Reverse DNS question
web at 3dresearch.com
Tue Feb 18 23:26:43 UTC 2014
Could you please explain this odd behavior:
My Postfix logs show entries like this:
Feb 18 08:35:13 barrida postfix/smtpd: connect from unknown[220.127.116.11]
Feb 18 08:35:13 barrida postfix/smtpd: connect from spam2.continental-realestate.com[18.104.22.168]
This host is a source of legitimate messages, and sends a number of
messages every day. However, it seems that more often than not, Postfix
is unable to resolve the name for 22.214.171.124. Postfix queries a
resolver (djbdns) which runs on the same machine.
I understand that DNS lookups can fail for reasons other than records
not existing. However, every time I check with host:
# host 126.96.36.199
188.8.131.52.in-addr.arpa domain name pointer mail1.continental-realestate.com.
184.108.40.206.in-addr.arpa domain name pointer mail.continental-realestate.com.
220.127.116.11.in-addr.arpa domain name pointer spam2.continental-realestate.com.
or with dig:
# dig -x 18.104.22.168
; <<>> DiG 9.9.3-P2 <<>> -x 22.214.171.124
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32993
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;126.96.36.199.in-addr.arpa. IN PTR
;; ANSWER SECTION:
188.8.131.52.in-addr.arpa. 38333 IN PTR mail1.continental-realestate.com.
184.108.40.206.in-addr.arpa. 38333 IN PTR mail.continental-realestate.com.
220.127.116.11.in-addr.arpa. 38333 IN PTR spam2.continental-realestate.com.
;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 18 17:41:23 EST 2014
;; MSG SIZE rcvd: 130
I get replies as expected.
Of all the hosts which send e-mail regularly, this is the only one with
such odd behavior.
So, my questions are:
1. Other than network congestion, what might cause this recurring name
2. If you look at the time stamps of the above 2 log entries: How is it
possible that precisely at the same time, name resolution BOTH does not
succeed AND does succeed? This "coinciding" time stamp isn't unique
either; I could show a number of other instances.
The system is FreeBSD 9.2-STABLE, postfix-2.10.2,1, djbdns-1.05.
More information about the freebsd-questions