You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Pawel Sasin <ps...@wp-sa.pl> on 2007/08/10 14:49:15 UTC
Dns Resolver problem
Hi,
I have 2 separate local mirrors of some public RBLs - to spread the load
and to be sure that my SA has constant access to the data; even when one
of my DNS server goes down. All my MTAs had the same /etc/resolv.conf:
nameserver ip1
nameserver ip2
option rotate
One DNS server was queried, while the second one was idle. I changed
resolv.conf on half of my MTAs (switched order of first two lines in
resolv.conf), so the load was spread over both of my DNS servers, and
everything was ok until I had to restart one of the DNS servers... As a
result half of my incoming mail traffic was not checked against
RBLs/URIBLs for some period. AFAIK there is no config option where I
could set DNS server addresses (except a single request in bug #3500).
A quick look at DnsResolver.pm gave me an answer to what is going on:
188: my $ns = $self->{res}->{nameservers}[0];
I want to be able to make SA rotate DNS servers. SA even now probes my
DNS for availability every now and then, so it could react to server
failrues, ie change active DNS server. It could even query another
server when the active one timed out while answering a (single/several)
requests. How do I do that?
--
Pawel Sasin
WIRTUALNA POLSKA SA, ul. Traugutta 115c, 80-226 Gdansk; NIP: 957-07-51-216;
Sad Rejonowy Gdansk-Polnoc KRS 0000068548, kapital zakladowy 62.880.024 zlotych (w calosci wplacony)
Re: Dns Resolver problem
Posted by Pawel Sasin <ps...@wp-sa.pl>.
Hi,
> I want to be able to make SA rotate DNS servers. SA even now probes my
> DNS for availability every now and then, so it could react to server
> failrues, ie change active DNS server. It could even query another
> server when the active one timed out while answering a
> (single/several) requests. How do I do that?
The attached patch allows SA (patch built against 3.2.1) do what I have
requested for (well, more or less). It makes SA shuffle all available
DNS servers every 'dns_test_interval' seconds, effectively spreading the
load over all currently available DNS servers when there are many spamd
workers. It re-tests all servers (eg. from /etc/resolv.conf) every time.
--
Pawel Sasin
WIRTUALNA POLSKA SA, ul. Traugutta 115c, 80-226 Gdansk; NIP: 957-07-51-216;
Sad Rejonowy Gdansk-Polnoc KRS 0000068548, kapital zakladowy 62.880.024 zlotych (w calosci wplacony)
Re: Dns Resolver problem
Posted by Pawel Sasin <ha...@wp-sa.pl>.
> > I want to be able to make SA rotate DNS servers.
>
> Apparently that is a limitation of Net::DNS. There was some
> discussion of it on-list a few weeks back; I don't clearly remember the details.
>
> You might want check the current status of Net::DNS w/r/t fallback,
> rotation, etc., and work with the developers of that package, rather
> than talking about it here...
Isn't SA using its own resolver class (DnsResolver) for performing background queries? DnsReslover seems to work like this:
- create a Net::DNS::Reslover instance
- get the Net::DNS::Reslover nameserver list
- use the first entry in the above list, create a socket to the nameserver
- craft some Net::DNS::Packets and flush them through the socket to the nameserver
- from time to time poll_responses() on the socket, and when sth comes in use the Net::DNS::Resolver bgread() to get the response packet
- trigger a callback function for associated query
If this is true then I think I've asked the right people for help. Correct me if I'm wrong.
--
Pawel Sasin
WIRTUALNA POLSKA SA, ul. Traugutta 115c, 80-226 Gdansk; NIP: 957-07-51-216;
Sad Rejonowy Gdansk-Polnoc KRS 0000068548, kapital zakladowy 62.880.024 zlotych (w calosci wplacony)
Re: Dns Resolver problem
Posted by Pawel Sasin <ha...@wp-sa.pl>.
> > I want to be able to make SA rotate DNS servers.
>
> Apparently that is a limitation of Net::DNS. There was some
> discussion of it on-list a few weeks back; I don't clearly remember the details.
>
> You might want check the current status of Net::DNS w/r/t fallback,
> rotation, etc., and work with the developers of that package, rather
> than talking about it here...
Isn't SA using its own resolver class (DnsResolver) for performing background queries? DnsReslover seems to work like this:
- create a Net::DNS::Reslover instance
- get the Net::DNS::Reslover nameserver list
- use the first entry in the above list, create a socket to the nameserver
- craft some Net::DNS::Packets and flush them through the socket to the nameserver
- from time to time poll_responses() on the socket, and when sth comes in use the Net::DNS::Resolver bgread() to get the response packet
- trigger a callback function for associated query
If this is true then I think I've asked the right people for help. Correct me if I'm wrong.
--
Pawel Sasin
WIRTUALNA POLSKA SA, ul. Traugutta 115c, 80-226 Gdansk; NIP: 957-07-51-216;
Sad Rejonowy Gdansk-Polnoc KRS 0000068548, kapital zakladowy 62.880.024 zlotych (w calosci wplacony)
Re: Dns Resolver problem
Posted by "John D. Hardin" <jh...@impsec.org>.
On Fri, 10 Aug 2007, Pawel Sasin wrote:
> I want to be able to make SA rotate DNS servers.
Apparently that is a limitation of Net::DNS. There was some discussion
of it on-list a few weeks back; I don't clearly remember the details.
You might want check the current status of Net::DNS w/r/t fallback,
rotation, etc., and work with the developers of that package, rather
than talking about it here...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
It's easy to be noble with other people's money.
-- John McKay, _The Welfare State:
No Mercy for the Middle Class_
-----------------------------------------------------------------------
4 days until The 62nd anniversary of the end of World War II