On Tue, May 17, 2011 at 09:56:57AM -0700, Murray S. Kucherawy wrote:
> > From: opendkim-dev-bounce_at_lists.opendkim.org [mailto:opendkim-dev-bounce_at_lists.opendkim.org] On Behalf Of Gary Mills
> >
> > On Mon, May 16, 2011 at 10:27:15PM -0700, Murray S. Kucherawy wrote:
> > > How many nameservers are listed in that machine's /etc/resolv.conf?
> >
> > There are three, but the second and third nameservers should only
> > be tried if queries to the previous ones timed out.
>
> The libar defaults are five seconds per query, with two retries
> each. It then moves on to the next nameserver, and it uses what's
> in resolv.conf to get that list. So that's ten seconds per
> nameserver, times three nameservers, so thirty seconds, and then
> multiply that by the number of signatures. And that doesn't account
> for the ADSP queries (of which there can be up to four).
So, that could exceed sendmail's 60-second timeout for the milter
connection in circumstances when the external nameservers are not
reachable. Is there any harm in letting it time out that way? I assume
that only the one thread is affected when that happens.
--
-Gary Mills- -Unix Group- -Computer and Network Services-
Received on Wed May 18 2011 - 23:18:27 PST