Still flogging a dead horse... On Sun, Aug 04, 2002 at 11:33:32PM +1200, Peter Mott wrote: But the telecom delegated /23 had no name resolution. Empty/broken zone, lame delegation or name-servers not responding? For your original email is sounds very much like the latter, in which case *most* things will keep working albeit a little more slowly at times perhaps. Email won't be lost, it will remain in the queues, web-traffic should be blisfully ignorant of this. As much of 25% of the 'NZ in-addr.arpa' space is bogus last time I checked. Thousands of web applications on our virtual web servers were unable to send mail because the in-addr zone ttl expired on our caching name servers Your expired in under 30 minutes? and lookups to auth name servers failed due to loss of parent name servers I'm not sure i follow here. Since our mailers require even our own host ip addresses to resolve to a useful name things were very sucky for a time. Eh? Your MTAs fail to stop working when they can't resolve their own names from address? Sounds pretty nasty to me.... We are making quite a few network changes at this time, so had ttl lower than usual. Needless to say I've wound it back up again. Lucky for us, none of our outbound mailers are on the /23 concerned, or other isp mailers would no doubt been refusing mail from our customers. I doubt it... so much DNS is busted out there almost body requires in-addr.apra to be working when receiving email. Sorry, I just don't understand why this was such a problem... reverse is broken for so many people and they never notice it. --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
At 13:34 7/08/02 -0700, Chris Wedgwood wrote:
On Sun, Aug 04, 2002 at 11:33:32PM +1200, Peter Mott wrote:
But the telecom delegated /23 had no name resolution.
Empty/broken zone, lame delegation or name-servers not responding?
For your original email is sounds very much like the latter, in which case *most* things will keep working albeit a little more slowly at times perhaps.
Email won't be lost, it will remain in the queues, web-traffic should be blisfully ignorant of this. [snip]
Sorry, I just don't understand why this was such a problem... reverse is broken for so many people and they never notice it.
It depends *whose* reverse dns is broken.... MTA - MTA transfer of mail will normally get around the problem of broken reverse DNS, usually just with a bit of delay in the delivery of the message, and perhaps a lookup failure warning in the headers. This is because MTA's usually have connection timeouts that are longer than dns lookup failure timeouts. However if the reverse DNS for end users (eg, dialup, Jetstream, and so forth) is broken in such a way that the DNS times out instead of immediately failing, this can pretty much kill email for those end users. When the user connects to the mail server, most MTA's (Sendmail certainly does) try to do a reverse lookup on the clients address. If that failed immediately then there wouldn't be a big problem, but if the nature of the dns failure means that every single lookup has to time out, (typically a couple of minutes) then the mailserver wont respond with its welcome banner until after that timeout. Trouble is, most typical end user email software simply won't wait that long before giving up, and even if it would, the user themselves usually get impatient and cancel the attempt.
From the point of view of that end user their email isn't working...
Regards, Simon - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wednesday, August 7, 2002, at 05:54 , Simon Byrnand wrote:
However if the reverse DNS for end users (eg, dialup, Jetstream, and so forth) is broken in such a way that the DNS times out instead of immediately failing, this can pretty much kill email for those end users.
When the user connects to the mail server, most MTA's (Sendmail certainly does) try to do a reverse lookup on the clients address. If that failed immediately then there wouldn't be a big problem, but if the nature of the dns failure means that every single lookup has to time out, (typically a couple of minutes) then the mailserver wont respond with its welcome banner until after that timeout.
So use an MTA which allows you turn off the PTR lookup. There, that wasn't hard. Next! Joe - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (3)
-
Chris Wedgwood -
Joe Abley -
Simon Byrnand