Ipswitch Forums / Messaging / IMail Server / 2003 black-list DNS lookup / Latest Posts

RE: 2003 black-list DNS lookup

2hampton — Fri, 23 Jul 2004 06:35:27 GMT

Could I use an IP address as opposed to "domain Name" to aid in the DNS resolution?

RE: 2003 black-list DNS lookup

R. Scott Perry — Wed, 21 Jul 2004 08:40:25 GMT

That is normal. The zone used by a blacklist is rarely linked to a live host. You can instead use "ping 2.0.0.127.zone.example.com" (2.0.0.127.blackholes.five-ten-sg.com in your case).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

RE: 2003 black-list DNS lookup

2hampton — Tue, 20 Jul 2004 06:32:48 GMT

Another question John, why can't I ping "blackholes.five-ten-sg.com" it always comes up with "could not find host"? If I can't ping it how will DNS resolve it or query it?

RE: 2003 black-list DNS lookup

2hampton — Mon, 19 Jul 2004 20:33:54 GMT

No go on the DNS reboot, still generating the "Failed to connect to service". I do see however as I look through the log a handful of actual connections made...

I read through the KB articles but I didn't see any that I could apply heck most of those for a 2000 server, MS appears to have thrown the "book" at Kami. I wish Kami would have elaborated a bit more as to what he changed?

John, for my own information does the Length in this data captured represent the size of the packet in question? "IP: Protocol = UDP - User Datagram; Packet ID = 50691; Total IP Length = 130; Options = No Options"

RE: 2003 black-list DNS lookup

John T — Mon, 19 Jul 2004 20:07:58 GMT

That I can not answer. Even though I originally identified this problem last year, I have not yet reviewed all the fixes others have found, and therefore can not comment on that.

I will say for the sake of argument, please go through all the various KB that I believe Kami or some one else posted.

RE: 2003 black-list DNS lookup

2hampton — Mon, 19 Jul 2004 19:41:42 GMT

I believe the server has been rebooted since the registry change but none the less I will restart the DNS service.

I'm a bit confused as to why this change will make a difference considering the packet sizes that we are looking at is considerable less than 512 and the EDNS issue only addresses an issue if it's larger than the 512?

RE: 2003 black-list DNS lookup

John T — Mon, 19 Jul 2004 19:11:02 GMT

Restarting Imail services has nothing to do with the registry change made to the MS DNS service. You need to restart the DNS service, but better would be to restart the server in entirety.

RE: 2003 black-list DNS lookup

2hampton — Mon, 19 Jul 2004 16:52:16 GMT

"Did you restart the server after making the registry change?"

Yes, both SMTP and the Quemanager

RE: 2003 black-list DNS lookup

John T — Mon, 19 Jul 2004 10:39:08 GMT

Well, the fact that turning off the Imail Anit-Spam DNS tests proves it is the problem being discussed. Did you restart the server after making the registry change?

My bad on the UDP packet size.

RE: 2003 black-list DNS lookup

2hampton — Mon, 19 Jul 2004 10:29:56 GMT

"What happens if you turn off all DNS based Imail Anti-Spam features?"

Well I don't see any DNS failures trying to connect to the Spam databases but I'm also guessing that I don't get the benefit of using the Spam databases. By just removing all the databases I'm able to use some of the Anti-spam features but the Databases in my opinion are huge.

"You said you have your firewall set to 64K size on UDP packets. That is allfull small."

That was 64KB.

RE: 2003 black-list DNS lookup

John T — Mon, 19 Jul 2004 10:22:29 GMT

What happens if you turn off all DNS based Imail Anti-Spam features?

You said you have your firewall set to 64K size on UDP packets. That is allfull small.

RE: 2003 black-list DNS lookup

2hampton — Mon, 19 Jul 2004 09:01:08 GMT

I'm saying that "no spam database DNS lookups are working (but MX record lookups are OK)". This server also runs DNS and all other query's/lookups are working fine.

"anti-spam software not using the correct DNS server"

I'm using Imails antispam, now I will say that when I looked in the log after "stopping" and "starting" the SMTP server and the que manager that there is an entry that identify's an email that was being delivered as spam. It did this only once but with 3 different spam databases.

RE: 2003 black-list DNS lookup

R. Scott Perry — Mon, 19 Jul 2004 08:22:05 GMT

Are you saying that *no* DNS lookups are working, that *some* DNS lookups are working, no spam database DNS lookups are working (but MX record lookups are OK), etc.?

If no DNS lookups are working, EDNS isn't the issue. That only applies in cases where DNS packet sizes are >512 bytes, which is *very* rare (probably non-existent in the spam database world).

Perhaps it is something as simple as the anti-spam software not using the correct DNS server?
-Scott

P.S. The IMail Forum will normally provide faster and more thorough answers.

---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

2003 black-list DNS lookup

2hampton — Sun, 18 Jul 2004 16:53:03 GMT

This topic has been addressed in the I-mail forum but is still unresolved for me. (http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg88056.html ). I also should tell you that this is a bit out of my league as far as determinig UDP packet sizes, etc. but I think I'm on the track.

My understanding from what I've read is that this problem is with EDNS and running a Windows 2003 server (http://www.microsoft.com/resources/documentation/WindowsServ/2003/datacenter/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/datacenter/proddocs/en-us/sag_DNS_imp_EDNSsupport.asp). I've curently turned off EDNS (dnscmd Server Name/Config /EnableEDnsProbes 0)and still am having the same issues.

If EDNS (UDP packets larger than 512 bytes) were the issue then I assumed I would see packets larger than 512bytes so I captured some data and this is what I got.

....................

IP: Protocol = UDP - User Datagram; Packet ID = 50691; Total IP Length = 130; Options = No Options
IP: Version = IPv4; Header Length = 20
IP: Type of Service = Normal Service
IP: Total Length = 130 (0x82)
IP: Identification = 50691 (0xC603)
IP: Fragmentation Summary = 16384 (0x4000)
IP: Time to Live = 253 (0xFD)
IP: Protocol = UDP - User Datagram
IP: Checksum = 2766 (0xACE)
IP: Source Address = 192.107.41.34
IP: Destination Address = 192.168.2.99

UDP: Src Port: Domain Name Server (53); Dst Port: Unknown (1028); Length = 110 (0x6E)
UDP: Source Port = Domain Name Server
UDP: Destination Port = 0x0404
UDP: Total length = 110 (0x6E)
UDP: Total length = 110 (0x6E)

DNS: 0x3474:Std Qry Resp. Auth. NS is blackholes.five-ten-sg.com. of type SOA on class INET addr. : Name does not exist
DNS: Query Identifier = 13428 (0x3474)
DNS: DNS Flags = Response, OpCode - Std Qry, RD RA Bits Set, RCode - Name does not exist
DNS: Question Entry Count = 1 (0x1)
DNS: Answer Entry Count = 0 (0x0)
DNS: Name Server Count = 1 (0x1)
DNS: Additional Records Count = 0 (0x0)
DNS: Question Section: 74.110.253.64.blackholes.five-ten-sg.com. of type Req for all on class INET addr.
DNS: Authority Section: blackholes.five-ten-sg.com. of type SOA on class INET addr.

.....................

From what I can see this data is nowhere near 512 so what's going on? I'm running a software firewall and the maximum size packet allowed is 64KB so I'm pretty sure that's not the issue? my router is a Linksys but I've not been able to find out what it's capabilities are yet?

T.I.A

ampapa,