You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2010/03/24 01:37:50 UTC

[Bug 6385] New: Instant failover from a dead DNS resolver

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6385

           Summary: Instant failover from a dead DNS resolver
           Product: Spamassassin
           Version: 3.3.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Libraries
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: Mark.Martinec@ijs.si


Having experienced a local DNS failure the other day, I find it unacceptable
that a failover to another DNS resolver can take up to 10 minutes, during
which hundreds of messages are processed without the benefit of network rules,
even though alternative DNS resolvers are available and recognized by a
periodic SA test of DNS servers.

Depending on basic (non-network) rules may have been acceptable in early
days of non-sophisticated spam techniques, but as the recent GA runs for
3.3.0 showed the quality of basic rules alone cannot cope with current spam,
the number of FPs and FNs is just too high to be acceptable.

Extending my work from Bug 6362 comment 21 (introducing a 'dns_server'
configuration directive), attached here is a patch to let DNS resolving
failover to another available name server right away, immediately on
noticing a server down condition (packet rejection, network down, ...).
During a failover one DNS query may be lost (because a returned ICMP
arrives with some delay after sending out an UDP DNS packet), but right
after that the list of available DNS resolvers is rotated and a query
is sent to the next resolver. The good server stays as a first element
of a list, so it sticks as the server in use for the lifetime of a
SA child process. This comes practically at no additional cost, just by
acting on a returned status/result.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6385] Instant failover from a dead DNS resolver

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6385

Mark Martinec <Ma...@ijs.si> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #3 from Mark Martinec <Ma...@ijs.si> 2011-09-24 01:12:27 UTC ---
closing, fixed for 3.4.0

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6385] Instant failover from a dead DNS resolver

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6385

--- Comment #2 from Mark Martinec <Ma...@ijs.si> 2010-03-24 00:41:47 UTC ---
trunk:
  Bug 6385: Instant failover from a dead DNS resolver
Sending lib/Mail/SpamAssassin/Dns.pm
Sending lib/Mail/SpamAssassin/DnsResolver.pm
Committed revision 926883.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6385] Instant failover from a dead DNS resolver

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6385

--- Comment #1 from Mark Martinec <Ma...@ijs.si> 2010-03-24 00:39:01 UTC ---
Created an attachment (id=4717)
 --> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4717)
implements immediate failover from a dead DNS resolver

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6385] Instant failover from a dead DNS resolver

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6385

Mark Martinec <Ma...@ijs.si> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|Undefined                   |3.4.0

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.