DNS Queries not Resolving

Language

Home>Knowledge Base>Declude>General Declude Topics>DNS>DNS Queries not Resolving

Information

Article ID	12
Created On	12/9/2009
Modified	12/9/2009

Actions

Print this Page

Add Favorite

Share With Others

	Digg
	Reddit
	del.icio.us

DNS Queries not Resolving

ISSUE

Spam is slipping past Declude that hasn’t normally passed any filtering. Spam is not being weighted high enough for actionable thresholds to take effect. Place your LOGLEVEL in DEBUG, let it run for several minutes and then open the log. What we are trying to do is identify a possible DNS issue. Packets not making it to the DNS server or not making it back from the DNS server can be an issue if you are running Declude Security Suite. The reason is we rely heavily on these queries to be successfully resolved in order to trigger certain test and assign spam a high enough weight. If you see the following in the log, find out where these queries are going because they aren’t getting back to the application.

02/07/2007 13:48:34.640 35958831 Test #2 [ADNSBL] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #3 [BLITZEDALL] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #4 [CBL] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #5 [CSMA-SBL] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #6 [DSBL-CONFIRMED] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #7 [FIVETEN-SRC] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #7 [FIVETEN-SRC]didn't get a response
02/07/2007 13:48:34.640 35958831 Test #8 [JAMMDNSBL] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #9 [INTERSIL] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #10 [IPWHOIS] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #11 [IMP-SPAM] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #12 [MXRATE-BLOCK] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #12 [MXRATE-BLOCK] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #12 [MXRATE-BLOCK] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #14 [NJABL] is same as Test #14 [NJABL=127.0.0.2]. Answer=?
02/07/2007 13:48:34.640 35958831 Test #15 [SBL] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #16 [SORBS-HTTP] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #16 [SORBS-HTTP] didn't get a response
02/07/2007 13:48:34.640 35958831 Test #16 [SORBS-HTTP] didn't get a response

RESOLUTION

Check your diags.txt, if you see an IP address next to the DNS field and you see the above in your DEBUG log, that DNS server has either stopped responding or connectivity has been lost between the email server and the DNS machine. If no IP address has been identified in this field then Declude is having an issue reading it from your mail server itself. Open up your Global.cfg and specify an alternate address to another DNS server next to the DNS directive near the top of the file. Make sure to save your file, rename or delete the old DEBUG log and start a new one. You should see that these "didn’t get a response" goes away.

If you do not have an alternate DNS server try use the following which is an OpenDNS server.

DNS 208.67.222.222

Management Interface