[opensuse] "Slow" postfix
Hi, My postfix mail-server is slow to wake up. Between the setup of the tcp-connection (SYN/SYN-ACK/ACK) and the response "220 ..." there are at least 10 seconds. I (and my users) find this annoying. Any suggestions how to debug this ? I'm running the "boxed" postfix of OS 10.3. TIA -- Met vriendelijke groeten, Koenraad Lelong
Koenraad Lelong wrote:
Hi, My postfix mail-server is slow to wake up. Between the setup of the tcp-connection (SYN/SYN-ACK/ACK) and the response "220 ..." there are at least 10 seconds. I (and my users) find this annoying.
Fix your dns server. When a client connects to your mailserver, Postfix will do a reverse lookup of the client ip and a forward lookup of the result of the reverse lookup. Most probably your dns can't resolve the client ips correctly and tries until it times out. One sign of this is that your clients are logged as "unknown" instead of the correct hostnames. A mailserver relies heavily on DNS, correctly working DNS is a must. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic schreef:
Koenraad Lelong wrote:
Hi, My postfix mail-server is slow to wake up. Between the setup of the tcp-connection (SYN/SYN-ACK/ACK) and the response "220 ..." there are at least 10 seconds. I (and my users) find this annoying.
Fix your dns server.
When a client connects to your mailserver, Postfix will do a reverse lookup of the client ip and a forward lookup of the result of the reverse lookup. Most probably your dns can't resolve the client ips correctly and tries until it times out.
One sign of this is that your clients are logged as "unknown" instead of the correct hostnames.
A mailserver relies heavily on DNS, correctly working DNS is a must.
It's indeed a problem of DNS, more specific the reverse DNS. The mailserver is also a slave DNS-server. This seems unable to resolve reverse dns-queries. It times out, and then the mailserver qeuries the master dns-server that answers promptly it can't find the host, which is understandable since my local users don't have dns-entries. So it boils down to : why does reverse resolving not work when forward resolving does work ? Suggestions ? I will search the net in the mean time. -- Met vriendelijke groeten, Koenraad Lelong
Koenraad Lelong wrote:
It's indeed a problem of DNS, more specific the reverse DNS. The mailserver is also a slave DNS-server. This seems unable to resolve reverse dns-queries. It times out, and then the mailserver qeuries the master dns-server that answers promptly it can't find the host, which is understandable since my local users don't have dns-entries. So it boils down to : why does reverse resolving not work when forward resolving does work ?
No, you should also ask why your slave DNS cannot answer the query when your master can? -- /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Koenraad Lelong wrote:
A mailserver relies heavily on DNS, correctly working DNS is a must.
It's indeed a problem of DNS, more specific the reverse DNS. The mailserver is also a slave DNS-server. This seems unable to resolve reverse dns-queries. It times out, and then the mailserver qeuries the master dns-server that answers promptly it can't find the host, which is understandable since my local users don't have dns-entries. So it boils down to : why does reverse resolving not work when forward resolving does work ?
Because different zones are queried. If Postfix uses the slave dns, and the slave dns itself is querying the primary as default, then the primary must be configured to allow the slave to relay queries. See allow-recursion in named.conf. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic wrote:
Koenraad Lelong wrote:
A mailserver relies heavily on DNS, correctly working DNS is a must.
It's indeed a problem of DNS, more specific the reverse DNS. The mailserver is also a slave DNS-server. This seems unable to resolve reverse dns-queries. It times out, and then the mailserver qeuries the master dns-server that answers promptly it can't find the host, which is understandable since my local users don't have dns-entries. So it boils down to : why does reverse resolving not work when forward resolving does work ?
Because different zones are queried. If Postfix uses the slave dns, and the slave dns itself is querying the primary as default, then the primary must be configured to allow the slave to relay queries. See allow-recursion in named.conf.
If it's a problem between the two internal DNS'es, I'm not convinced the problem would look like a time-out. Anyway, the problem is easily diagnosed - run a 'dig @slavedns -X ip-address' and see what happens. If need be, trace the queries etc. /Per -- /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen schreef:
Sandy Drobic wrote:
Koenraad Lelong wrote:
A mailserver relies heavily on DNS, correctly working DNS is a must.
It's indeed a problem of DNS, more specific the reverse DNS. The mailserver is also a slave DNS-server. This seems unable to resolve reverse dns-queries. It times out, and then the mailserver qeuries the master dns-server that answers promptly it can't find the host, which is understandable since my local users don't have dns-entries. So it boils down to : why does reverse resolving not work when forward resolving does work ? Because different zones are queried. If Postfix uses the slave dns, and the slave dns itself is querying the primary as default, then the primary must be configured to allow the slave to relay queries. See allow-recursion in named.conf.
If it's a problem between the two internal DNS'es, I'm not convinced the problem would look like a time-out.
Anyway, the problem is easily diagnosed - run a 'dig @slavedns -X ip-address' and see what happens. If need be, trace the queries etc.
/Per
Thanks guys, I think it's partly solved. I while ago I increased my subnet from /24 to /20, but the reverse zone was still 0.168.192... so if a reverse query for 192.168.2.10 is run, my own servers can't answer, and my master queries my ISP. With "host 192.168.2.10 master-dns" there is a limited response : nothing found, but with "dig @master-dns 192.168.2.10" there was a response which included the responder, which was my ISP's dns-server, not what I wanted. Now my reverse zone is 168.192.... and local reverse queries are OK. Now I need to solve external reverse queries. B.T.W. I don't have entries for allow-recursive or recursive, so these should be OK because of it's defaults. -- Met vriendelijke groeten, Koenraad Lelong
Koenraad Lelong escribió:
Hi, My postfix mail-server is slow to wake up. Between the setup of the tcp-connection (SYN/SYN-ACK/ACK) and the response "220 ..." there are at least 10 seconds. I (and my users) find this annoying.
Any suggestions how to debug this ?
Probably a DNS issue, try setting up a local DNS cache. -- "We have art in order not to die of the truth" - Friedrich Nietzsche Cristian Rodríguez R. Platform/OpenSUSE - Core Services SUSE LINUX Products GmbH Research & Development http://www.opensuse.org/
participants (4)
-
Cristian Rodríguez -
Koenraad Lelong -
Per Jessen -
Sandy Drobic