Topic: dnsbl: zen.spamhaus.org query failed: query timed out

[glosair]

Having a problem with all dnsbl queries timing out following an upgrade from to version 10

The error is

dnsbl: zen.spamhaus.org query failed:  query timed out


If I do a  NS lookup I instantly get the following correct result:

nslookup 214.238.214.180.zen.spamhaus.org
Server:         10.0.1.253
Address:        10.0.1.253#53

Non-authoritative answer:
Name:   214.238.214.180.zen.spamhaus.org
Address: 127.0.0.2

[Jean-Philippe Pialasse]

1- have you set something at the dns entry in the initial configuration. if yes and a major dns service has been used this coupd be the cause

2- the answer could be too long to come for the plugin but when you retry later it has already been cached or you are more patient and get the result.

[glosair]

1- have you set something at the dns entry in the initial configuration. if yes and a major dns service has been used this coupd be the cause

Using the internal dns

2- the answer could be too long to come for the plugin but when you retry later it has already been cached or you are more patient and get the result.

Been having the problem since upgrading to 10, it's not just spamhause but any lists I add!

2021-07-31 19:41:11.000954500 3102 (connect) dnsbl: zen.spamhaus.org query failed:  query timed out
2021-07-31 19:42:13.000952500 3102 (connect) dnsbl: bl.spamcop.net query failed:  query timed out

[Jean-Philippe Pialasse]

this last information does not help.

what would help would be to answer to those question

1 have you delegated the dns work to an external provider  ?

2  a dig (using a brand new ip to test) would be more helpful directly on the server with the dnscache log and dnscache.forwarder log
why dig? because you will get the query time

[glosair]

this last information does not help.

what would help would be to answer to those question

1 have you delegated the dns work to an external provider  ?


2  a dig (using a brand new ip to test) would be more helpful directly on the server with the dnscache log and dnscache.forwarder log
why dig? because you will get the query time

1 Have not changed dns servers


[root@post ~]# dig 16.225.49.37.zen.spamhause.org any

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> 16.225.49.37.zen.spamhause.org any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1549
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;16.225.49.37.zen.spamhause.org.        IN      ANY

;; ANSWER SECTION:
16.225.49.37.zen.spamhause.org. 600 IN  A       95.211.219.67

;; Query time: 144 msec
;; SERVER: 10.0.1.253#53(10.0.1.253)
;; WHEN: Sat Jul 31 21:15:30 BST 2021
;; MSG SIZE  rcvd: 64

AND

2021-07-31 21:15:30.601370500 query 3166 7f000001:87fc:ff07 255 16.225.49.37.zen.spamhause.org.
2021-07-31 21:15:30.601426500 cached ns org. d0.org.afilias-nst.org.
2021-07-31 21:15:30.601428500 cached ns org. a0.org.afilias-nst.info.
2021-07-31 21:15:30.601429500 cached ns org. c0.org.afilias-nst.info.
2021-07-31 21:15:30.601429500 cached ns org. a2.org.afilias-nst.info.
2021-07-31 21:15:30.601430500 cached ns org. b0.org.afilias-nst.org.
2021-07-31 21:15:30.601431500 cached ns org. b2.org.afilias-nst.org.
2021-07-31 21:15:30.601462500 cached 1 d0.org.afilias-nst.org.
2021-07-31 21:15:30.601464500 cached 1 a0.org.afilias-nst.info.
2021-07-31 21:15:30.601464500 cached 1 c0.org.afilias-nst.info.
2021-07-31 21:15:30.601493500 cached 1 a2.org.afilias-nst.info.
2021-07-31 21:15:30.601494500 cached 1 b0.org.afilias-nst.org.
2021-07-31 21:15:30.601495500 cached 1 b2.org.afilias-nst.org.
2021-07-31 21:15:30.601524500 tx 0 255 16.225.49.37.zen.spamhause.org. org. c7f97001 c7f97801 c7133801 c7133901 c7133501 c7133601
2021-07-31 21:15:30.609988500 rr c7f97001 86400 ns spamhause.org. ns1.hastydns.com.
2021-07-31 21:15:30.609990500 rr c7f97001 86400 ns spamhause.org. ns2.hastydns.com.
2021-07-31 21:15:30.610044500 stats 3166 709818 40 0
2021-07-31 21:15:30.610045500 cached ns com. a.gtld-servers.net.
2021-07-31 21:15:30.610045500 cached ns com. l.gtld-servers.net.
2021-07-31 21:15:30.610046500 cached ns com. e.gtld-servers.net.
2021-07-31 21:15:30.610047500 cached ns com. b.gtld-servers.net.
2021-07-31 21:15:30.610048500 cached ns com. i.gtld-servers.net.
2021-07-31 21:15:30.610078500 cached ns com. d.gtld-servers.net.
2021-07-31 21:15:30.610079500 cached ns com. g.gtld-servers.net.
2021-07-31 21:15:30.610080500 cached ns com. f.gtld-servers.net.
2021-07-31 21:15:30.610081500 cached ns com. h.gtld-servers.net.
2021-07-31 21:15:30.610112500 cached ns com. c.gtld-servers.net.
2021-07-31 21:15:30.610113500 cached ns com. j.gtld-servers.net.
2021-07-31 21:15:30.610113500 cached ns com. k.gtld-servers.net.
2021-07-31 21:15:30.610114500 cached ns com. m.gtld-servers.net.
2021-07-31 21:15:30.610144500 cached 1 a.gtld-servers.net.
2021-07-31 21:15:30.610145500 cached 1 l.gtld-servers.net.
2021-07-31 21:15:30.610146500 cached 1 e.gtld-servers.net.
2021-07-31 21:15:30.610175500 cached 1 b.gtld-servers.net.
2021-07-31 21:15:30.610176500 cached 1 i.gtld-servers.net.
2021-07-31 21:15:30.610177500 cached 1 d.gtld-servers.net.
2021-07-31 21:15:30.610206500 cached 1 g.gtld-servers.net.
2021-07-31 21:15:30.610207500 cached 1 f.gtld-servers.net.
2021-07-31 21:15:30.610237500 cached 1 h.gtld-servers.net.
2021-07-31 21:15:30.610238500 cached 1 c.gtld-servers.net.
2021-07-31 21:15:30.610239500 cached 1 j.gtld-servers.net.
2021-07-31 21:15:30.610266500 cached 1 k.gtld-servers.net.
2021-07-31 21:15:30.610267500 cached 1 m.gtld-servers.net.
2021-07-31 21:15:30.610297500 tx 0 1 ns1.hastydns.com. com. c029a21e c01f501e c00c5e1e c0304f1e c02bac1e c02a5d1e c005061e c01a5c1e c023331e c034b21e c036701e c0210e1e c037531e
2021-07-31 21:15:30.625890500 rr c029a21e 172800 1 ns1.registermatrix.com. d420f031
2021-07-31 21:15:30.625935500 rr c029a21e 172800 1 ns2.registermatrix.com. cff4443e
2021-07-31 21:15:30.625936500 rr c029a21e 172800 ns hastydns.com. ns1.registermatrix.com.
2021-07-31 21:15:30.625937500 rr c029a21e 172800 ns hastydns.com. ns2.registermatrix.com.
2021-07-31 21:15:30.625938500 stats 3166 710002 40 0
2021-07-31 21:15:30.625966500 cached 1 ns1.registermatrix.com.
2021-07-31 21:15:30.625967500 cached 1 ns2.registermatrix.com.
2021-07-31 21:15:30.625968500 tx 0 1 ns1.hastydns.com. hastydns.com. cff4443e d420f031
2021-07-31 21:15:30.710083500 rr cff4443e 300 1 ns1.hastydns.com. 45a25032
2021-07-31 21:15:30.710138500 stats 3166 710046 40 0
2021-07-31 21:15:30.710139500 cached ns hastydns.com. ns1.registermatrix.com.
2021-07-31 21:15:30.710141500 cached ns hastydns.com. ns2.registermatrix.com.
2021-07-31 21:15:30.710142500 cached 1 ns1.registermatrix.com.
2021-07-31 21:15:30.710143500 cached 1 ns2.registermatrix.com.
2021-07-31 21:15:30.710173500 tx 0 1 ns2.hastydns.com. hastydns.com. d420f031 cff4443e
2021-07-31 21:15:30.725369500 rr d420f031 300 1 ns2.hastydns.com. 5fd375ce
2021-07-31 21:15:30.725412500 stats 3166 710090 40 0
2021-07-31 21:15:30.725413500 tx 0 255 16.225.49.37.zen.spamhause.org. spamhause.org. 5fd375ce 45a25032
2021-07-31 21:15:30.744398500 rr 5fd375ce 600 1 16.225.49.37.zen.spamhause.org. 5fd3db43

[Jean-Philippe Pialasse]

what is your server spec?

[glosair]

what is your server spec?

It's a Dell SC1425
[root@post ~]# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                4
On-line CPU(s) list:   0-3
Thread(s) per core:    2
Core(s) per socket:    1
Socket(s):             2
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            15
Model:                 4
Model name:            Intel(R) Xeon(TM) CPU 2.80GHz
Stepping:              1
CPU MHz:               2799.941
BogoMIPS:              5599.88
L1d cache:             16K
L2 cache:              1024K
NUMA node0 CPU(s):     0-3
Flags:                 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc pebs bts nopl eagerfpu pni dtes64 monitor ds_cpl cid cx16 xtpr
[root@post ~]# lsmem
RANGE                                  SIZE  STATE REMOVABLE BLOCK
0x0000000000000000-0x0000000007ffffff  128M online        no     0
0x0000000008000000-0x000000002fffffff  640M online       yes   1-5
0x0000000030000000-0x0000000037ffffff  128M online        no     6
0x0000000038000000-0x000000004fffffff  384M online       yes   7-9
0x0000000050000000-0x000000005fffffff  256M online        no 10-11
0x0000000060000000-0x0000000077ffffff  384M online       yes 12-14
0x0000000078000000-0x0000000087ffffff  256M online        no 15-16
0x0000000088000000-0x00000000a7ffffff  512M online       yes 17-20
0x00000000a8000000-0x00000000dfffffff  896M online        no 21-27
0x0000000100000000-0x000000010fffffff  256M online       yes 32-33
0x0000000110000000-0x0000000117ffffff  128M online        no    34
0x0000000118000000-0x000000012fffffff  384M online       yes 35-37
0x0000000130000000-0x000000013fffffff  256M online        no 38-39
0x0000000140000000-0x0000000157ffffff  384M online       yes 40-42
0x0000000158000000-0x000000015fffffff  128M online        no    43
0x0000000160000000-0x0000000167ffffff  128M online       yes    44
0x0000000168000000-0x000000019fffffff  896M online        no 45-51

Memory block size:       128M
Total online memory:       6G
Total offline memory:      0B
[root@post ~]#

Two 1TB sata drives in a hardware raid1

[glosair]

what is your server spec?

Installed on fresh hardware (ADLINK industrial computer) and exactly the same problem. All blacklist server requests time out.

[Jean-Philippe Pialasse]

lspci -kk

[glosair]

lspci -kk

[root@post ~]# lspci -kk
00:00.0 Host bridge: Intel Corporation E7520 Memory Controller Hub (rev 09)
        Subsystem: Dell PowerEdge SC1425
        Kernel modules: e752x_edac
00:02.0 PCI bridge: Intel Corporation E7525/E7520/E7320 PCI Express Port A (rev                                                        09)
        Kernel driver in use: pcieport
00:1d.0 USB controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr                                                       oller #1 (rev 02)
        Subsystem: Dell PowerEdge SC1425
        Kernel driver in use: uhci_hcd
00:1d.1 USB controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr                                                       oller #2 (rev 02)
        Subsystem: Dell PowerEdge SC1425
        Kernel driver in use: uhci_hcd
00:1d.7 USB controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB2 EHCI Cont                                                       roller (rev 02)
        Subsystem: Dell PowerEdge SC1425
        Kernel driver in use: ehci-pci
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev c2)
00:1f.0 ISA bridge: Intel Corporation 82801EB/ER (ICH5/ICH5R) LPC Interface Brid                                                       ge (rev 02)
        Kernel driver in use: lpc_ich
        Kernel modules: intel_rng, lpc_ich
00:1f.1 IDE interface: Intel Corporation 82801EB/ER (ICH5/ICH5R) IDE Controller                                                        (rev 02)
        Subsystem: Dell PowerEdge SC1425
        Kernel driver in use: ata_piix
        Kernel modules: ata_piix, pata_acpi, ata_generic
00:1f.2 RAID bus controller: Intel Corporation 82801ER (ICH5R) SATA Controller (                                                       rev 02)
        Subsystem: Dell Device 019a
        Kernel driver in use: ata_piix
        Kernel modules: ata_piix
01:00.0 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge A (rev 0                                                       9)
01:00.2 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge B (rev 0                                                       9)
02:04.0 Ethernet controller: Intel Corporation 82541GI Gigabit Ethernet Controll                                                       er (rev 05)
        Subsystem: Dell PRO/1000 MT Network Connection
        Kernel driver in use: e1000
        Kernel modules: e1000
04:03.0 Ethernet controller: Intel Corporation 82541GI Gigabit Ethernet Controll                                                       er (rev 05)
        Subsystem: Dell PRO/1000 MT Network Connection
        Kernel driver in use: e1000
        Kernel modules: e1000
04:0d.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RV100                                                        [Radeon 7000 / Radeon VE]
        Subsystem: Dell PowerEdge SC1425
        Kernel driver in use: radeon
        Kernel modules: radeon
[root@post ~]#

[mmccarn]

I think it's possible that a PMTU problem between your SME server and the internet DNS servers could cause connections to time out.

There are notes in the wiki about PMTU and email connections:
https://wiki.koozali.org/SME_Server:Documentation:FAQ:Section04#qpsmtpd_.22Connection_Timed_Out.22_errors

[glosair]

I think it's possible that a PMTU problem between your SME server and the internet DNS servers could cause connections to time out.

There are notes in the wiki about PMTU and email connections:
https://wiki.koozali.org/SME_Server:Documentation:FAQ:Section04#qpsmtpd_.22Connection_Timed_Out.22_errors

Checked this and doesn't appear to be the problem.

[Jean-Philippe Pialasse]

Checked this and doesn't appear to be the problem.

how did you checked ?

[glosair]

how did you checked ?

ping -M do -s 1464 8.8.8.8

This problem doesn't appear on a version 9 server on the same connection the DNSBL lookups work fine.

Tim

[Jean-Philippe Pialasse]

you need not to explore one working path but the one failing. 

The MTU issue could be yours, or could be any hop between you and the final destination failing.

in your case dnsbl services.


so use tracepath dnsblservice


when stating it works with sme 9 with same connection. is it really same connection? same place in the network? no interface ? very same hardware?

we are not able to reproduce, so despite our effort to get information about the server,  there must be an extra thing we are not aware of.

have you the issue if you install a fresh sme10 without loading the backup?

[glosair]

you need not to explore one working path but the one failing. 

The MTU issue could be yours, or could be any hop between you and the final destination failing.

in your case dnsbl services.


so use tracepath dnsblservice


when stating it works with sme 9 with same connection. is it really same connection? same place in the network? no interface ? very same hardware?

we are not able to reproduce, so despite our effort to get information about the server,  there must be an extra thing we are not aware of.

have you the issue if you install a fresh sme10 without loading the backup?

I've checked the MTU as much as I can and set it to 1492 on both interfaces as I found I could not ping google.com with a packet size of 1500

I tried with a fresh install of 10 but got the same problem BUT I've installed from the same media onto a server only setup and it's working fine but not ideal.

The DNSBL service is DNS

[root@post ~]# nslookup 76.247.97.77.zen.spamhaus.org
Server:         172.24.24.213
Address:        172.24.24.213#53

Non-authoritative answer:
Name:   76.247.97.77.zen.spamhaus.org
Address: 127.0.0.10


The result is as expected.
127.0.0.10    PBL    ISP Maintained

where as is also a good result.
** server can't find 8.8.8.8.zen.spamhaus.org: NXDOMAIN

Is it possible that for some reason qpsmtpd is trying to use 127.0.0.1 as it's DNS server as that returns
nslookup
> server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> 76.247.97.77.zen.spamhaus.org
;; connection timed out; no servers could be reached
>

Thanks tim