keat63

Well-Known Member
Nov 20, 2014
1,499
128
93
cPanel Access Level
Root Administrator
Since moving my domains, itm seeing the following attached to message headers.

ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.

I'm aware of what causes this, and that having my own caching nameservers will potentially fix this.
However, I'd prefer to not host my own name servers.

Is there another way around this, or disable the feature all together from SpamAssasin.
If it doesn't work, then it might as well not be utilising resources etc.
 
Last edited:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
9,012
762
263
Houston
cPanel Access Level
DataCenter Provider
options rotate
options timeout:1
Interesting, I've not seen that in the resolv.conf before.


The reason I asked is due to the "Free for some" method URIBL utilizes - Most RBL servers use a "Free for some" method, whereas long as a given DNS server isn't performing too many requests, it's allowed. But for a DNS server that is too busy, (eg: 8.8.8.8 is very busy), it will be blocked from doing RBL queries, since it no longer qualifies as the "Free for some" method, and would then fall under the category where payment is required to perform that volume of RBL queries.

So when this occurs, the assumption is the dns servers you're using are performing too many queries to the RBL - like a form of rate-limiting. The solution would be to use nameservers that haven't hit that limit with the URIBL. You might try using CloudFlare's to see, but I couldn't guarantee they hadn't reached that limit since they're public.
 

keat63

Well-Known Member
Nov 20, 2014
1,499
128
93
cPanel Access Level
Root Administrator
My current data centre is UKFast, I'd imagine that thier DNS servers have probably hit the limit.

Even though I don't host my own name servers, my server still has DNS tables, as these are created with a new account etc.
Is it possible for me to add my own IP in resolve.cnf ?
 

keat63

Well-Known Member
Nov 20, 2014
1,499
128
93
cPanel Access Level
Root Administrator
As my server isn't fully populated yet, I've taken a risk, I'm not sure what implications this will have. ??

I now manually add my DNS at registra level and use thier name servers.
I found the IP of thier NS2 name server, and added this as the top entry in resolve.cnf.

I no longer see the URIBL error, and my sites still appear to be working.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,155
63
178
Finland
cPanel Access Level
Root Administrator
Your own name servers are not recommended as resolvers.
We use Google's name servers, i.e:
Nameserver 8.8.8.8
Nameserver 8.8.4.4

+ one IP provided by the datacenter.

From resolv.conf man page:
Code:
              rotate sets RES_ROTATE in _res.options, which causes round robin selection of nameservers from among those listed.  This has the effect of spreading the  query
                     load among all listed servers, rather than having all clients try the first listed server first every time.
without "roate" the 1st nameserver IP is always used 1st, and if it fails then 2nd, etc.
 

keat63

Well-Known Member
Nov 20, 2014
1,499
128
93
cPanel Access Level
Root Administrator
Any reason why I shouldn't use my own name server as a resolver
Although when I say mine, it's not physically mine, it's that of the registra 123-reg.co.uk

Incidentally, I don't see any errors.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,155
63
178
Finland
cPanel Access Level
Root Administrator
Any reason why I shouldn't use my own name server as a resolver
Although when I say mine, it's not physically mine, it's that of the registra 123-reg.co.uk

Incidentally, I don't see any errors.
I just quoted what cPanelMichael said here:

I'm not saying you can't use your own name server in resolf.conf, but for my understanding it's not the best practice.
 
  • Like
Reactions: cPanelLauren

keat63

Well-Known Member
Nov 20, 2014
1,499
128
93
cPanel Access Level
Root Administrator
I'm not using my own nameserver.
In fact, I don't even have bind installed.

In resolve.cnf I have 4 IP's

The IP address of the NS2 server of my registra (123-reg)
and 3 which belong to the data centre who I rent my server through (UKFast)


Since adding the 123-reg IP, I no longer see the URIBL errors, and don't yet see any problems (that i'm aware of) on the my server.
 

keat63

Well-Known Member
Nov 20, 2014
1,499
128
93
cPanel Access Level
Root Administrator
I'm sort of back to square one now.

Updates failed last night due to unreliable resolvers.
I ran /scripts/check_unreliable_resolvers,
Which came back with a large list of IP's some of which had red stops signs against them, some have geen ticks.

I removed the registra NS server entry from resolve.cnf, and the resolver check exited successfully.
 

keat63

Well-Known Member
Nov 20, 2014
1,499
128
93
cPanel Access Level
Root Administrator
I tried about 5 of those public resolvers, and i'm afraid they all suffer the same fate.

Maybe something that I have to live with.

It's not overly important, as I can clearly see in exin regect log that my other RBL's are perfoming well.
It would just be nice not to see the URIBL failure.
 

keat63

Well-Known Member
Nov 20, 2014
1,499
128
93
cPanel Access Level
Root Administrator
Rather than modifying resolv.cfg, I modified /etc/mail/spamassassin/local.cf
and added dns_server xxx.xx.xx.xx

xxx.xx.xx.xx being the IP address of 123-reg NS servers.

lets see what this brings