[Dnsmasq-discuss] dnsmasq responses.

Simon Kelley simon at thekelleys.org.uk
Thu Feb 16 20:42:47 GMT 2006 

Henri wrote:
> Hello all,
> 
> I'm new to the list, mainly because I have a question about dnsmasq
> for which I could not find an answer on the net, nor in this list's
> archives.
> 
> My mailserver runs dnsmasq as a forwarding DNS server. My MTA is XMail
> (www.xmailserver.com) which supports spam filtering by querying
> several blacklists available on the internet (spamcop, sorbs, etc).
> 
> These lists return an ip address, usually between 127.0.0.1 and
> 127.0.0.10. 127.0.0.1 means the ip address is not blacklisted, all
> others mean it is blacklisted. My problem is that dnsmasq does not
> seem to return 127.0.0.1 to my mailserver. Here's a part of my syslog:
> 
> query 1:
> query[type=1910] 122.132.43.200.dnsbl.sorbs.net from 127.0.0.1
> forwarded 122.132.43.200.dnsbl.sorbs.net to 194.109.104.104
> 
> query 2:
> query[A] 1.140.26.83.dnsbl.sorbs.net from 127.0.0.1
> forwarded 1.140.26.83.dnsbl.sorbs.net to 194.109.104.104
> reply 1.140.26.83.dnsbl.sorbs.net is 127.0.0.10
> 
> 
> The first query never comes back with a reply. The ip (200.43.132.122)
> is not blacklisten on dnsbl.sorbs.net so it should have returned
> 127.0.0.1 

When I attempt query 1, I get a reply, but it's not 127.0.0.1, it's "no
such domain". The logging is a bit confusing, because NXDOMAIN replies
only get logged if they are entered into the cache. If the nameserver
doesn't  return an SOA record in its reply, the name won't go into the
cache, and won't be logged. Here, there's no SOA and no log entry, but
that's a function of my ISP's nameserver, so it might not be the same
for you. The NXDOMAIN reply will get back to requestor, even if it's not
logged.

Try running "dig 122.132.43.200.dnsbl.sorbs.net". I get

srk:~/dnsmasq-2.27/dnsmasq-2.27/src > dig 122.131.113.201.dnsbl.sorbs.net

; <<>> DiG 9.2.4rc5 <<>> 122.131.113.201.dnsbl.sorbs.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1234
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;122.131.113.201.dnsbl.sorbs.net. IN    A

;; Query time: 2258 msec
;; SERVER: 192.168.0.4#53(192.168.0.4)
;; WHEN: Thu Feb 16 20:36:45 2006
;; MSG SIZE  rcvd: 49

notice: "status NXDOMAIN" and the AUTHORITY section doesn't have an SOA
entry. That query went through dnsmasq.



Short answer: 122.132.43.200.dnsbl.sorbs.net returns NXDOMAIN, which
might not get logged, but will get back to your MTA. dnsmasq doesn't do
anything special with 127.0.0.1 anyway.

> 
> The second query does return an ip address because this one is
> blacklisted.
> 
> Does anybody know what the problem is here? My smtp threads wait for
> about 90 seconds for a reply from my dns server. During a wave of spam
> (I receive about 30,000 a day) all my smtp threads are waiting...
> blocking other mail servers from connecting to deliver mail.

I don't think it's a dnsmasq problem. Maybe sorbs is just too slow for
that rate of query.

> 
> Any advice is more than welcome!
> 

30,000 spams a day? Get a new email address? ;-)

Cheers,

Simon.

More information about the Dnsmasq-discuss mailing list