> A possible cause is that you are not using your own DNS resolver but > instead relying on a third party (such as your ISP), and their > resolver has been blocked by Spamhaus for over-usage. In which case > you need to set up your own DNS resolver (e.g. bind) and use this > instead, ensuring it does not forward DNS queries through a > third-party resolver.
The first two nameserver entries in my resolv.conf contains IPv4 127.0.0.1 and IPv6 ::1 > Does the 'test' address work? See > https://www.spamhaus.org/faq/section/DNSBL%20Usage#366 > > $ dig +short 2.0.0.127.zen.spamhaus.org @DNS.server > > for relevant values of 'DNS.server' including 127.0.0.1. dig @127.0.0.1 1.0.0.127.zen.spamhaus.org +short ; <<>> DiG 9.14.8 <<>> @127.0.0.1 1.0.0.127.zen.spamhaus.org +short ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached dig @127.0.0.1 denic.de +short a 81.91.170.12 A dig to query other domains for whatever records does work, so i guess it's not a firewall issue. Beside this i tried disabling my firewall for a moment of second to doublecheck if my firewall has problem. No changes, still not reaching zen.spamhaus.org. UDP/TCP 53 is open at switch/router-level and my server too.
