The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

zen.spamhaus.org not resolving

Discussion in 'General Discussion' started by Bdzzld, Jul 26, 2011.

  1. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hello,

    We've curently set up the bl.spamcop.net and zen.spamhaus.org RBLs to block e-mail at SMTP time (by default present in cPanel). We've however noticed e-mail coming through from IP-addresses which were blacklisted in zen.spamhaus.org and also noticed zen.spamhaus.org is no longer resolving on our servers.

    Does any one have the same problem?

    We've OpenDNS and Google DNS configured in /etc/resolv.conf

    Thanks.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. metrop

    metrop Member

    Joined:
    Sep 23, 2001
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    0
    Try with Barracudacentral.org.

    You need to register first and add your IP server. Add b.barracudacentral.org in RBL Manager.
     
  4. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    These are the correct URLs and are operating as expected:

    http://www.spamhaus.org/

    /http://www.spamhaus.org/drop/drop.lasso

    Sorry for the confusion of my earlier post.
     
  6. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    I've set up the following new entry for spamhaus :

    Code:
    Rbl Name : spamhaus2
    Rbl Info URL : http://www.spamhaus.org/drop/drop.lasso
    Dns List : www.spamhaus.org
    
    Should that be an alternative for the original?

    Thanks.
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This is what mine looks like:
     

    Attached Files:

  8. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    As previously mentioned zen.spamhaus.org does not resolve (there's no entry for zen in the spamhaus.org DNS records), so those settings won't work any more. That's the reason for creating this thread in the first place.
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm clearly running without coffee this morning.. :/

    Just poking around looking for news on this and coming up empty.

    That drop list is specific and not ideal I don't think. The Spamhaus Project - DROP
    From my exim_rejectlog just now:

    Somethings still working over here.
     
  10. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Code:
    root@xxxxxx [~]# dig zen.spamhaus.org
    
    ; <<>> DiG 9.2.4 <<>> zen.spamhaus.org
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6243
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;zen.spamhaus.org.              IN      A
    
    ;; AUTHORITY SECTION:
    zen.spamhaus.org.       110     IN      SOA     need.to.know.only. hostmaster.spamhaus.org. 1107261730 3600 600 432000 150
    
    ;; Query time: 35 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Tue Jul 26 19:38:17 2011
    ;; MSG SIZE  rcvd: 98
    
    No IP-address is resolved here. You must be using other DNS servers to resolve, which (still) know the IP-address.
     
  11. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    b.barracudacentral.org does not resolve either.
     
  12. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Sure they resolve. Either your resolver is broke, or you don't quite understand what it is you are looking for.

    zen.spamhaus.org only has NS records. When your server does a query of xxx.xxx.xxx.xxx.zen.spamhaus.org, your server checks to see what servers are listed in the NS records of zen.spamhaus.org. Then your server is supposed to query one of those servers.

    Same thing with b.barracudacentral.org.

    There are no "A", "CNAME", or "MX" records for b.barracudacentral.org or zen.spamhaus.org, which I'm sure is their intention. None of these records are needed. Their absence shouldn't be any sort of indicator to you.

    dig zen.spamhaus.org NS
    dig b.barracudacentral.org NS

    Those two commands should produce a list of nameservers serving those zones.

    M
     
    #12 mtindor, Jul 26, 2011
    Last edited: Jul 26, 2011
  13. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    As you can see it (and so does zen.spamhaus.org) does not resolve to any IP-address :

    Code:
    root@xxxxxx [~]# dig b.barracudacentral.org
    
    ; <<>> DiG 9.2.4 <<>> b.barracudacentral.org
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49694
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;b.barracudacentral.org.                IN      A
    
    ;; AUTHORITY SECTION:
    b.barracudacentral.org. 900     IN      SOA     not.available. hostmaster.barracudacentral.org. 1311708799 600 600 432000 900
    
    ;; Query time: 153 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Tue Jul 26 21:56:25 2011
    ;; MSG SIZE  rcvd: 100
    
    Code:
    root@xxxxxx [~]# ping b.barracudacentral.org
    ping: unknown host b.barracudacentral.org
    
    As previously mentioned we're using OpenDNs and GoogleDNS as resolvers. Are you using the same or others?
     
  14. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You aren't supposed to be able to ping zen.spamhaus.org or b.barracudacentral.org. They simply don't have A / CNAME records associated with them, by design.

    To test if you're reaching Spamhaus, you could test an IP that you know is in the Zen database.

    For instance, if I want to see if 200.171.150.7 is in the DB:

    dig 7.150.171.200.zen.spamhaus.org a

    dig 7.150.171.200.zen.spamhaus.org txt

    If I want to see whether 98.231.39.227 is in the Barracuda RBL:

    dig 227.39.231.98.b.barracudacentral.org a

    dig 227.39.231.98.b.barracudacentral.org txt

    Reverse the octets of the IP address in question and prepend it to .b.barracudacentral.org or .zen.spamhaus.org in a TXT or A record query.

    With all of that said, it could be simply that the Spamhaus servers are refusing to answer queries from your server because your server is generating too many queries for the free service. If your server queries reach a threshold, Spamhaus would like for you to use their pay service and they may block your server from making queries - http://www.spamhaus.org/organization/dnsblusage.html

    M
     
    #14 mtindor, Jul 26, 2011
    Last edited: Jul 26, 2011
  15. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Thanks for sorting that out mtindor. It appears setting up Google DNS to resolve does not do the job :

    Code:
    root@xxxxxxxx [~]# dig 7.150.171.200.zen.spamhaus.org a @8.8.8.8
    
    ; <<>> DiG 9.2.4 <<>> 7.150.171.200.zen.spamhaus.org a @8.8.8.8
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53719
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;7.150.171.200.zen.spamhaus.org.        IN      A
    
    ;; AUTHORITY SECTION:
    zen.spamhaus.org.       150     IN      SOA     need.to.know.only. hostmaster.sp
    amhaus.org. 1107270545 3600 600 432000 150
    
    ;; Query time: 136 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Wed Jul 27 07:47:20 2011
    ;; MSG SIZE  rcvd: 112
    
    OpenDNS to resolve works. Going back to OpenDNS then :

    Code:
    root@xxxxxxxx [~]# dig 7.150.171.200.zen.spamhaus.org a @208.67.220.220
    
    ; <<>> DiG 9.2.4 <<>> 7.150.171.200.zen.spamhaus.org a @208.67.220.220
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3089
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;7.150.171.200.zen.spamhaus.org.        IN      A
    
    ;; ANSWER SECTION:
    7.150.171.200.zen.spamhaus.org. 98 IN   A       127.0.0.4
    7.150.171.200.zen.spamhaus.org. 98 IN   A       127.0.0.11
    
    ;; Query time: 0 msec
    ;; SERVER: 208.67.220.220#53(208.67.220.220)
    ;; WHEN: Wed Jul 27 07:48:40 2011
    ;; MSG SIZE  rcvd: 80
    
     
  16. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    My guess is that because Google's resolvers are free and open to the public for use, they can generate a tremendous amount of traffic by all of the servers that are configured to use Google resolvers. So, probably Spamhaus has specifically configured their servers so that they reject any zen (or other spamhaus dbl) queries that come through Google resolvers. Just a guess.

    M
     
  17. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Ok, not a guess now. If you look on the Spamhaus site at their FAQ, they do state that you can't query Spamhaus data using Google resolvers -- http://www.spamhaus.org/faq/answers.lasso?section=DNSBL Usage#261

    M
     
  18. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Please note: OpenDNS servers are free resolvers as well and do the job without any problems as soon as we moved them up in the /etc/resolv.conf file. We've removed Google DNS from the file for now.
     
Loading...

Share This Page