On Wednesday, January 5, 2005, 8:50:07 PM, Matt (hotmail) wrote:
It could have been a smaller time period (it was last week sometime), I didn't notice it till I started getting complaints about spam. when I dug into it everything looked like it should have been caught but the uribl rules weren't firing in SA. manual dig's showed 10+ second delays (I asked several NS's directly) and spamassassin was giving up after 2 seconds (or whatever the default is I forget). I upped the timeout in SA to 10 seconds at the sacrifice of mail throughput and the rules started firing again. the server has bind running locally and I wasn't having problems resolving anything else. I chalked it up to spammers DDossing the surbl.org zones because it was such an effective measure. decided it was too valuable to not have and opted to run the zone's locally. before I got the rsync approval things seemed to have settled down and my query times were back to normal but I had already setup rbldnsd so I opted to run the zones anyway along with some standard rbl zones that I use.
Hmm, if anyone spots problems with name resolution I hope they'll let us know. We didn't have any other reports of solow resolution and several of the people hosting DNS keep an eye on the traffic, as I do. I haven't noticed any attacks on the servers I have stats for.
Note that the SURBL name server stauts page uses a timeout of 10 seconds:
http://www.surbl.org/nameservers-output.html
but every check I've done of the name servers has typically had responses within the ten to say 300 millisecond range. So if you saw 10 second delays it would be useful to know where they came from.
Can you try some of your manual lookups using the SURBL public name servers and let us know what results you get?
Jeff C. -- "If it appears in hams, then don't list it."