GWIA answers slow / disable reverse lookup - Micro Focus Community

Anonymous_User · ‎2018-10-26

Hi,

here are more an on DNS-Service configured to the box where the GWIA is
running. If one of them is not reachable the gwia tooks 27 seconds to
send a 220 response.

But my clients are wait only for 5 seconds and after this they cut the
connection 😕

Is there a way to prohibid GWIA does a reverse lookup? (Hint: Even the
reverse lookup is not successful the GWIA will established the
connection. So why the reverse lookup is doing?

Bernd

laurabuckley · ‎2018-10-26

Hi Bernd,

I think what you are looking for is: GW Admin Console | GWIA | SMTP/Mime tab | Security Settings | Reject if PTR record does not exist

Having said the above, I would recommend investigating why your DNS is not responding in a timely manner.

Cheers,

Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...

mrosen · ‎2018-10-26

On 26.10.2018 16:17, nntp-user wrote:
> Hi,
>
> here are more an on DNS-Service configured to the box where the GWIA is
> running. If one of them is not reachable the gwia tooks 27 seconds to
> send a 220 response.

Well, yes and no. That happens only when both DNS servers are
unreachable or the first one does not respond in a weird way, aka
accepts the connection but then doesn't reply

> But my clients are wait only for 5 seconds and after this they cut the
> connection 😕

Your clients are misconfigured. 5 seconds is unreasonably short.

> Is there a way to prohibid GWIA does a reverse lookup?

No.

> (Hint: Even the
> reverse lookup is not successful the GWIA will established the
> connection. So why the reverse lookup is doing?

For instance to write the hostname into the logs and headers. And many
many other reasons.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

mrosen · ‎2018-10-26

On 26.10.2018 16:54, laurabuckley wrote:
>
> Hi Bernd,
>
> I think what you are looking for is: GW Admin Console | GWIA |
> SMTP/Mime tab | Security Settings | Reject if PTR record does not exist

That utilizes the reverse DNS lookup when it's enabled, but disabling it
doesn't also disable the DNS lookup GWIA is doing. That cannot be disabled.

> Having said the above, I would recommend investigating why your DNS is
> not responding in a timely manner.

Correct.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

Anonymous_User · ‎2018-11-01

Am 26.10.18 um 16:59 schrieb Massimo Rosen:
> On 26.10.2018 16:17, nntp-user wrote:
>> Hi,
>>
>> here are more an on DNS-Service configured to the box where the GWIA
>> is running. If one of them is not reachable the gwia tooks 27 seconds
>> to send a 220 response.
>
> Well, yes and no. That happens only when both DNS servers are
> unreachable or the first one does not respond in a weird way, aka
> accepts the connection but then doesn't reply
This is the behavior I expect. So the absence of one DNS service should
not be a problem.

But as I worte I can do a name resolution at this host w/o problems at
the cli. How does the GWIA takes the name resolution? Use it a own
resolver? (maybe a old way since NetWare days 😉

>> But my clients are wait only for 5 seconds and after this they cut the
>> connection 😕
>
> Your clients are misconfigured. 5 seconds is unreasonably short.
Indeed! But the 'development' states that they could not configure the
behavior of the (ORACLE) API 😕

>
>> Is there a way to prohibid GWIA does a reverse lookup?
>
> No.
>
>> (Hint: Even the reverse lookup is not successful the GWIA will
>> established the connection. So why the reverse lookup is doing?
>
> For instance to write the hostname into the logs and headers. And many
> many other reasons.
Thx for this explanation!

Anonymous_User · ‎2018-11-01

Am 26.10.18 um 16:54 schrieb laurabuckley:
(...)
> Having said the above, I would recommend investigating why your DNS is
> not responding in a timely manner.
(...)

Trying to do name resolution at the console of the host who is running
the GWIA is always quick and correct. (Tested with nslookup and dig.)

Bernd

Anonymous_User · ‎2018-11-01

Am 01.11.18 um 07:23 schrieb nntp-user:
> Am 26.10.18 um 16:59 schrieb Massimo Rosen:
>> On 26.10.2018 16:17, nntp-user wrote:
>>> Hi,
>>>
>>> here are more an on DNS-Service configured to the box where the
>>> GWIA is running. If one of them is not reachable the gwia tooks
>>> 27 seconds to send a 220 response.
>>
>> Well, yes and no. That happens only when both DNS servers are
>> unreachable or the first one does not respond in a weird way, aka
>> accepts the connection but then doesn't reply
> This is the behavior I expect. So the absence of one DNS service
> should not be a problem.
>
> But as I worte I can do a name resolution at this host w/o problems
> at the cli. How does the GWIA takes the name resolution? Use it a own
> resolver? (maybe a old way since NetWare days 😉
>
>
>>> But my clients are wait only for 5 seconds and after this they
>>> cut the connection 😕
>>
>> Your clients are misconfigured. 5 seconds is unreasonably short.
> Indeed! But the 'development' states that they could not configure
> the behavior of the (ORACLE) API 😕
>
>>
>>> Is there a way to prohibid GWIA does a reverse lookup?
>>
>> No.
>>
>>> (Hint: Even the reverse lookup is not successful the GWIA will
>>> established the connection. So why the reverse lookup is doing?
>>
>> For instance to write the hostname into the logs and headers. And
>> many many other reasons.
> Thx for this explanation!
>
Btw: When I checked the log (debug-level) at GWIA, I found that GWIA was
trying to connect to all DNS-Servers that were configured at the eDir ...

The host has three DNS configured, but at the eDir are four DNS-Servers
.... and even if the 4th DNS was not available the GWIA tries to connect
them.

Any thoughts?

Bernd

KonecnyA · ‎2018-11-05

In article <bCxCD.540$h_7.112@novprvlin0913.provo.novell.com>, Nntp-user
wrote:
> The host has three DNS configured, but at the eDir are four DNS-Servers
> .... and even if the 4th DNS was not available the GWIA tries to connect
> them.

What version of GWIA on which OS version are we talking about?

Where in eDir are you seeing those 4 DNS servers? Are these 4 OES DNS
services or something else?
How are you seeing that GWIA tries to get to them (GWIA logs? Packet
traces?)
Any other network issues that might be impacting access to any of the
servers in question.

Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
https://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please show
your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!

Anonymous_User · ‎2018-11-06

Am 05.11.18 um 22:47 schrieb Andy Konecny:
> In article <bCxCD.540$h_7.112@novprvlin0913.provo.novell.com>, Nntp-user
> wrote:
>> The host has three DNS configured, but at the eDir are four DNS-Servers
>> .... and even if the 4th DNS was not available the GWIA tries to connect
>> them.
>
> What version of GWIA on which OS version are we talking about?
This is GW18 at OES2018

> Where in eDir are you seeing those 4 DNS servers? Are these 4 OES DNS
> services or something else?
Yes, OES-named

> How are you seeing that GWIA tries to get to them (GWIA logs? Packet
> traces?)
Logs at debug mode.

Bernd

mrosen · ‎2018-11-06

Hi.

On 06.11.2018 08:09, nntp-user wrote:
>> Where in eDir are you seeing those 4 DNS servers? Are these 4 OES DNS
>> services or something else?
> Yes, OES-named

They are meaningless. GWIA uses what is set in /etc/resolv.conf

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

Anonymous_User · ‎2018-11-06

Am 06.11.18 um 11:04 schrieb Massimo Rosen:
> Hi.
>
> On 06.11.2018 08:09, nntp-user wrote:
>>> Where in eDir are you seeing those 4 DNS servers? Are these 4 OES DNS
>>> services or something else?
>> Yes, OES-named
>
> They are meaningless. GWIA uses what is set in /etc/resolv.conf
>
Hmm, there are three entrys in /etc/resolv.conf. But I see four querys
in the debug log.

Btw: One of them is the same host as this were the GWIA is running. -
But ...

Bernd

mrosen · ‎2018-11-06

On 06.11.2018 16:49, nntp-user wrote:
> Am 06.11.18 um 11:04 schrieb Massimo Rosen:
>> Hi.
>>
>> On 06.11.2018 08:09, nntp-user wrote:
>>>> Where in eDir are you seeing those 4 DNS servers? Are these 4 OES DNS
>>>> services or something else?
>>> Yes, OES-named
>>
>> They are meaningless. GWIA uses what is set in /etc/resolv.conf
>>
> Hmm, there are three entrys in /etc/resolv.conf. But I see four querys
> in the debug log.

Then most likely that is the designated dns server for the query that's
happening.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de