DNS is an integral part of the internet. Without it we would all have to be very good at memorising numbers, can you imagine connecting to 220.127.116.11 rather than www.google.com to do a Google search? DNS is also used to provide access to certain spam tests. The following spam tests all require DNS to function:
- DNS Block Lists (RBL) - These services list the IP addresses of known spammers
- URI Block Lists - These services list domains that have been compromised/abused
- SPF - The SPF record for a domain is accessed via DNS
However, the spam test providers do not reply to DNS queries from all servers. In particular they will not reply to queries that originate from high volume DNS servers such as 18.104.22.168, 22.214.171.124, etc. If you use a high volume DNS server, or your DNS server forwards via high volume DNS servers, then it is likely that your SpamTitan server is not blocking as much spam mail as it could be.
Identifying the problem
How can you tell if your DNS server is getting accurate replies?
One of the spam test providers (uribl.com) has a test you can use to see if your DNS server is being blocked. It is a simple DNS query you can run from your SpamTitan server or PC.
To carry out the test on your SpamTitan server do the following:
- Go to Reporting > System Information > Tools > Dig
- Enter "126.96.36.199.multi.uribl.com txt" in to the text box and click Run
- If the query was accepted you will see the following:
- If the query was blocked you will see the following:
To carry out the test on a PC do the following:
- Open a command prompt
- Type "nslookup" and press return
- Type "set q=TXT" and press return
- Type "188.8.131.52.multi.uribl.com" and press return
This response indicates that your DNS server is not blocked:
If you are being blocked this indicates that you are using a high-volume DNS server, or forwarding through a high-volume DNS server. To resolve this issue you will need to use a different DNS server, or stop your DNS server from forwarding via a high-volume DNS server.
UDP & TCP
When a DNS reply exceeds 512kb the packet is sent using TCP rather than UDP. For this reason is it advisable to open port 53 on your firewall for both UPD and TCP. You can test to see if you can receive "full sized" DNS packets using the following test:
dig +short rs.dns-oarc.net txt
SpamTitan do not provide DNS servers