Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Untanglit
    Join Date
    Nov 2009
    Posts
    24

    Exclamation DNS server [x] fails to resolve DNSBL queries?

    This is an odd one. I have just started (this install is weeks old) to receive an Administrative Alert stating:

    Spam Blocker [Lite] is installed but a DNS server (External,[my external IP]) fails to resolve DNSBL queries.

    A quick test from the shell looks OK:

    root@untangle# ~ # nslookup -type=TXT 2.0.0.127.dnsbl.inps.de. [root @ untangle]
    Server: 127.0.0.1
    Address: 127.0.0.1#53

    Non-authoritative answer:
    2.0.0.127.dnsbl.inps.de text = "127.0.0.2 is listed for testing purposes since 2008-07-15"

    Authoritative answers can be found from:

    root@untangle# ~ #


    My ISP claims there is no blocking of any kind on their DNS cache servers and that DNSRBLs should work just fine.

    Any ideas on what I should check next?


    Edit:

    I am using my ISP's (Fast.co.uk) DNS servers: 78.143.192.10 and 78.143.192.20
    Last edited by Jon_Starr; 09-17-2012 at 01:44 AM.

  2. #2
    Untanglit legogeek's Avatar
    Join Date
    Jun 2009
    Posts
    17

    Default

    I'm receiving the same message (Different ISP). I went to the config tools as well and did a DNS test and it resolved fine.

    Anyone have suggestions or if this something to worry about?

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,490

    Default

    This error means that your Untangle's DNS servers aren't resolving Spamhaus.org results properly. It has to do with the spam filter. If you use public DNS servers you'll negatively impact the spam filter's ability to block spam. ISP DNS servers are just as prone to this issue. Spamhaus's service is only free to a point, and thy block DNS servers that hit a certain threshold of lookups per day.

    If you aren't using spam blocker, don't worry about it. If you are, it's time to find a new DNS provider, or possibly operate your own DNS servers.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie penzoiders's Avatar
    Join Date
    Feb 2010
    Location
    Anduins (PN) Italy
    Posts
    10

    Default

    I ran my DNS servers, one on router working fine, one on win2008r2 (Active Directory),

    I recive the same error
    Code:
    Spam Blocker [Lite] is installed but a DNS server (External, MY_AD_DNS_IP_IN_LAN ) fails to resolve DNSBL queries.
    The DNS is a default install result of Active Directory.. no clue here.
    Any suggestions? Do I have to set some particular record or setting there?

  5. #5
    Newbie
    Join Date
    Oct 2009
    Posts
    2

    Default DSBL is GONE

    DSBL is GONE
    DSBL is GONE and highly unlikely to return. Please remove it from your mail server configuration.

    DSBL was a blocklist specialized in listing open relays and open proxies. To put it simply, DSBL listed IP addresses of computers that could be tricked into sending spam by anybody. This was a very successful strategy. Nowadays open relays and open proxies are rare, spammers hardly ever use them any more and no software seems to come with an open-by-default policy any more.

    dnsbl org

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,490

    Default

    Untangle doesn't use DNSBL, it uses Spamhaus. Honestly, did anyone read what I posted? If you want help, you need to actually read the responses carefully.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    http://wiki.untangle.com/index.php/Administrator_Alerts

    test with
    host 2.0.0.127.zen.spamhaus.org <dns server ip>

    bad:
    # host 2.0.0.127.zen.spamhaus.org 4.2.2.1
    Using domain server:
    Name: 4.2.2.1
    Address: 4.2.2.1#53
    Aliases:

    Host 2.0.0.127.zen.spamhaus.org not found: 3(NXDOMAIN)

    good:
    # host 2.0.0.127.zen.spamhaus.org 172.16.2.1
    Using domain server:
    Name: 172.16.2.1
    Address: 172.16.2.1#53
    Aliases:

    2.0.0.127.zen.spamhaus.org has address 127.0.0.2
    2.0.0.127.zen.spamhaus.org has address 127.0.0.10
    2.0.0.127.zen.spamhaus.org has address 127.0.0.4
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untanglit
    Join Date
    Nov 2009
    Posts
    24

    Default

    Thanks for the help skyknight and dmorris, I get:

    root@untangle#
    ~ # host 2.0.0.127.zen.spanhaus.org 4.2.2.1 [root @ untangle]
    Using domain server:
    Name: 4.2.2.1
    Address: 4.2.2.1#53
    Aliases:

    2.0.0.127.zen.spanhaus.org has address 141.8.224.106

    root@untangle#
    ~ # host 2.0.0.127.zen.spamhaus.org 78.143.192.10 [root @ untangle]
    Using domain server:
    Name: 78.143.192.10
    Address: 78.143.192.10#53
    Aliases:

    2.0.0.127.zen.spamhaus.org has address 127.0.0.2
    2.0.0.127.zen.spamhaus.org has address 127.0.0.10
    2.0.0.127.zen.spamhaus.org has address 127.0.0.4
    root@untangle# ~ # [root @ untangle]


    So it should be working just fine? I still have a warning that persists through reboots.
    Last edited by Jon_Starr; 09-28-2012 at 06:22 AM.

  9. #9
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    [dmorris @ dmorris-thinkpad] ~ # host 2.0.0.127.zen.spamhaus.org 78.143.192.10
    ;; connection timed out; no servers could be reached


    You can check uvm.log to see the literal command it runs when you log in to the UI.
    If that returns with an error. You're going to get that warning.

    If you need help, just paste the relevant lines from uvm.log
    Last edited by dmorris; 09-28-2012 at 10:19 AM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  10. #10
    Untanglit
    Join Date
    Nov 2009
    Posts
    24

    Default

    Right, as part of the ongoing saga I can see this in the UVM logs:

    Oct 9 11:58:17 localhost [ExecManagerImpl] INFO ExecManager.exec(host 2.0.0.127.zen.spamhaus.org 78.143.192.10) = 1 took 10065 ms.
    Oct 9 11:58:17 localhost [ExecManagerImpl] INFO ExecManager.exec(host 2.0.0.127.zen.spamhaus.org 78.143.192.20)
    Oct 9 11:58:22 localhost [ExecManagerImpl] INFO ExecManager.exec(host 2.0.0.127.zen.spamhaus.org 78.143.192.20) = 0 took 5416 ms.

    And from the console:

    root@untangle# ~ # host 2.0.0.127.zen.spamhaus.org 78.143.192.20 [root @ untangle]
    ;; connection timed out; no servers could be reached
    root@untangle# ~ # host 2.0.0.127.zen.spamhaus.org 78.143.192.20 [root @ untangle]
    Using domain server:
    Name: 78.143.192.20
    Address: 78.143.192.20#53
    Aliases:

    2.0.0.127.zen.spamhaus.org has address 127.0.0.2
    2.0.0.127.zen.spamhaus.org has address 127.0.0.10
    2.0.0.127.zen.spamhaus.org has address 127.0.0.4


    So that's pretty obvious that my ISPs resolving and caching servers are overloaded/crap as they are intermittently responding?




    Edit:

    I have my primary as OpenDNS and my secondary as DynGuide as recommended by Google namebench. No more errors!

    Bloomin typical that every time I did a manual test I got a valid response until just today....
    Last edited by Jon_Starr; 10-09-2012 at 06:31 AM.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2