dnsblog and host or domain not found

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

dnsblog and host or domain not found

Alex Regan
Hi,
I have a postfix-3.3.1 running on a fedora28 system and frequently see
warnings such as these in my logs:

Jul 26 10:42:09 mail03 postfix/dnsblog[3949]: warning: dnsblog_query:
lookup error for DNS query 51.225.249.24.b.barracudacentral.org: Host
or domain name not found. Name service error for
name=51.225.249.24.b.barracudacentral.org type=A: Host not found, try
again

That 51.225.249.24.b.barracudacentral.org indeed doesn't exist, but
the other postfix systems I have don't appear to log these warnings as
often. Is there a config option that controls how these messages are
logged?

The same problem (if it is a problem) exists with other DNSBLs on this
host but not others.

Shouldn't this DNSBL be responding with a "not listed" code instead of
just NXDOMAIN?

I was having a DNS issue on this host, so I thought it was also
possible that it was related to that. I'm using a local bind caching
server running on each mail host. On one of the three, it is
authoritative for its domain. This mail03 system it is just configured
to provide caching.

Below is my postscreen configuration for this host:

postscreen_dnsbl_ttl = 10m
postscreen_access_list =
        permit_mynetworks,
        cidr:/etc/postfix/postscreen_access.cidr,
        cidr:/etc/postfix/gmail_whitelist.cidr,
        cidr:/etc/postfix/postscreen_spf_whitelist.cidr,
        cidr:/etc/postfix/bec-ranges.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?2}${stress:8}s
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_timeout = 30s
postscreen_dnsbl_reply_map =
        texthash:$config_directory/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites =
        mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8
        score.senderscore.com=127.0.4.[0..19]*5
        score.senderscore.com=127.0.4.[20..29]*4
        score.senderscore.com=127.0.4.[30..49]*3
        score.senderscore.com=127.0.4.[50..59]*2
        score.senderscore.com=127.0.4.[60..69]*1
        score.senderscore.com=127.0.4.[70..79]*-1
        score.senderscore.com=127.0.4.[80..89]*-2
        score.senderscore.com=127.0.4.[90..100]*-3
        b.barracudacentral.org*7
        mykey.zen.dq.spamhaus.net=127.0.0.[4..7]*6
        bl.mailspike.net*4
        bl.spamcop.net*4
        bl.spameatingmonkey.net*4
        mykey.zen.dq.spamhaus.net=127.0.0.3*4
        sip.invaluementkey.xyz=127.0.0.2*8
        sip24.invaluementkey.xyz=127.0.0.2*6
        ubl.unsubscore.com=127.0.0.2*2
        list.dnswl.org=127.[0..255].[0..255].0*-2
        list.dnswl.org=127.[0..255].[0..255].1*-3
        list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
        dnsbl.sorbs.net=127.0.0.[10;14]*8
        dnsbl.sorbs.net=127.0.0.5*7
        dnsbl.sorbs.net=127.0.0.7*4
        dnsbl.sorbs.net=127.0.0.6*3
        dnsbl.sorbs.net=127.0.0.[8;9]*2
        dnsbl.sorbs.net=127.0.0.4*1

Thanks,
Alex
Reply | Threaded
Open this post in threaded view
|

Re: dnsblog and host or domain not found

Wietse Venema
Alex:
> I was having a DNS issue on this host, so I thought it was also
> possible that it was related to that. I'm using a local bind caching

It probably was. Unless there is a reason why barracudacentral
was giving different replies to your different machines.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: dnsblog and host or domain not found

Bill Cole-3
In reply to this post by Alex Regan
On 26 Jul 2018, at 11:23, Alex wrote:

> I have a postfix-3.3.1 running on a fedora28 system and frequently see
> warnings such as these in my logs:
>
> Jul 26 10:42:09 mail03 postfix/dnsblog[3949]: warning: dnsblog_query:
> lookup error for DNS query 51.225.249.24.b.barracudacentral.org: Host
> or domain name not found. Name service error for
> name=51.225.249.24.b.barracudacentral.org type=A: Host not found, try
> again

This is a potentially misleading error message due to a postfix/resolver
quirk. It DOES NOT mean that "51.225.249.24.b.barracudacentral.org"
resulted in a NXDOMAIN, it means that an A record for a name server for
the parent domain could not be found. A completed resolution with a
NXDOMAIN result is silent.


> Shouldn't this DNSBL be responding with a "not listed" code instead of
> just NXDOMAIN?

With the caveat that this is NOT what is causing that logged error: No.

NXDOMAIN is the answer a DNSBL is supposed to give when an address is
not listed, so there is no other possible correct response for a
non-listing.

Reply | Threaded
Open this post in threaded view
|

Re: dnsblog and host or domain not found\

Wietse Venema
Bill Cole:

> On 26 Jul 2018, at 11:23, Alex wrote:
>
> > I have a postfix-3.3.1 running on a fedora28 system and frequently see
> > warnings such as these in my logs:
> >
> > Jul 26 10:42:09 mail03 postfix/dnsblog[3949]: warning: dnsblog_query:
> > lookup error for DNS query 51.225.249.24.b.barracudacentral.org: Host
> > or domain name not found. Name service error for
> > name=51.225.249.24.b.barracudacentral.org type=A: Host not found, try
> > again
>
> This is a potentially misleading error message due to a postfix/resolver
> quirk. It DOES NOT mean that "51.225.249.24.b.barracudacentral.org"
> resulted in a NXDOMAIN, it means that an A record for a name server for
> the parent domain could not be found. A completed resolution with a
> NXDOMAIN result is silent.

Actually, the error message means that there was no DNS reply: no
A record, no NXDOMAIN, etc., therefore Postfix cannot know whether
the A record exists.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: dnsblog and host or domain not found\

Bill Cole-3
On 26 Jul 2018, at 19:34 (-0400), Wietse Venema wrote:

> Bill Cole:
>> On 26 Jul 2018, at 11:23, Alex wrote:
>>
>>> I have a postfix-3.3.1 running on a fedora28 system and frequently
>>> see
>>> warnings such as these in my logs:
>>>
>>> Jul 26 10:42:09 mail03 postfix/dnsblog[3949]: warning:
>>> dnsblog_query:
>>> lookup error for DNS query 51.225.249.24.b.barracudacentral.org:
>>> Host
>>> or domain name not found. Name service error for
>>> name=51.225.249.24.b.barracudacentral.org type=A: Host not found,
>>> try
>>> again
>>
>> This is a potentially misleading error message due to a
>> postfix/resolver
>> quirk. It DOES NOT mean that "51.225.249.24.b.barracudacentral.org"
>> resulted in a NXDOMAIN, it means that an A record for a name server
>> for
>> the parent domain could not be found. A completed resolution with a
>> NXDOMAIN result is silent.
>
> Actually, the error message means that there was no DNS reply: no
> A record, no NXDOMAIN, etc., therefore Postfix cannot know whether
> the A record exists.

I stand corrected. I don't have any recent examples but somehow it was
stuck in my head that this was a mark of a bad NS record. Faulty
wetware...


--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole
Reply | Threaded
Open this post in threaded view
|

Re: dnsblog and host or domain not found\

Wietse Venema
Bill Cole:

> On 26 Jul 2018, at 19:34 (-0400), Wietse Venema wrote:
>
> > Bill Cole:
> >> On 26 Jul 2018, at 11:23, Alex wrote:
> >>
> >>> I have a postfix-3.3.1 running on a fedora28 system and frequently
> >>> see
> >>> warnings such as these in my logs:
> >>>
> >>> Jul 26 10:42:09 mail03 postfix/dnsblog[3949]: warning:
> >>> dnsblog_query:
> >>> lookup error for DNS query 51.225.249.24.b.barracudacentral.org:
> >>> Host
> >>> or domain name not found. Name service error for
> >>> name=51.225.249.24.b.barracudacentral.org type=A: Host not found,
> >>> try
> >>> again
> >>
> >> This is a potentially misleading error message due to a
> >> postfix/resolver
> >> quirk. It DOES NOT mean that "51.225.249.24.b.barracudacentral.org"
> >> resulted in a NXDOMAIN, it means that an A record for a name server
> >> for
> >> the parent domain could not be found. A completed resolution with a
> >> NXDOMAIN result is silent.
> >
> > Actually, the error message means that there was no DNS reply: no
> > A record, no NXDOMAIN, etc., therefore Postfix cannot know whether
> > the A record exists.
>
> I stand corrected. I don't have any recent examples but somehow it was
> stuck in my head that this was a mark of a bad NS record. Faulty
> wetware...

It could a failure at any layer in the stack, including a
bit-pattern-dependent hardware error (reported some 20 years ago).
I would not speculate which the error is.

        Wietse