DNS error. orf.bondedsender.org A, protocol: UDP. Server response: DNS server or domain failure (SERVFAIL, RCODE 2) - ORF Forums

DNS error. orf.bondedsender.org A, protocol: UDP. Server response: DNS server or domain failure (SERVFAIL, RCODE 2) RSS Back to forum

1

ORF Fusion 5.3,
Some time ago there was such errors in logs:
DNS error. Test: "DNS Whitelist", server: "*.*.*.34", domain: "155.122.128.219.orf.bondedsender.org", record type: A, protocol: UDP. Server response: DNS server or domain failure (SERVFAIL, RCODE 2).

что где надо включить или отключить?

by nikolay 4 years ago
2

@nikolay: A SERVFAIL error indicates that your DNS server at .34 was unable to resolve the requested DNS name. Typically, this is due to a DNS timeout error somewhere in the DNS recursion process.

A sporadic SERVFAIL is nothing to worry about; timeouts happen.

If you start to see SERVFAILs or timeouts for a same DNS zone for a long period of time, you might have difficulty reaching one of the DNS servers involved in the process. This may be because the server is down or otherwise unavailable. For DNSBLs and SURBLs, this may also indicate that you have been firewalled (e.g. because your server or your forwarder DNS server violates the free usage limits). Another issue may arise if your DNS server thinks it has public IPv6 connectivity when in reality it has none. For IPv6-enabled zones, this may cause the DNS resolution to be attempted via IPv6, which in turn fails due to lack of true IPv6 connectivity.

If you start seeing SERVFAILs for basically all DNS queries (but those with cached responses), then your server has difficulty reaching the forwarder DNS server or the root DNS servers. This may be caused by any connectivity issues, from the forwarder server being down to firewall configuration issues.

Is any of the above consistent with what you experience?

by Péter Karsai (Vamsoft) 4 years ago
(in reply to this post)

3

Hello. The same problem. Our DNS servers works perfect. Errors started on the IP addresses that do not exist in DNS. But why ORF skips these messages? We want that these messages were blocked. What setting we do?

by doomedwolf 4 years ago
4

a little correction. In our case, ORF cannot check a PTR records.

by doomedwolf 4 years ago
5

@doomedwolf: Hello,

Reverse DNS is often unavailable for spamming IP addresses due to non-responding name servers. This is no cause for concern, because ORF will not skip testing the email just because the RDNS test fails. The error containtment policy of ORF for blacklists is to skip the smallest possible part of a test due to an error. For instance, if the IP-based Reverse DNS validation (i.e. PTR check) fails, the rest of the RDNS is still performed and other tests are also carried out on the email.

by Péter Karsai (Vamsoft) 4 years ago
(in reply to this post)

6

ORF Fusion 5.3
DNS error. Test: "DNSBL: FIVETEN", server: "212.45.0.3", domain: "71.53.235.46.blackholes.five-ten-sg.com", record type: A, protocol: UDP. Server response: DNS server or domain failure (SERVFAIL, RCODE 2).
DNS error. Test: "DNSBL: BLCKUS-KR", server: "212.45.0.3", domain: "71.53.235.46.korea.blackholes.us", record type: A, protocol: UDP. Server response: DNS server or domain failure (SERVFAIL, RCODE 2).
DNS error. Test: "DNSBL: DSBL-TRUST-S", server: "192.168.0.2", domain: "71.53.235.46.list.dsbl.org", record type: A, protocol: UDP. DNS timeout error.
DNS error. Test: "DNSBL: DSBL-TRUST-S", server: "212.45.0.3", domain: "71.53.235.46.list.dsbl.org", record type: A, protocol: UDP. Server response: DNS server or domain failure (SERVFAIL, RCODE 2).

by maxim.klimov 2 years ago
7

Hello maxim.klimov,

The DNS Blacklists in the error messages (FIVETEN, BLCKUS-KR, DSBL-TRUST-S) have been retired years ago (see the related news articles form our archive below), thus their servers do not respond to queries anymore.

http://vamsoft.com/company/news/fiveten-dns-blacklist-operates-no-longer
http://vamsoft.com/company/news/action-required-blackholes-us-shutdown
http://vamsoft.com/company/news/dsbl-shutdown

To avoid further complications, you should remove the obsolete DNSBLs from the Blackists > DNS Blacklists page of the ORF Administration Tool and update the DNSBL definitions in ORF as described in the following article: http://vamsoft.com/support/docs/knowledge-base/update-dnsbl-surbl

If you want to be notified whenever a DNSBL goes down or a new DNSBL definition is released, I would suggest signing up to our newsletter: Mark the "Product Updates and Major Announcements" checkbox enabled under the "News & Notifications" section on your Profile page: http://vamsoft.com/client-portal/my-profile. However, the latest news are always displayed in the "News" section on the connection startup screen of the ORF Administration Tool as well.

by Daniel Novak (Vamsoft) 2 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2