GWIA answers slow / disable reverse lookup

Hi,

here are more an on DNS-Service configured to the box where the GWIA is
running. If one of them is not reachable the gwia tooks 27 seconds to
send a 220 response.

But my clients are wait only for 5 seconds and after this they cut the
connection :-\

Is there a way to prohibid GWIA does a reverse lookup? (Hint: Even the
reverse lookup is not successful the GWIA will established the
connection. So why the reverse lookup is doing?

Bernd

Tags:

  • Hi Bernd,

    I think what you are looking for is: GW Admin Console | GWIA | SMTP/Mime tab | Security Settings | Reject if PTR record does not exist

    Having said the above, I would recommend investigating why your DNS is not responding in a timely manner.

    Cheers,
  • On 26.10.2018 16:17, nntp-user wrote:
    > Hi,
    >
    > here are more an on DNS-Service configured to the box where the GWIA is
    > running. If one of them is not reachable the gwia tooks 27 seconds to
    > send a 220 response.


    Well, yes and no. That happens only when both DNS servers are
    unreachable or the first one does not respond in a weird way, aka
    accepts the connection but then doesn't reply

    > But my clients are wait only for 5 seconds and after this they cut the
    > connection :-\


    Your clients are misconfigured. 5 seconds is unreasonably short.

    > Is there a way to prohibid GWIA does a reverse lookup?


    No.

    > (Hint: Even the
    > reverse lookup is not successful the GWIA will established the
    > connection. So why the reverse lookup is doing?


    For instance to write the hostname into the logs and headers. And many
    many other reasons.


    CU,
    --
    Massimo Rosen
    Micro Focus Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • On 26.10.2018 16:54, laurabuckley wrote:
    >
    > Hi Bernd,
    >
    > I think what you are looking for is: GW Admin Console | GWIA |
    > SMTP/Mime tab | Security Settings | Reject if PTR record does not exist


    That utilizes the reverse DNS lookup when it's enabled, but disabling it
    doesn't also disable the DNS lookup GWIA is doing. That cannot be disabled.

    > Having said the above, I would recommend investigating why your DNS is
    > not responding in a timely manner.


    Correct.

    CU,
    --
    Massimo Rosen
    Micro Focus Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Am 26.10.18 um 16:59 schrieb Massimo Rosen:
    > On 26.10.2018 16:17, nntp-user wrote:
    >> Hi,
    >>
    >> here are more an on DNS-Service configured to the box where the GWIA
    >> is running. If one of them is not reachable the gwia tooks 27 seconds
    >> to send a 220 response.

    >
    > Well, yes and no. That happens only when both DNS servers are
    > unreachable or the first one does not respond in a weird way, aka
    > accepts the connection but then doesn't reply

    This is the behavior I expect. So the absence of one DNS service should
    not be a problem.

    But as I worte I can do a name resolution at this host w/o problems at
    the cli. How does the GWIA takes the name resolution? Use it a own
    resolver? (maybe a old way since NetWare days ;-)


    >> But my clients are wait only for 5 seconds and after this they cut the
    >> connection :-\

    >
    > Your clients are misconfigured. 5 seconds is unreasonably short.

    Indeed! But the 'development' states that they could not configure the
    behavior of the (ORACLE) API :-\

    >
    >> Is there a way to prohibid GWIA does a reverse lookup?

    >
    > No.
    >
    >> (Hint: Even the reverse lookup is not successful the GWIA will
    >> established the connection. So why the reverse lookup is doing?

    >
    > For instance to write the hostname into the logs and headers. And many
    > many other reasons.

    Thx for this explanation!



  • Am 26.10.18 um 16:54 schrieb laurabuckley:
    (...)
    > Having said the above, I would recommend investigating why your DNS is
    > not responding in a timely manner.

    (...)

    Trying to do name resolution at the console of the host who is running
    the GWIA is always quick and correct. (Tested with nslookup and dig.)

    Bernd
  • Am 01.11.18 um 07:23 schrieb nntp-user:
    > Am 26.10.18 um 16:59 schrieb Massimo Rosen:
    >> On 26.10.2018 16:17, nntp-user wrote:
    >>> Hi,
    >>>
    >>> here are more an on DNS-Service configured to the box where the
    >>> GWIA is running. If one of them is not reachable the gwia tooks
    >>> 27 seconds to send a 220 response.

    >>
    >> Well, yes and no. That happens only when both DNS servers are
    >> unreachable or the first one does not respond in a weird way, aka
    >> accepts the connection but then doesn't reply

    > This is the behavior I expect. So the absence of one DNS service
    > should not be a problem.
    >
    > But as I worte I can do a name resolution at this host w/o problems
    > at the cli. How does the GWIA takes the name resolution? Use it a own
    > resolver? (maybe a old way since NetWare days ;-)
    >
    >
    >>> But my clients are wait only for 5 seconds and after this they
    >>> cut the connection :-\

    >>
    >> Your clients are misconfigured. 5 seconds is unreasonably short.

    > Indeed! But the 'development' states that they could not configure
    > the behavior of the (ORACLE) API :-\
    >
    >>
    >>> Is there a way to prohibid GWIA does a reverse lookup?

    >>
    >> No.
    >>
    >>> (Hint: Even the reverse lookup is not successful the GWIA will
    >>> established the connection. So why the reverse lookup is doing?

    >>
    >> For instance to write the hostname into the logs and headers. And
    >> many many other reasons.

    > Thx for this explanation!
    >

    Btw: When I checked the log (debug-level) at GWIA, I found that GWIA was
    trying to connect to all DNS-Servers that were configured at the eDir ...

    The host has three DNS configured, but at the eDir are four DNS-Servers
    .... and even if the 4th DNS was not available the GWIA tries to connect
    them.

    Any thoughts?

    Bernd
  • In article <bCxCD.540$h_7.112@novprvlin0913.provo.novell.com>, Nntp-user
    wrote:
    > The host has three DNS configured, but at the eDir are four DNS-Servers
    > .... and even if the 4th DNS was not available the GWIA tries to connect
    > them.


    What version of GWIA on which OS version are we talking about?

    Where in eDir are you seeing those 4 DNS servers? Are these 4 OES DNS
    services or something else?
    How are you seeing that GWIA tries to get to them (GWIA logs? Packet
    traces?)
    Any other network issues that might be impacting access to any of the
    servers in question.


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    https://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please show
    your appreciation by clicking on the star below. Thanks!

  • Am 05.11.18 um 22:47 schrieb Andy Konecny:
    > In article <bCxCD.540$h_7.112@novprvlin0913.provo.novell.com>, Nntp-user
    > wrote:
    >> The host has three DNS configured, but at the eDir are four DNS-Servers
    >> .... and even if the 4th DNS was not available the GWIA tries to connect
    >> them.

    >
    > What version of GWIA on which OS version are we talking about?

    This is GW18 at OES2018

    > Where in eDir are you seeing those 4 DNS servers? Are these 4 OES DNS
    > services or something else?

    Yes, OES-named

    > How are you seeing that GWIA tries to get to them (GWIA logs? Packet
    > traces?)

    Logs at debug mode.

    Bernd
  • Hi.

    On 06.11.2018 08:09, nntp-user wrote:
    >> Where in eDir are you seeing those 4 DNS servers? Are these 4 OES DNS
    >> services or something else?

    > Yes, OES-named


    They are meaningless. GWIA uses what is set in /etc/resolv.conf

    CU,
    --
    Massimo Rosen
    Micro Focus Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Am 06.11.18 um 11:04 schrieb Massimo Rosen:
    > Hi.
    >
    > On 06.11.2018 08:09, nntp-user wrote:
    >>> Where in eDir are you seeing those 4 DNS servers? Are these 4 OES DNS
    >>> services or something else?

    >> Yes, OES-named

    >
    > They are meaningless. GWIA uses what is set in /etc/resolv.conf
    >

    Hmm, there are three entrys in /etc/resolv.conf. But I see four querys
    in the debug log.

    Btw: One of them is the same host as this were the GWIA is running. -
    But ...

    Bernd