How to prevent DNS lookups when service already disabled DNS lookups?

domain-name-system postfix rhel5 reverse-dns
10,112

Solution 1

I can only speak for Postfix.

disable_dns_lookups=yes delegates the lookup to the getaddrinfo() system function. And that itself uses the DNS system to retrieve the information: http://en.wikipedia.org/wiki/Getaddrinfo

So Postfix even then uses DNS nameservers if you configured your Linux/UNIX system with /etc/resolv.conf and /etc/nsswitch.conf to do so.

A mail server without DNS is quite useless as you lose the ability to do reverse lookups, RBL lookups, domain verification and many other anti-spam mechanisms.

The solution is to repair your DNS setup to be able to resolve any public Internet domain/IP in addition to your local hosts.

Solution 2

Sometimes there is multicast dns listener installed, on ubuntu remove the libnss-mdns package. The system function will use it as well and can create delays for non-resolving addresses.

Share:
10,112

Related videos on Youtube

Nick V
Author by

Nick V

Updated on September 18, 2022

Comments

  • Nick V
    Nick V almost 2 years

    My enterprise recently deployed a DNS capability to all systems within the enterprise. Due to a fluke asynchronous routing error for some of our servers, we have discovered that even when a service disabled reverse DNS lookups (such as "disable_dns_lookups" in Postfix and "UseDNS no" in SSH), RHEL 5 still appears to perform some kind of lookup against a configured name server(s) in the servers own /etc/resolv.conf file.

    The configuration we were expecting was to allow the nameserver entries to remain within the /etc/resolv.conf file, but disabling DNS lookups could be disabled within the various services specifically.

    I know these entries are causing the issue; when the nameserver entries are removed from the /etc/resolv/conf file the system responds to SMTP and SSH very quickly (sub-second). When the nameservers are enabled, there are definite 10-second delays. I would expect that by disabling DNS lookups within the service to address this.

    Here is one example of the behavior I am seeing: Using SSH with no nameserver entries:

    1. SSH into a server in the enterprise.
    2. SSH to a server where DNS queries are slow.
    3. Provide password when prompted.
    4. Server responds instantly with a shell prompt.

    Using SSH with nameserver entries:

    1. SSH into a server in the enterprise.
    2. SSH to a server where DNS queries are slow.
    3. Provide password when prompted.
    4. Wait 10 seconds with no response from server.
    5. Shell prompt displays.

    Another test using SMTP, when I use TELNET to access the server's SMTP interface under PostFix, after specifying a valid value for the "RCPT TO" field, the interface pauses for 10 seconds before returning the cursor so the protocol can continue, but it responds instantly when the same nameserver entries are commented out.

    Is there somewhere else in the configuration files, perhaps at the networking or kernel level, where this can be affected? Could having IPV6 enabled be causing this issue?

    I recognize that this is a broad question when asked, as I cannot provide too many details regarding my environment, and there are quite a few configuration parameters within a Linux server itself. If anyone has encountered a similar issue, any assistance or direction for troubleshooting this would be appreciated.

  • Nick V
    Nick V almost 12 years
    I was afraid the queries were still being sent for some type of DNS resolution. Since it occurred in more than one service, and it was directly impacted by the removal of the "nameserver" from the /etc/resolv.conf file. I could not find anything within the Postfix doco that would have explained it. As for a mail server without DNS, I agree entirely, but this mail server does not require DNS, as none of the other systems it interfaces with are listed within other DNS systems, and would not gain from all of the above-mentioned features.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

setting correct PTR record for domain and postfix email server
What's wrong with my reverse lookup zone?
Multi-IP address zimbra server DNS PTR records and spam
Connection Timed Out - Simple outbound Postfix for PHP Contact form
domain/IN: has no NS records
Postfix/smtpd: Client host rejected: cannot find your hostname
CentOS Cannot resolve any hostnames
How to use the hosts file to make google.com resolve to bing.com on a single machine
No PTR record according to gmail
POSTFIX: Sender address rejected: Domain not found (in reply to MAIL FROM command)