Name Length: 31]
>              [Label Count: 7]
>              Type: A (Host Address) (1)
>              Class: IN (0x0001)
>      Additional records
>          <Root>: type OPT
>              Name: <Root>
>              Type: OPT (41)
>              UDP payload size: 4096
>              Higher bits in extended RCODE: 0x00
>              EDNS0 version: 0
>              Z: 0x0000
>                  0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
>                  .000 0000 0000 0000 = Reserved: 0x0000
>              Data length: 0
>      [Unsolicited: True]
> 


Mime
View raw message