spf-discuss
[Top] [All Lists]

Re: trusted-forwarder trouble

2005-05-06 20:25:54
In <427C1A64(_dot_)2010102(_at_)ohmi(_dot_)org> Radu Hociung 
<radu(_dot_)spf(_at_)ohmi(_dot_)org> writes:

Apparently I did not get the subtle hints from Wayne that he had some
trouble with the load on his trusted-forwarder domain, and that caused
my mail troubles today.

Well, the "trouble" that I had to deal with was that my bandwidth
exceeded what my previous ISP could provide, so I switched ISPs.


Today, as the zone expired due to failure to contact the master zone
server for a week, the trusted-forwarder domain just disapeared.

Is it possible that you had a hard coded IP address?  When I switched
ISPs, I had to switch IP addresses.

During the switch-over, both new and old IP addresses worked, and
after the three day TTL on the various trusted-forwarder.org records
timed out, queries from the old IP address dropped to maybe a half
dozen requests per day.


I am only pointing this out in case you also use this service with zone
trasfers.

It would have been nice if the move was more prominently announced, on
the spf lists.

If I thought it would have caused problems, I certainly would have
made an announcement.


But I guess Wayne has been fighting to get up to speed on recent SPF
history, so this could be excusable.

No, I've been watching the T-F list pretty carefully since it was
created, and I've placed it as higher priority than responding to
spf-discuss.  (Updating the draft was also slightly higher than
spf-discuss.  While I lagged on the draft, I did make quite a few
updates.)

Every day, I check with three different external services to make sure
that the T-FWL is reachable.  I also have a script that checks out all
nameservers from my host every 15 minutes.  From what I can tell, the
T-FWL should be working fine.

If you can provide me with the IP address that would have done the
query, the times and the dates, I can look through my DNS logs to see
if I can find any errors.  I confess that, due to the volume of the
T-FWL, I don't keep logs for more than a few days.


Hmmm...  I just checked my logs.  Since May 1, I can find only two
requests for AXFRs for outside sources, one of which is ns2.ohmi.org.
According to the logs, this succeeded at 20:53:07 06-May-2005 CDT.  I
have no record of any earlier attempts.


However, this is one more experience item that we (I) did not have until
today. Say what you will, but to me SPF is still an experiment. We'll
just have to agree to disagree on this one. :)

I don't think that SMTP is experimental just because DNSBLs don't
always work.  Similarly, I don't think that SPF is experimental just
because the T-FWL doesn't always work.  As said on the
trusted-forwarder.org web page, the T-FWL is *not* part of the SPF
standard, for many very good reasons.


Remember to check your configurations to ensure a smooth transition to
the new trusted-forwarder location, if it still exists.

Yes, please do check it out.  If other people are having problems,
please let everyone know.


-wayne


<Prev in Thread] Current Thread [Next in Thread>