Timeout setting

[Julien Salort]

Hello,


I have a VPS running postfix and bind9. Bind is used as a recursive 
resolver, in particular to be able to query anti-spam database.

Postfix is also configured to reject incoming connections from servers 
with no reverse dns.

It works great overall, but sometimes legitimate messages get rejected 
because the reverse dns query fails.

Here is an example (anonymized email and host address):

In mail.log:

450 4.7.1 Client host rejected: cannot find your reverse hostname, 
[17.179.250.111]; from=<developer_bounces at insideapple.apple.com> 
to=<XXX at example.com> proto=ESMTP helo=<rn2-msbadger07105.apple.com> 
(total: 1)

In named journal:

mars 02 01:14:20 example.com named[2756114]: client @0x7f3a0808c750 
127.0.0.1#43646 (111.250.179.17.in-addr.arpa): query: 
111.250.179.17.in-addr.arpa IN PTR +E(0) (127.0.0.1)

mars 02 01:14:25 example.com named[2756114]: client @0x7f3a08079d00 
127.0.0.1#43646 (111.250.179.17.in-addr.arpa): query: 
111.250.179.17.in-addr.arpa IN PTR +E(0) (127.0.0.1)

mars 02 01:14:32 example.com named[2756114]: client @0x7f3a0808c750 
127.0.0.1#43646 (111.250.179.17.in-addr.arpa): query failed (timed out) 
for 111.250.179.17.in-addr.arpa/IN/PTR at query.c:6883

mars 02 01:14:32 example.com named[2756114]: client @0x7f3a000d5110 
127.0.0.1#49520 (insideapple.apple.com): query: insideapple.apple.com IN 
MX + (127.0.0.1)


So there is a timeout.

Now if I try again:

$ dig -x 17.179.250.111 @localhost +short
rn2-msbadger07105.apple.com.


So it seems that it is just that sometimes the query takes a bit longer...


Is there a general advice regarding timeout for bind?

Should I just choose a longer timeout? Or is there a reason for the 
default value?


I did not have such problems when I was using the ISP dns server instead 
of a local recursive resolver. So I was wondering if the configuration 
is sub-optimal somehow...


Thank you,


Cheers,


Julien