You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2019/07/19 16:02:28 UTC
[Bug 7739] New: ns-kam.surriel.com returning NXDOMAIN for valid
names
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7739
Bug ID: 7739
Summary: ns-kam.surriel.com returning NXDOMAIN for valid names
Product: Spamassassin
Version: 3.4.0
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: brian@interlinx.bc.ca
Target Milestone: Undefined
From a spamd -d debug:
Fri Jul 19 10:27:35 2019 [3297] dbg: dns: dns reply to
16535/IN/A/224.32.166.188.psbl.surriel.com: NXDOMAIN
The DNS query and answer for it:
Frame 174325: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on
interface 3
Ethernet II, Src: AsustekC_c4:92:6a (00:1f:c6:c4:92:6a), Dst: Netgear_f5:1e:4a
(6c:b0:ce:f5:1e:4a)
Internet Protocol Version 4, Src: server.example.com (10.75.22.247), Dst:
ns-kam.surriel.com (38.124.232.21)
User Datagram Protocol, Src Port: 63212 (63212), Dst Port: domain (53)
Domain Name System (query)
Transaction ID: 0x14ff
Flags: 0x0010 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data: Acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
224.32.166.188.psbl.surriel.com: type A, class IN
Name: 224.32.166.188.psbl.surriel.com
[Name Length: 31]
[Label Count: 7]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Response In: 174337]
Frame 174337: 140 bytes on wire (1120 bits), 140 bytes captured (1120 bits) on
interface 3
Ethernet II, Src: Netgear_f5:1e:4a (6c:b0:ce:f5:1e:4a), Dst: AsustekC_c4:92:6a
(00:1f:c6:c4:92:6a)
Internet Protocol Version 4, Src: ns-kam.surriel.com (38.124.232.21), Dst:
server.example.com (10.75.22.247)
User Datagram Protocol, Src Port: domain (53), Dst Port: 63212 (63212)
Domain Name System (response)
Transaction ID: 0x14ff
Flags: 0x8403 Standard query response, No such name
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0011 = Reply code: No such name (3)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 0
Queries
224.32.166.188.psbl.surriel.com: type A, class IN
Name: 224.32.166.188.psbl.surriel.com
[Name Length: 31]
[Label Count: 7]
Type: A (Host Address) (1)
Class: IN (0x0001)
Authoritative nameservers
psbl.surriel.com: type SOA, class IN, mname rbldnsd.surriel.com
Name: psbl.surriel.com
Type: SOA (Start Of a zone of Authority) (6)
Class: IN (0x0001)
Time to live: 600
Data length: 37
Primary name server: rbldnsd.surriel.com
Responsible authority's mailbox: root.rbldnsd.surriel.com
Serial Number: 1563546242
Refresh Interval: 600 (10 minutes)
Retry Interval: 600 (10 minutes)
Expire limit: 86400 (1 day)
Minimum TTL: 600 (10 minutes)
[Request In: 174325]
[Time: 0.038576000 seconds]
A few minutes later from a spamassassin CLI examination for the same spam:
Frame 229796: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on
interface 3
Ethernet II, Src: AsustekC_c4:92:6a (00:1f:c6:c4:92:6a), Dst: Netgear_f5:1e:4a
(6c:b0:ce:f5:1e:4a)
Internet Protocol Version 4, Src: server.example.com (10.75.22.247), Dst:
psbl.org (96.67.55.151)
User Datagram Protocol, Src Port: 29685 (29685), Dst Port: domain (53)
Domain Name System (query)
Transaction ID: 0x9238
Flags: 0x0010 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data: Acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
224.32.166.188.psbl.surriel.com: type A, class IN
Name: 224.32.166.188.psbl.surriel.com
[Name Length: 31]
[Label Count: 7]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Response In: 229869]
Frame 229869: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits) on
interface 3
Ethernet II, Src: Netgear_f5:1e:4a (6c:b0:ce:f5:1e:4a), Dst: AsustekC_c4:92:6a
(00:1f:c6:c4:92:6a)
Internet Protocol Version 4, Src: psbl.org (96.67.55.151), Dst:
server.example.com (10.75.22.247)
User Datagram Protocol, Src Port: domain (53), Dst Port: 29685 (29685)
Domain Name System (response)
Transaction ID: 0x9238
Flags: 0x8400 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion
was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 2
Additional RRs: 0
Queries
224.32.166.188.psbl.surriel.com: type A, class IN
Name: 224.32.166.188.psbl.surriel.com
[Name Length: 31]
[Label Count: 7]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
224.32.166.188.psbl.surriel.com: type A, class IN, addr 127.0.0.2
Name: 224.32.166.188.psbl.surriel.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 2100
Data length: 4
Address: 224.32.166.188.psbl.surriel.com (127.0.0.2)
Authoritative nameservers
psbl.surriel.com: type NS, class IN, ns ns-kam.surriel.com
Name: psbl.surriel.com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 86400
Data length: 9
Name Server: ns-kam.surriel.com
psbl.surriel.com: type NS, class IN, ns rbldnsd.surriel.com
Name: psbl.surriel.com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 86400
Data length: 10
Name Server: rbldnsd.surriel.com
[Request In: 229796]
[Time: 0.066822000 seconds]
Why the difference/discrepancy?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7739] ns-kam.surriel.com returning NXDOMAIN for valid names
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7739
Bill Cole <bi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
CC| |billcole@apache.org
--- Comment #1 from Bill Cole <bi...@apache.org> ---
This is not a SpamAssassin bug.
Contact the operators of the PSBL service and its nameservers if they are
answering inconsistently.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7739] ns-kam.surriel.com returning NXDOMAIN for valid names
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7739
--- Comment #5 from Kevin A. McGrail <km...@apache.org> ---
Looks like simplistic DNS based record:
dig -t ns psbl.surriel.com
;; QUESTION SECTION:
;psbl.surriel.com. IN NS
;; ANSWER SECTION:
psbl.surriel.com. 2867 IN NS ns-kam.surriel.com.
psbl.surriel.com. 2867 IN NS rbldnsd.surriel.com.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7739] ns-kam.surriel.com returning NXDOMAIN for valid names
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7739
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@apache.org
--- Comment #3 from Kevin A. McGrail <km...@apache.org> ---
For the record, ns-kam.surriel.com is my mirror. We serve the zone as
delivered to us.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7739] ns-kam.surriel.com returning NXDOMAIN for valid names
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7739
--- Comment #6 from Bill Cole <bi...@apache.org> ---
(In reply to Brian J. Murrell from comment #4)
> Given:
>
> /var/lib/spamassassin/3.004000/updates_spamassassin_org/72_active.cf:header
> RCVD_IN_PSBL eval:check_rbl('psbl-lastexternal', 'psbl.surriel.com.')
>
> and:
>
> # host psbl.surriel.com.
> psbl.surriel.com has address 96.67.55.151
>
> Is some kind of load-balancing going on with psbl.surriel.com.?
The A record (the default type queried by 'host') of a zone's name is entirely
irrelevant to how other names are resolved under that zone.
As Kevin has noted, the name servers for a zone (e.g. psbl.surriel.com) are
published as NS records. Due to the way zone data is updated and distributed,
it is always possible for there to be brief inconsistencies between different
name servers and this is particularly common with DNSBLs, which have relatively
short time-to-live values on individual records and on whole zones.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7739] ns-kam.surriel.com returning NXDOMAIN for valid names
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7739
--- Comment #2 from Bill Cole <bi...@apache.org> ---
Slightly longer answer:
PSBL appears to update its SOA serial number every 5 minutes, while the zone is
deemed valid for 10min and each record for 35min. In the 1st query you showed,
the timestamp was 3min after the time implied by the SOA serial, when talking
to a secondary server. it is certain that the zone was updated less than "a few
minutes later" when you asked the master server.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7739] ns-kam.surriel.com returning NXDOMAIN for valid names
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7739
Brian J. Murrell <br...@interlinx.bc.ca> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |brian@interlinx.bc.ca
--- Comment #4 from Brian J. Murrell <br...@interlinx.bc.ca> ---
Given:
/var/lib/spamassassin/3.004000/updates_spamassassin_org/72_active.cf:header
RCVD_IN_PSBL eval:check_rbl('psbl-lastexternal', 'psbl.surriel.com.')
and:
# host psbl.surriel.com.
psbl.surriel.com has address 96.67.55.151
Is some kind of load-balancing going on with psbl.surriel.com.?
--
You are receiving this mail because:
You are the assignee for the bug.