Overview
Problems with the DNS server settings usually manifest through slow processing of emails and a decreased spam filtering rate with users complaining that they are experiencing lots of missed spam email.
This article describes the spam filtering modules that depend on DNS lookups and a procedure to verify that DNS lookups are working properly.
Introduction
Domain Name System (DNS) settings are very important in MailEssentials since a number of anti-spam filters, such as IP DNS Blocklist, URI DNS Blocklist and SpamRazer, perform domain name lookups when filtering spam. For optimal performance of these filters and MailEssentials as a whole, it is critical to have fast and reliable DNS lookups.
The next section provides information on how to troubleshoot DNS by using the nslookup Windows utility and how to confirm successful DNS connectivity from the MailEssentials Configuration UI.
Description
MailEssentials has a number of modules that make use of DNS to check for SPAM emails. Some of these features try to resolve a hostname by retrieving the A record for the domain (using the GetHostByName function), while others will request a particular type of record for a domain. Below are the DNS features in MailEssentials, and the technology that each uses.
DNSBL |
Retrieve A record for a domain made up of IP address from Received lines in email header and DNSBL |
SPF |
Retrieve TXT record of the sender’s domain |
SURBL |
Retrieve A record of a domain made up of URL and SURBL |
Verify Sender domain |
Retrieve A record of the sender’s domain |
The features that query for an A record can be checked by performing retrieving the A record for the domain using nslookup.
Nslookup can also be used to request other types of DNS records, such as MX or TXT records.
The following is a short explanation on how to use nslookup:
- Open Command Prompt
- Type ‘nslookup’ and press Enter
- The query type is for A records when no parameters are specified. Other query types can also be specified. For example, to request TXT records, you need to write
set type=txt
orset q=txt
- Type the domain that you would like to query (e.g. amazon.com)
- When the domain does not exist, you will get a ‘Non-existent domain’ in the response
- When the domain exists, the way the result is displayed will depend on the type of DNS record requested
- For A records, one or more IP addresses may be returned
- For SPF records, the result would be similar to
"v=spf1 ip4:207.171.160.0/19 -all"
If the result does not contain any text that starts with “v=spf”, no SPF record exists for the domain, or there is a problem retrieving the SPF record for the specific domain.
In the case of SURBL and DNSBL queries, the domain names used in the query are constructed by MailEssentials. For example, when SURBL is checking the URL www.gfi.com with multi.surbl.com, the following domain name is constructed:
www.gfi.com.multi.surbl.com
Nslookup can be used to check and retrieve the A record of such domains.
SPF uses a local DNS cache. If DNS record is configured with proper TTL there should not be a problem. However, if entries in cache have huge TTL they have to be flushed manually by invoking ipconfig /flushdns
to mitigate the possibility of making DNS queries from a stale cache.
An administrator can configure and test DNS connectivity by following this procedure:
- From the GFI MailEssentials Configuration, go to Anti-Spam > Anti-Spam Settings.
- From the DNS Server tab click on Test DNS Server button
- If connectivity to the DNS is successfully established, the above notification will be displayed. If unsuccessful, you should specify another DNS server.
- Note: Usage of Google DNS is known to cause slow processing of emails and a decreased spam catching rate. It is recommended to NOT use Google DNS (IPv4
8.8.8.8
or8.8.4.4
or IPv62001:4860:4860::8888
or2001:4860:4860::8844
).
- Note: Usage of Google DNS is known to cause slow processing of emails and a decreased spam catching rate. It is recommended to NOT use Google DNS (IPv4