DNS error. orf.bondedsender.org A, protocol: UDP. Server response: DNS server or domain failure (SERVFAIL, RCODE 2) - ORF Forums

@nikolay: A SERVFAIL error indicates that your DNS server at <redacted>.34 was unable to resolve the requested DNS name. Typically, this is due to a DNS timeout error somewhere in the DNS recursion process.

A sporadic SERVFAIL is nothing to worry about; timeouts happen.

If you start to see SERVFAILs or timeouts for a same DNS zone for a long period of time, you might have difficulty reaching one of the DNS servers involved in the process. This may be because the server is down or otherwise unavailable. For DNSBLs and SURBLs, this may also indicate that you have been firewalled (e.g. because your server or your forwarder DNS server violates the free usage limits). Another issue may arise if your DNS server thinks it has public IPv6 connectivity when in reality it has none. For IPv6-enabled zones, this may cause the DNS resolution to be attempted via IPv6, which in turn fails due to lack of true IPv6 connectivity.

If you start seeing SERVFAILs for basically all DNS queries (but those with cached responses), then your server has difficulty reaching the forwarder DNS server or the root DNS servers. This may be caused by any connectivity issues, from the forwarder server being down to firewall configuration issues.

Is any of the above consistent with what you experience?

@doomedwolf: Hello,

Reverse DNS is often unavailable for spamming IP addresses due to non-responding name servers. This is no cause for concern, because ORF will not skip testing the email just because the RDNS test fails. The error containtment policy of ORF for blacklists is to skip the smallest possible part of a test due to an error. For instance, if the IP-based Reverse DNS validation (i.e. PTR check) fails, the rest of the RDNS is still performed and other tests are also carried out on the email.

Hello maxim.klimov,

The DNS Blacklists in the error messages (FIVETEN, BLCKUS-KR, DSBL-TRUST-S) have been retired years ago (see the related news articles form our archive below), thus their servers do not respond to queries anymore.

http://vamsoft.com/company/news/fiveten-dns-blacklist-operates-no-longer
http://vamsoft.com/company/news/action-required-blackholes-us-shutdown
http://vamsoft.com/company/news/dsbl-shutdown

To avoid further complications, you should remove the obsolete DNSBLs from the Blackists > DNS Blacklists page of the ORF Administration Tool and update the DNSBL definitions in ORF as described in the following article: http://vamsoft.com/support/docs/knowledge-base/update-dnsbl-surbl

If you want to be notified whenever a DNSBL goes down or a new DNSBL definition is released, I would suggest signing up to our newsletter: Mark the "Product Updates and Major Announcements" checkbox enabled under the "News & Notifications" section on your Profile page: http://vamsoft.com/client-portal/my-profile. However, the latest news are always displayed in the "News" section on the connection startup screen of the ORF Administration Tool as well.