Temporary Lookup Failure

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Temporary Lookup Failure

@lbutlr
After updating Bind and dovecot and rebooting the server, I am getting these errors on almost every incoming mail.

Bind is running, and I can manually lookup the domains and dig -x the IPs, so I don’t think bind is the issue?

Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y: client=mx2.freebsd.org[96.47.72.81]
Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y: permit: RCPT from mx2.freebsd.org[96.47.72.81]: action=permit for Helo command=mx2.freebsd.org ; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<mx2.freebsd.org>
Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y: reject: RCPT from mx2.freebsd.org[96.47.72.81]: 451 4.3.0 <[hidden email]>: Temporary lookup failure; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<mx2.freebsd.org>

 # portmaster -l | egrep '(postfix|dovec|bind)'
===>>> bind-tools-9.16.6
===>>> dovecot-2.3.11.3
===>>> bind916-9.16.6_1
===>>> dovecot-pigeonhole-0.5.11
===>>> postfix-3.5.6,1
===>>> postfixadmin-3.2.4

I did disable/remove both spam assassin and spams-milter because the server was getting overloaded with sa-learn and I though that might be related. I commented out the miter lines in main.cf and added soft-bounce, but made no other changes to main.cf.

Current load os 0.29 instead of 12.9 and climbing, sp I don’t think it’s related.
Reply | Threaded
Open this post in threaded view
|

Re: Temporary Lookup Failure

Benny Pedersen-2
@lbutlr skrev den 2020-08-29 14:16:
> After updating Bind and dovecot and rebooting the server, I am getting
> these errors on almost every incoming mail.

try reboot ?

> Current load os 0.29 instead of 12.9 and climbing, sp I don’t think
> it’s related.

is

dig +trace google.com

working ?

is

ping6 -c 3 google.com

working ?

try doing the same with freebsd.org

what is failing ?

and lastly have you "Making the DNS More Private with QNAME
Minimisation" this is imho not yet solved in rbldnsd, so disable it in
bind9
Reply | Threaded
Open this post in threaded view
|

Re: Temporary Lookup Failure

Wietse Venema
In reply to this post by @lbutlr
@lbutlr:
> Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y:
> reject: RCPT from mx2.freebsd.org[96.47.72.81]: 451 4.3.0
> <[hidden email]>: Temporary lookup failure;
> from=<[hidden email]> to=<[hidden email]>
> proto=ESMTP helo=<mx2.freebsd.org>

Your Postfix resolv.conf file may point to the wrong IP address.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Temporary Lookup Failure

Viktor Dukhovni
In reply to this post by @lbutlr
On Sat, Aug 29, 2020 at 06:16:27AM -0600, @lbutlr wrote:

> After updating Bind and dovecot and rebooting the server, I am getting these errors on almost every incoming mail.
> Bind is running, and I can manually lookup the domains and dig -x the IPs, so I don’t think bind is the issue?

Red herrings.


> Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y:
> reject: RCPT from mx2.freebsd.org[96.47.72.81]: 451 4.3.0
> <[hidden email]>: Temporary lookup failure;
> from=<[hidden email]> to=<[hidden email]>
> proto=ESMTP helo=<mx2.freebsd.org>

Who said the lookup failure is a DNS problem?  More likely some table
driver no longer works after the upgrade, or other similar resource.

The real error is earlier in the logs.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Temporary Lookup Failure

Bob Proulx
In reply to this post by @lbutlr
@lbutlr wrote:
> Bind is running, and I can manually lookup the domains and dig -x
> the IPs, so I don’t think bind is the issue?

Although dig and drill are good for tracing DNS queries the better
tool for tracing system default lookups is 'getent'.  It will perform
a lookup using the same libc library as any program using
gethostent(3).

In this case try this.

    getent ahosts mx2.freebsd.org

I get this result:

    $ getent hosts mx2.freebsd.org
    2610:1c1:1:606c::19:2 mx2.freebsd.org

    $ getent ahosts mx2.freebsd.org
    96.47.72.81     STREAM mx2.freebsd.org
    96.47.72.81     DGRAM  
    96.47.72.81     RAW    
    2610:1c1:1:606c::19:2 STREAM
    2610:1c1:1:606c::19:2 DGRAM  
    2610:1c1:1:606c::19:2 RAW    

As others noted if postfix is running chroot'd then the
/etc/resolv.conf that it will use will be the file in the postfix
chroot.  On my system that would be this one.  Which on my system is
updated when the service script starts postfix.

    /var/spool/postfix/etc/resolv.conf

Bob
Reply | Threaded
Open this post in threaded view
|

Re: Temporary Lookup Failure

@lbutlr
In reply to this post by Viktor Dukhovni
On 29 Aug 2020, at 07:17, Viktor Dukhovni <[hidden email]> wrote:

> On Sat, Aug 29, 2020 at 06:16:27AM -0600, @lbutlr wrote:
>
>> After updating Bind and dovecot and rebooting the server, I am getting these errors on almost every incoming mail.
>> Bind is running, and I can manually lookup the domains and dig -x the IPs, so I don’t think bind is the issue?
>
> Red herrings.
>
>
>> Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y:
>> reject: RCPT from mx2.freebsd.org[96.47.72.81]: 451 4.3.0
>> <[hidden email]>: Temporary lookup failure;
>> from=<[hidden email]> to=<[hidden email]>
>> proto=ESMTP helo=<mx2.freebsd.org>
>
> Who said the lookup failure is a DNS problem?  More likely some table
> driver no longer works after the upgrade, or other similar resource.
>
> The real error is earlier in the logs.

The previous line is mostly the same, only it says permit. I posted all the lines for the given QID.Looking at the logs for other errors the only thing I see is that occasionally (but far less than the number of lookup errors) was "(address resolver failure)" and ,mysql connection issues when I was stopping the various services. And to was not just freebsd.org that failed, it was most things.

After several hours last night and this morning with a trickle of mail coming in and several reboots I finally got it working with a manual shutdown of all the related services, a removal of several ancillary ports (spamassin, etc) and rebuilding those ports. And then manually starting the services back up. Nothing showed as an out of date port, but spamassasin, at least, showed something that was updated instead of installed.

Haven’t gotten a recourance in just about an hour.

Still don't know what the cause was and find it rather concerning because of the reboots.

When I can get there in person, I'll reboot again and see if all comes back up this time.



--
Bowling scores are way up, minigolf scores are way down, and we have
        more excellent waterslides than any other planet we communicate
        with