Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

dns query timed out while sa-update

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


ravikanth.patlo at gmail

Jan 22, 2009, 6:14 AM

Post #1 of 20 (1357 views)
Permalink
dns query timed out while sa-update
Hi,
I am using Spamassassin 3.2.5 on a Big Endian PowerPC system and when I run
sa-update I get the following message
dbg: dns: query failed: 5.2.3.updates.spamassassin.org => query timed out

On packet capture I can see the response for the DNS query.

I have tried using Net::DNS 0.64 as well as 0.59

I did the following steps
#spamd -d -c -m 10
# sa-update -D
[1237] dbg: logger: adding facilities: all
[1237] dbg: logger: logging level is DBG
[1237] dbg: generic: SpamAssassin version 3.2.5
[1237] dbg: config: score set 0 chosen.
[1237] dbg: dns: no ipv6
[1237] dbg: dns: is Net::DNS::Resolver available? yes
[1237] dbg: dns: Net::DNS version: 0.59
[1237] dbg: generic: sa-update version svn607589
[1237] dbg: generic: using update directory: /var/lib/spamassassin/3.002005
[1237] dbg: diag: perl platform: 5.008008 linux
[1237] dbg: diag: module installed: Digest::SHA1, version 2.11
[1237] dbg: diag: module installed: HTML::Parser, version 3.59
[1237] dbg: diag: module installed: Net::DNS, version 0.59
[1237] dbg: diag: module installed: MIME::Base64, version 3.07
[1237] dbg: diag: module installed: DB_File, version 1.817
[1237] dbg: diag: module installed: Net::SMTP, version 2.31
[1237] dbg: diag: module installed: Mail::SPF, version v2.006
[1237] dbg: diag: module installed: Mail::SPF::Query, version 1.999001
[1237] dbg: diag: module installed: IP::Country::Fast, version 604.001
[1237] dbg: diag: module installed: Razor2::Client::Agent, version 2.84
[1237] dbg: diag: module installed: Net::Ident, version 1.20
[1237] dbg: diag: module installed: IO::Socket::INET6, version 2.56
[1237] dbg: diag: module installed: IO::Socket::SSL, version 1.20
[1237] dbg: diag: module installed: Compress::Zlib, version 2.015
[1237] dbg: diag: module installed: Time::HiRes, version 1.86
[1237] dbg: diag: module installed: Mail::DomainKeys, version 1.0
[1237] dbg: diag: module installed: Mail::DKIM, version 0.32
[1237] dbg: diag: module installed: DBI, version 1.607
[1237] dbg: diag: module installed: Getopt::Long, version 2.35
[1237] dbg: diag: module installed: LWP::UserAgent, version 5.823
[1237] dbg: diag: module installed: HTTP::Date, version 5.810
[1237] dbg: diag: module installed: Archive::Tar, version 1.42
[1237] dbg: diag: module installed: IO::Zlib, version 1.09
[1237] dbg: diag: module installed: Encode::De[1237] dbg: util: current PATH
is: /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
[1237] dbg: util: executable for gpg was found at /usr/local/bin/gpg
[1237] dbg: gpg: found /usr/local/bin/gpg
[1237] dbg: gpg: release trusted key id list:
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
26C900A46DD40CD5AD24F6D7DEE01987265FA05B
0C2B1D7175B852C64B3CDC716C55397824F434CE
[1237] dbg: channel: attempting channel updates.spamassassin.org
[1237] dbg: channel: update directory
/var/lib/spamassassin/3.002005/updates_spamassassin_org
[1237] dbg: channel: channel cf file
/var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
[1237] dbg: channel: channel pre file
/var/lib/spamassassin/3.002005/updates_spamassassin_org.pre
;; query(5.2.3.updates.spamassassin.org, TXT)
[1237] dbg: dns: query failed: 5.2.3.updates.spamassassin.org => query timed
out
[1237] dbg: channel: no updates available, skipping channel
[1237] dbg: diag: updates complete, exiting with code 1

-sh-2.05b# ping www.google.com
PING www.l.google.com (74.125.95.147): 56 data bytes
64 bytes from 74.125.95.147: icmp_seq=0 ttl=244 time=304.598 ms
64 bytes from 74.125.95.147: icmp_seq=1 ttl=242 time=310.233 ms
64 bytes from 74.125.95.147: icmp_seq=2 ttl=244 time=302.633 ms
tect, version 1.01
[1237] dbg: gpg: Searching for 'gpg'

appreciate your quick help
-prkr
--
View this message in context: http://www.nabble.com/dns-query-timed-out-while-sa-update-tp21604925p21604925.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


Dan.McDonald at austinenergy

Jan 22, 2009, 8:06 AM

Post #2 of 20 (1326 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
On Thu, 2009-01-22 at 06:14 -0800, prkr wrote:
> Hi,

> /var/lib/spamassassin/3.002005/updates_spamassassin_org.pre
> ;; query(5.2.3.updates.spamassassin.org, TXT)
> [1237] dbg: dns: query failed: 5.2.3.updates.spamassassin.org => query timed
> out
> [1237] dbg: channel: no updates available, skipping channel
> [1237] dbg: diag: updates complete, exiting with code 1
>
> -sh-2.05b# ping www.google.com
> PING www.l.google.com (74.125.95.147): 56 data bytes
> 64 bytes from 74.125.95.147: icmp_seq=0 ttl=244 time=304.598 ms
> 64 bytes from 74.125.95.147: icmp_seq=1 ttl=242 time=310.233 ms
> 64 bytes from 74.125.95.147: icmp_seq=2 ttl=244 time=302.633 ms

Ok, but can you resolve DNS?
$ dig 5.2.3.updates.spamassassin.org txt


--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
Attachments: signature.asc (0.19 KB)


ravikanth.reddy at freescale

Jan 22, 2009, 9:11 PM

Post #3 of 20 (1347 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
Hello Dan,
Yes the DNS resolve is working I guess, here is output for dig

-sh-2.05b# dig 5.2.3.updates.spamassassin.org
<http://5.2.3.updates.spamassassin.org> txt
<<>> DiG 9.3.2 <<>> 5.2.3.updates.spamassassin.org
<http://5.2.3.updates.spamassassin.org> txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62356
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 6

;; QUESTION SECTION:
;5.2.3.updates.spamassassin.org
<http://5.2.3.updates.spamassassin.org>. IN TXT

;; ANSWER SECTION:
5.2.3.updates.spamassassin.org <http://5.2.3.updates.spamassassin.org>.
3175 IN TXT "730418"

;; AUTHORITY SECTION:
spamassassin.org <http://spamassassin.org>. 3175 IN
NS b.auth-ns.sonic.net <http://b.auth-ns.sonic.net>.
spamassassin.org <http://spamassassin.org>. 3175 IN
NS c.auth-ns.sonic.net <http://c.auth-ns.sonic.net>.
spamassassin.org <http://spamassassin.org>. 3175 IN
NS ns.hyperreal.org <http://ns.hyperreal.org>.
spamassassin.org <http://spamassassin.org>. 3175 IN
NS ns1.kluge.net <http://ns1.kluge.net>.
spamassassin.org <http://spamassassin.org>. 3175 IN
NS a.auth-ns.sonic.net <http://a.auth-ns.sonic.net>.

;; ADDITIONAL SECTION:
a.auth-ns.sonic.net <http://a.auth-ns.sonic.net>. 171168 IN
A 209.204.159.20
a.auth-ns.sonic.net <http://a.auth-ns.sonic.net>. 84767 IN
AAAA 2001:5a8:0:3::1
b.auth-ns.sonic.net <http://b.auth-ns.sonic.net>. 171184 IN
A 64.142.88.72
b.auth-ns.sonic.net <http://b.auth-ns.sonic.net>. 84805 IN
AAAA 2001:5a8:0:3::3
c.auth-ns.sonic.net <http://c.auth-ns.sonic.net>. 171166 IN
A 69.9.186.104
ns1.kluge.net <http://ns1.kluge.net>. 171384 IN A
67.91.233.27

;; Query time: 49 msec
;; SERVER: 202.56.240.5#53(202.56.240.5)
;; WHEN: Mon Apr 10 12:04:42 2000
;; MSG SIZE rcvd: 303


;; WHEN: Mon Apr 10 12:04:26 2000
;; MSG SIZE rcvd: 303

BTW should I have the /var/lib/spamassassin/3.002005/ directory
existing before running the sa-update. I dont have that directory while
I run sa-update

--prkr

McDonald, Dan wrote:
> On Thu, 2009-01-22 at 06:14 -0800, prkr wrote:
>
>> Hi,
>>
>
>
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.pre
>> ;; query(5.2.3.updates.spamassassin.org, TXT)
>> [1237] dbg: dns: query failed: 5.2.3.updates.spamassassin.org => query timed
>> out
>> [1237] dbg: channel: no updates available, skipping channel
>> [1237] dbg: diag: updates complete, exiting with code 1
>>
>> -sh-2.05b# ping www.google.com
>> PING www.l.google.com (74.125.95.147): 56 data bytes
>> 64 bytes from 74.125.95.147: icmp_seq=0 ttl=244 time=304.598 ms
>> 64 bytes from 74.125.95.147: icmp_seq=1 ttl=242 time=310.233 ms
>> 64 bytes from 74.125.95.147: icmp_seq=2 ttl=244 time=302.633 ms
>>
>
> Ok, but can you resolve DNS?
> $ dig 5.2.3.updates.spamassassin.org txt
>
>
>


miguel at almeida

Oct 14, 2009, 5:03 AM

Post #4 of 20 (1068 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
I have the same problem when I run the sa-update.
Has the original poster (or someone else) managed to make it work?


McDonald, Dan wrote:
>
> On Thu, 2009-01-22 at 06:14 -0800, prkr wrote:
>> Hi,
>
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.pre
>> ;; query(5.2.3.updates.spamassassin.org, TXT)
>> [1237] dbg: dns: query failed: 5.2.3.updates.spamassassin.org => query
>> timed
>> out
>> [1237] dbg: channel: no updates available, skipping channel
>> [1237] dbg: diag: updates complete, exiting with code 1
>>
>> -sh-2.05b# ping www.google.com
>> PING www.l.google.com (74.125.95.147): 56 data bytes
>> 64 bytes from 74.125.95.147: icmp_seq=0 ttl=244 time=304.598 ms
>> 64 bytes from 74.125.95.147: icmp_seq=1 ttl=242 time=310.233 ms
>> 64 bytes from 74.125.95.147: icmp_seq=2 ttl=244 time=302.633 ms
>
> Ok, but can you resolve DNS?
> $ dig 5.2.3.updates.spamassassin.org txt
>
>
> --
> Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
> Austin Energy
> http://www.austinenergy.com
>
>
>
>

--
View this message in context: http://www.nabble.com/dns-query-timed-out-while-sa-update-tp21604925p25889770.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


Dan.McDonald at austinenergy

Oct 14, 2009, 5:47 AM

Post #5 of 20 (1070 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
On Wed, 2009-10-14 at 05:03 -0700, wild_oscar wrote:
> I have the same problem when I run the sa-update.
> Has the original poster (or someone else) managed to make it work?

What do you get when you try
$ dig 5.2.3.updates.spamassassin.org txt

If that times out, then you have a dns problem of some sort, but the
output of that command will reveal much to assist in troubleshooting...



>
>
> McDonald, Dan wrote:
> >
> > On Thu, 2009-01-22 at 06:14 -0800, prkr wrote:
> >> Hi,
> >
> >> /var/lib/spamassassin/3.002005/updates_spamassassin_org.pre
> >> ;; query(5.2.3.updates.spamassassin.org, TXT)
> >> [1237] dbg: dns: query failed: 5.2.3.updates.spamassassin.org => query
> >> timed
> >> out
> >> [1237] dbg: channel: no updates available, skipping channel
> >> [1237] dbg: diag: updates complete, exiting with code 1
> >>
> >> -sh-2.05b# ping www.google.com
> >> PING www.l.google.com (74.125.95.147): 56 data bytes
> >> 64 bytes from 74.125.95.147: icmp_seq=0 ttl=244 time=304.598 ms
> >> 64 bytes from 74.125.95.147: icmp_seq=1 ttl=242 time=310.233 ms
> >> 64 bytes from 74.125.95.147: icmp_seq=2 ttl=244 time=302.633 ms
> >
> > Ok, but can you resolve DNS?
> > $ dig 5.2.3.updates.spamassassin.org txt

--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com
Attachments: signature.asc (0.19 KB)


miguel at almeida

Oct 14, 2009, 8:08 AM

Post #6 of 20 (1072 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
McDonald, Dan wrote:
>
> On Wed, 2009-10-14 at 05:03 -0700, wild_oscar wrote:
>> I have the same problem when I run the sa-update.
>> Has the original poster (or someone else) managed to make it work?
>
> What do you get when you try
> $ dig 5.2.3.updates.spamassassin.org txt
>
> If that times out, then you have a dns problem of some sort
>


Indeed, it times out - I had only digged the general
5.2.3.updates.spamassassin.org, not with txt.

I have changed the DNS servers on my router to http://www.opendns.com's
ones, but even though it seems to be correctly configured, I can't pass the
dig timeout. This happens only if I add "txt" to the dig command, without it
it works. Do you know why, how to solve it or perhaps just help me
understand why it fails only with txt ?


--
View this message in context: http://www.nabble.com/dns-query-timed-out-while-sa-update-tp21604925p25892947.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


terry at cnysupport

Oct 14, 2009, 8:15 AM

Post #7 of 20 (1068 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
wild_oscar wrote:
>
> McDonald, Dan wrote:
>
>> On Wed, 2009-10-14 at 05:03 -0700, wild_oscar wrote:
>>
>>> I have the same problem when I run the sa-update.
>>> Has the original poster (or someone else) managed to make it work?
>>>
>> What do you get when you try
>> $ dig 5.2.3.updates.spamassassin.org txt
>>
>> If that times out, then you have a dns problem of some sort
>>
>>
>
>
> Indeed, it times out - I had only digged the general
> 5.2.3.updates.spamassassin.org, not with txt.
>
> I have changed the DNS servers on my router to http://www.opendns.com's
> ones, but even though it seems to be correctly configured, I can't pass the
> dig timeout. This happens only if I add "txt" to the dig command, without it
> it works. Do you know why, how to solve it or perhaps just help me
> understand why it fails only with txt ?
>
Without going too far into tinfoil-hat mode, is it possible that your
ISP is intercepting your DNS requests to opendns?

Terry


miguel at almeida

Oct 14, 2009, 9:00 AM

Post #8 of 20 (1064 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
Terry Carmen wrote:
>
>
> Without going too far into tinfoil-hat mode, is it possible that your
> ISP is intercepting your DNS requests to opendns?
>
> Terry
>
>

I don't know...why does it only not work with "txt"? Bare in mind I added
the opendns DNS's exactly because my auto-assigned (probably ISP's) DNS
addresses were giving me the timeout.

--
View this message in context: http://www.nabble.com/dns-query-timed-out-while-sa-update-tp21604925p25893880.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


guenther at rudersport

Oct 14, 2009, 9:45 AM

Post #9 of 20 (1068 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
On Wed, 2009-10-14 at 09:00 -0700, an anonymous Nabble user wrote:
> I don't know...why does it only not work with "txt"? Bare in mind I added
> the opendns DNS's exactly because my auto-assigned (probably ISP's) DNS
> addresses were giving me the timeout.

So the DNS TXT query timed out before. Then you changed "your router's"
forwarding DNS, and it still times out. Don't point at others DNS, look
closer to your own environment.

The answer (especially the one opendns gives) should be short enough to
fit into the usual UDP packet, so we can rule out (firewall?) issues
with TCP port 53.

However, the single point of failure is your router -- assuming you
actually are using its DNS.

Did you ever try running a caching (non-forwarding) DNS on your SA box
and use that? If it works, your router is broken.


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}


terry at cnysupport

Oct 14, 2009, 10:44 AM

Post #10 of 20 (1062 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
Karsten Bräckelmann wrote:
> On Wed, 2009-10-14 at 09:00 -0700, an anonymous Nabble user wrote:
>
>> I don't know...why does it only not work with "txt"? Bare in mind I added
>> the opendns DNS's exactly because my auto-assigned (probably ISP's) DNS
>> addresses were giving me the timeout.
>>
>
> So the DNS TXT query timed out before. Then you changed "your router's"
> forwarding DNS, and it still times out. Don't point at others DNS, look
> closer to your own environment.
>
> The answer (especially the one opendns gives) should be short enough to
> fit into the usual UDP packet, so we can rule out (firewall?) issues
> with TCP port 53.
>
> However, the single point of failure is your router -- assuming you
> actually are using its DNS.
>
It's entirely possible his ISP is intercepting his DNS requests. This
has become all too common for all sorts of reasons.

Unfortunately, I don't know of any way to reliably detect it from the
client side.

Terry


guenther at rudersport

Oct 14, 2009, 10:51 AM

Post #11 of 20 (1065 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
On Wed, 2009-10-14 at 13:44 -0400, Terry Carmen wrote:
> Karsten Bräckelmann wrote:

> > However, the single point of failure is your router -- assuming you
> > actually are using its DNS.
>
> It's entirely possible his ISP is intercepting his DNS requests. This
> has become all too common for all sorts of reasons.
>
> Unfortunately, I don't know of any way to reliably detect it from the
> client side.

A good first attempt would be, to ask the opendns DNS servers directly,
getting rid of the router in the picture.

$ dig @208.67.222.222 5.2.3.updates.spamassassin.org txt


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}


jarif at iki

Oct 14, 2009, 10:57 AM

Post #12 of 20 (1063 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
14.10.2009 20:51, Karsten Bräckelmann kirjoitti:
> On Wed, 2009-10-14 at 13:44 -0400, Terry Carmen wrote:
>> Karsten Bräckelmann wrote:
>
>>> However, the single point of failure is your router -- assuming you
>>> actually are using its DNS.
>>
>> It's entirely possible his ISP is intercepting his DNS requests. This
>> has become all too common for all sorts of reasons.
>>
>> Unfortunately, I don't know of any way to reliably detect it from the
>> client side.
>
> A good first attempt would be, to ask the opendns DNS servers directly,
> getting rid of the router in the picture.
>
> $ dig @208.67.222.222 5.2.3.updates.spamassassin.org txt
>
>

If I'm not mistaken, it is always good to run a local nameserver when
using SpamAssassin anyway, and not use any router for that.

This is how I have it, I have a local bind, and OpenDNS as forwarders.

--
http://www.iki.fi/jarif/

Q: How many WASPs does it take to change a light bulb?
A: One.


jarif at iki

Oct 14, 2009, 11:12 AM

Post #13 of 20 (1062 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
14.10.2009 20:57, Jari Fredriksson kirjoitti:
>
>
> If I'm not mistaken, it is always good to run a local nameserver when
> using SpamAssassin anyway, and not use any router for that.
>
> This is how I have it, I have a local bind, and OpenDNS as forwarders.
>

And a special zone like this, as uribl.com apparently does not like
OpenDNS and blocks it.

zone "uribl.com" in {
# uribl blocks calls from OpenDNS
type forward;
forwarders {};
};



--
http://www.iki.fi/jarif/

Q: What's hard going in and soft and sticky coming out?
A: Chewing gum.


guenther at rudersport

Oct 14, 2009, 11:21 AM

Post #14 of 20 (1064 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
On Wed, 2009-10-14 at 20:57 +0300, Jari Fredriksson wrote:
> 14.10.2009 20:51, Karsten Bräckelmann kirjoitti:
> > On Wed, 2009-10-14 at 13:44 -0400, Terry Carmen wrote:

> > > It's entirely possible his ISP is intercepting his DNS requests. This
> > > has become all too common for all sorts of reasons.

> > A good first attempt would be, to ask the opendns DNS servers directly,
> > getting rid of the router in the picture.
> >
> > $ dig @208.67.222.222 5.2.3.updates.spamassassin.org txt
>
> If I'm not mistaken, it is always good to run a local nameserver when
> using SpamAssassin anyway, and not use any router for that.

I suggested a local caching nameserver before. This part aims at
tracking down the problem, and to see if the issue still persists when
circumventing the "router" -- whatever that is exactly.


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}


me at junc

Oct 14, 2009, 11:48 AM

Post #15 of 20 (1063 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
On Wed 14 Oct 2009 07:57:35 PM CEST, Jari Fredriksson wrote
> This is how I have it, I have a local bind, and OpenDNS as forwarders.

dont put all eggs in one basket :)

(remove opendns forwards in bind)

after i learned bind more i found that its stupid to add forwards to
all non known domains in the world

--
xpoint


me at junc

Oct 14, 2009, 11:52 AM

Post #16 of 20 (1063 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
On Wed 14 Oct 2009 08:12:24 PM CEST, Jari Fredriksson wrote

> zone "uribl.com" in {
> # uribl blocks calls from OpenDNS
> type forward;
> forwarders {};
> };

this one is silly :)

remove forwarders in options section in named.conf solves it better

let the hint zone do its work

--
xpoint


jarif at iki

Oct 14, 2009, 11:56 AM

Post #17 of 20 (1071 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
14.10.2009 21:48, Benny Pedersen kirjoitti:
> On Wed 14 Oct 2009 07:57:35 PM CEST, Jari Fredriksson wrote
>> This is how I have it, I have a local bind, and OpenDNS as forwarders.
>
> dont put all eggs in one basket :)
>
> (remove opendns forwards in bind)
>
> after i learned bind more i found that its stupid to add forwards to all
> non known domains in the world
>

OpenDNS does good things.

I have a acript that downloads stuff from internet with wget. I one day
happened to look at its log, and found odd redirects. I had a typo in
the script, having wwww.example.com instead of www. OpenDNS had
redirected my script to the correct file and everyting had worked ;D

In addition to that, I have a junior in this household, who sometimes
click bad things in internet. OpenDNS says they do filter. Granted,
Firefox filters too with some kind of "SafeBrowsing" service, but that
kid probably uses IE.

If some site causes problems with OpenDNS I can bypass that in bind
conf. So far I have been happy with it. And testing shows my bind
caches, no matter of OpenDNS.

--
http://www.iki.fi/jarif/

Q: What's hard going in and soft and sticky coming out?
A: Chewing gum.


uhlar at fantomas

Oct 14, 2009, 11:54 PM

Post #18 of 20 (1055 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
>> On Wed 14 Oct 2009 07:57:35 PM CEST, Jari Fredriksson wrote
>>> This is how I have it, I have a local bind, and OpenDNS as forwarders.

> 14.10.2009 21:48, Benny Pedersen kirjoitti:
>> dont put all eggs in one basket :)
>>
>> (remove opendns forwards in bind)
>>
>> after i learned bind more i found that its stupid to add forwards to all
>> non known domains in the world

On 14.10.09 21:56, Jari Fredriksson wrote:
> OpenDNS does good things.
>
> I have a acript that downloads stuff from internet with wget. I one day
> happened to look at its log, and found odd redirects. I had a typo in
> the script, having wwww.example.com instead of www. OpenDNS had
> redirected my script to the correct file and everyting had worked ;D

I definitely would not call that a "good thing". One day that might result
to "fixing" RBL checks with all kinds of strange behaviour.
It already results in invalid replies - instead of NXDOMAIN the server
returns special IP address, which means, the DNS server LIES.

> In addition to that, I have a junior in this household, who sometimes
> click bad things in internet. OpenDNS says they do filter. Granted,
> Firefox filters too with some kind of "SafeBrowsing" service, but that
> kid probably uses IE.

the DNS is very bad place for filtering this kind of stuff.
--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."


miguel at almeida

Oct 15, 2009, 6:59 AM

Post #19 of 20 (1047 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
Karsten Bräckelmann-2 wrote:
>
>
> A good first attempt would be, to ask the opendns DNS servers directly,
> getting rid of the router in the picture.
>
> $ dig @208.67.222.222 5.2.3.updates.spamassassin.org txt
>

Yes, that one I had already tried and works.

Also, using that opendns' server as nameserver in resolve.conf also solves
the issue.

I might leave it at that. The problem that I've been scratching my head
about is why does it work when using the nameserver directly but not when
using the router's IP address, which is forwarding to the same address.
It might be a problem with the router, although it is a brand new d-link
dva-g3170i.

--
View this message in context: http://www.nabble.com/dns-query-timed-out-while-sa-update-tp21604925p25909141.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


matthias at leisi

Oct 15, 2009, 2:05 PM

Post #20 of 20 (1047 views)
Permalink
Re: dns query timed out while sa-update [In reply to]
wild_oscar schrieb:

> I might leave it at that. The problem that I've been scratching my head
> about is why does it work when using the nameserver directly but not when
> using the router's IP address, which is forwarding to the same address.
> It might be a problem with the router, although it is a brand new d-link
> dva-g3170i.

Cheap consumer-level routers tend to do funny things. Drop connections,
unable to establish new connections, malformed/missing DNS responses...

It is usually helpful to actually use dig for diagnosis of DNS issues,
and pay attention to which DNS server is actually delivering results to
your resolver.

-- Matthias

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.