On Tue, 31 Aug 2010, Mark Martinec wrote: > Lawrence, > > > This is a dedicated server in a facility in the US. The server is > > configured to use the resolvers 4.2.2.1 and 4.2.2.2 > > > > I wouldn't dream of relying on Google for anything :) > > Like I said, your resolver is tricking you. Either by its > own fault, or SpamHaus is intentionally not providing useful > results to your DNS resplver: > > good (my own resolver): > $ host -t a midpage.ru.dbl.spamhaus.org. > midpage.ru.dbl.spamhaus.org has address 127.0.1.2 > [snip..] > bad: > $ host -t a midpage.ru.dbl.spamhaus.org. 4.2.2.2 > Using domain server: > Name: 4.2.2.2 > Address: 4.2.2.2#53 > > bad: > $ host -t a midpage.ru.dbl.spamhaus.org. 8.8.8.8 > Using domain server: > Name: 8.8.8.8 > Address: 8.8.8.8#53 > > > There is no good reason to use ISP's or some public DNS resolver > for anything but the smallest home network. Just install 'unbound', > or 'bind' in resolving-only mode. > > Mark
Mark is right. Spamhaus has a policy of blocking any DNS server which makes "too many" queries/day against their publicly available DNSBL lists. If you run a "busy" mail system they want you to buy a data feed. See: http://www.spamhaus.org/organization/dnsblusage.html So by using some public/ISP's DNS server, your queries are getting aggregated with everybody else using that DNS server and probably going over the Spamhaus limit. Run your own DNS server/resolver pointing directy to the spamhaus lists and you won't have that problem. If they still block you then it will be only your own use and you know that you'll have to spring for the paid service. BTW, even if you're below the Spamhaus 100k messages/day limit you can still exceed the queries/day limit. SA makes multiple queries/message and when combined with potential MTA queries can result in overload. -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{
