Timeout setting

John W. Blue john.blue at rrcic.com
Thu Mar 25 17:21:36 UTC 2021

When I queried the authoritative server directly it worked:


;; ANSWER SECTION: 86400 IN	PTR	rn2-msbadger07105.apple.com.

;; Query time: 62 msec

I would recommend that you too do a dig @ and see what you get.

If it works then you can start examining your on prim configs .. if it does not work then you need to be using wireshark to figure out what is happening to the traffic.

Either way you need to first break your troubleshooting into two parts .. on prim vs off prim and proceed from there.

Good hunting.


-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Julien Salort
Sent: Thursday, March 25, 2021 12:11 PM
To: bind-users at lists.isc.org
Subject: Timeout setting


I have a VPS running postfix and bind9. Bind is used as a recursive resolver, in particular to be able to query anti-spam database.

Postfix is also configured to reject incoming connections from servers with no reverse dns.

It works great overall, but sometimes legitimate messages get rejected because the reverse dns query fails.

Here is an example (anonymized email and host address):

In mail.log:

450 4.7.1 Client host rejected: cannot find your reverse hostname, []; from=<developer_bounces at insideapple.apple.com>
to=<XXX at example.com> proto=ESMTP helo=<rn2-msbadger07105.apple.com>
(total: 1)

In named journal:

mars 02 01:14:20 example.com named[2756114]: client @0x7f3a0808c750 ( query: IN PTR +E(0) (

mars 02 01:14:25 example.com named[2756114]: client @0x7f3a08079d00 ( query: IN PTR +E(0) (

mars 02 01:14:32 example.com named[2756114]: client @0x7f3a0808c750 ( query failed (timed out) for at query.c:6883

mars 02 01:14:32 example.com named[2756114]: client @0x7f3a000d5110 (insideapple.apple.com): query: insideapple.apple.com IN MX + (

So there is a timeout.

Now if I try again:

$ dig -x @localhost +short rn2-msbadger07105.apple.com.

So it seems that it is just that sometimes the query takes a bit longer...

Is there a general advice regarding timeout for bind?

Should I just choose a longer timeout? Or is there a reason for the default value?

I did not have such problems when I was using the ISP dns server instead 
of a local recursive resolver. So I was wondering if the configuration 
is sub-optimal somehow...

Thank you,



Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users at lists.isc.org

More information about the bind-users mailing list