Reverse DNS question

Kevin Phair phair.kevin at gmail.com
Tue Feb 18 23:36:55 UTC 2014


mail1.continental-realestate.com doesn't appear to resolve.  Is it 
possible that postfix reports 'unknown' whenever thats the name it gets 
in the reverse lookup?


On 2/18/14, 6:06 PM, Janos Dohanics wrote:
> Hello List,
>
> Could you please explain this odd behavior:
>
> My Postfix logs show entries like this:
>
> Feb 18 08:35:13 barrida postfix/smtpd[86649]: connect from unknown[207.238.171.17]
> Feb 18 08:35:13 barrida postfix/smtpd[86705]: connect from spam2.continental-realestate.com[207.238.171.17]
>
> This host is a source of legitimate messages, and sends a number of
> messages every day. However, it seems that more often than not, Postfix
> is unable to resolve the name for 207.238.171.17. Postfix queries a
> resolver (djbdns) which runs on the same machine.
>
> I understand that DNS lookups can fail for reasons other than records
> not existing. However, every time I check with host:
>
> # host 207.238.171.17
> 17.171.238.207.in-addr.arpa domain name pointer mail1.continental-realestate.com.
> 17.171.238.207.in-addr.arpa domain name pointer mail.continental-realestate.com.
> 17.171.238.207.in-addr.arpa domain name pointer spam2.continental-realestate.com.
>
> or with dig:
>
> # dig -x 207.238.171.17
>
> ; <<>> DiG 9.9.3-P2 <<>> -x 207.238.171.17
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32993
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;17.171.238.207.in-addr.arpa.	IN	PTR
>
> ;; ANSWER SECTION:
> 17.171.238.207.in-addr.arpa. 38333 IN	PTR	mail1.continental-realestate.com.
> 17.171.238.207.in-addr.arpa. 38333 IN	PTR	mail.continental-realestate.com.
> 17.171.238.207.in-addr.arpa. 38333 IN	PTR	spam2.continental-realestate.com.
>
> ;; Query time: 5 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Tue Feb 18 17:41:23 EST 2014
> ;; MSG SIZE  rcvd: 130
>
> I get replies as expected.
>
> Of all the hosts which send e-mail regularly, this is the only one with
> such odd behavior.
>
> So, my questions are:
>
> 1. Other than network congestion, what might cause this recurring name
> resolution failure?
>
> 2. If you look at the time stamps of the above 2 log entries: How is it
> possible that precisely at the same time, name resolution BOTH does not
> succeed AND does succeed? This "coinciding" time stamp isn't unique
> either; I could show a number of other instances.
>
> The system is FreeBSD 9.2-STABLE, postfix-2.10.2,1, djbdns-1.05.
>



More information about the freebsd-questions mailing list