Fresh install of perfect server via the auto-install script on Debian 11. Install options were --no-dns (i use an external server) but caching server is OK and words. Im seeing periodic log entries in syslog for: Code: Nov 3 00:16:19 linode named[504]: connection refused resolving 'randomcode.dwl.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 00:16:28 linode named[504]: connection refused resolving '_.127.list.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 00:16:28 linode named[504]: connection refused resolving '1.0.0.127.list.dnswl.org/A/IN': 127.0.0.255#53 The DNS server itself is active and works on 127.0.0.1 for normal queries. Are these entries anything to be concerned about functionality wise or can they be fixed so the problem goes away?
You use this server for E-Mail functionality right? dnswl.org is a E-Mail reputation service. rspamd for example uses the services to check the reputation of a sender. However it seem like some of DNS queries for the service fail, i wouldn't worry too much if this only happens once in a while.
Yep its used for email and web hosting, the only bit its not being used for is DNS (thats upstream by the VPS provider). Its happening every few minutes reliably not occasionally - in other words it seems to be a call made on a schedule that never goes through.
The rbls are configured in /etc/rspamd/modules.d/rbl.conf. The dnswl should be configured in there somewhere. Can you run a dig from the server and see what the answer is? Code: dig list.dnswl.org dig dwl.dnswl.org Do you use linodes nameservers?
Code: ; <<>> DiG 9.16.33-Debian <<>> list.dnswl.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58997 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;list.dnswl.org. IN A ;; AUTHORITY SECTION: list.dnswl.org. 3553 IN SOA a.ns.dnswl.org. admins.dnswl.org. 1667485116 3600 300 432000 43200 ;; Query time: 23 msec ;; SERVER: 151.236.220.5#53(151.236.220.5) ;; WHEN: Thu Nov 03 15:04:18 UTC 2022 ;; MSG SIZE rcvd: 91 dig dwl.dnswl.org ; <<>> DiG 9.16.33-Debian <<>> dwl.dnswl.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30588 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dwl.dnswl.org. IN A ;; Query time: 0 msec ;; SERVER: 151.236.220.5#53(151.236.220.5) ;; WHEN: Thu Nov 03 15:04:24 UTC 2022 ;; MSG SIZE rcvd: 42 Yep, using Linodes servers both as my domain host DNS and as resolver. Using 127.0.0.1 as a test, it does full lookups on random domains but returns SERVFAIL for the dnswl.
Please check with: Code: dig -t txt amiblocked.dnswl.org this should return: Code: ;; ANSWER SECTION: amiblocked.dnswl.org. 86347 IN TXT "no" ;; Query time: 36 msec ;; SERVER: 10.0.1.1#53(10.0.1.1) If this says "yes", there is a big chance that the linode ns servers are blocked because too many users of linode try to check dnswl, see also: https://www.dnswl.org/?p=152
Its a no: Code: ;; ANSWER SECTION: amiblocked.dnswl.org. 300 IN TXT "no" ;; Query time: 167 msec ;; SERVER: 151.236.220.5#53(151.236.220.5) FWIW the errors appear every 5 mins or so in syslog Code: Nov 3 14:14:08 linode named[504]: connection refused resolving '1.0.0.127.list.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 14:14:17 linode named[504]: connection refused resolving 'jNffg.dwl.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 14:27:34 linode named[504]: connection refused resolving '_.127.list.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 14:27:34 linode named[504]: connection refused resolving '1.0.0.127.list.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 14:29:37 linode named[504]: connection refused resolving 'VrfffflLAozdX.dwl.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 14:39:45 linode named[504]: connection refused resolving '3ifffe7fa_qgyGGoG.dwl.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 14:41:20 linode named[504]: connection refused resolving '_.127.list.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 14:41:20 linode named[504]: connection refused resolving '1.0.0.127.list.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 14:50:41 linode named[504]: connection refused resolving '_.127.list.dnswl.org/A/IN': 127.0.0.255#53 Nov 3 14:50:41 linode named[504]: connection refused resolving '1.0.0.127.list.dnswl.org/A/IN': 127.0.0.255#53 (random chars changed just in case its important) To me this hints at something internal with my installation and config as opposed to an external linode server.
This is the way you check dnswl.org. If you want to check if the IP 1.2.3.4 is listed you query 4.3.2.1.list.dnswl.org. See: https://www.dnswl.org/?page_id=15 Here you find more information about the rspamd RBL module that gets used here: https://rspamd.com/doc/modules/rbl.html So if i query 1.0.0.127.list.dnswl.org from here i get: Code: # host 1.0.0.127.list.dnswl.org 1.0.0.127.list.dnswl.org has address 127.0.0.255 Host 1.0.0.127.list.dnswl.org not found: 5(REFUSED) Which means: If i do it from my mailserver: Code: # host 1.0.0.127.list.dnswl.org Host 1.0.0.127.list.dnswl.org not found: 3(NXDOMAIN) So it works as described.
OK so that does suggest it maybe working as advertised. I'll do more reading tonight to try to get my head around as to whether it is or isnt working as planned. Thanks. If there is an issue its more of an rspamd query now so i'll ask over in those groups as opposed to ispconfig then.
You can just check and do what i did. From your server's shell just type "host 1.0.0.127.list.dnswl.org" and see what it returns. If it returns Code: 1.0.0.127.list.dnswl.org has address 127.0.0.255 Host 1.0.0.127.list.dnswl.org not found: 5(REFUSED) you are exceeding 100.000 querys a day and dnswl is blocking you. If it returns not found NXDOMAIN your good and everything is working
Yep im seeing that with a manual lookup. As its a clean install im not keep on suspected errors in the log files that i don't understand the cause of thats all.
