We run dedicated AWS instances (with static IP addresses) for the DNS servers used by our Zimbra email servers, and doing so makes the annual discussion re renewal fees with our commercial RBL providers simple and easy.
It's also nice to use a DNS server that's memory/CPU efficient (to keep instance costs down), and where the publisher compiles in hooks to be able to log responses to DNS queries (which helps greatly with historical customer troubleshooting). Not that I'm influenced at all by Dan's day-job employer either... Best regards to all, Mark -- _________________________________________________________________ L. Mark Stone, Founder North America's Leading Zimbra VAR/BSP/Training Partner For Companies With Mission-Critical Email Needs Winner of the Zimbra Americas VAR Partner of the Year 2024 Award ----- Original Message ----- | From: "Dan Mahoney via mailop" <mailop@mailop.org> | To: "mailop" <mailop@mailop.org> | Sent: Tuesday, April 22, 2025 3:17:53 PM | Subject: Re: [mailop] Validity (return path blocklist) |> On Apr 22, 2025, at 07:14, Benoit Panizzon via mailop <mailop@mailop.org> wrote: |> |> Hi |> |> Had a Zoom Meeting with John today and learned he is the sales person, |> not a tech. He does not know why we keep getting those reminders after |> having reached an agreement, he can not stop them. |> |> He reckons this is most probably caused by our customers still |> accessing the lists from our caching DNS servers we had (unsuccessfully |> - still got rate limited after registration) registered with Validity. |> |> So indeed, each customer wanting to use their services has to operate a |> dedicated DNS resolver on a distinguished public ip registered with |> validity which is directly sending queries to their DNS server and not |> using some uplink caching server like the ISP's caching server or |> google and others. | | This is valid advice if you run a mailserver anyway. I'm not taking any sides | in Validity's sales or business practices, but if you're using ANY rbls at all, | you're going to hit rate limiting if you use an upstream DNS server, and it can | be tangly to debug because the blocking (which is sometimes via a REFUSED error | code, and sometimes via just a weird PTR/A response) can ebb and flow so your | internal monitoring may not see it. | | And also, you want to be able to look at the logs/debugs on that DNS server, and | pop a tcpdump if necessary. | | This statement not at all sponsored by my day-job :) | | -Dan | | _______________________________________________ | mailop mailing list | mailop@mailop.org | https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
