How do I check my DNS server results?
How do I check my DNS server results?
A quick way to check that Spamhaus DNSBL responses are correct:
- Command-line DNS queries for a target known to be
-
- listed in a Spamhaus zone (127.0.0.2)
and
- A target known to be not listed (127.0.0.1)
- A query for a “listed” object must answer with a correct return code; for Spamhaus that would be one or more of our 127.* responses.
- Queries for “not_listed” objects must always return NXDOMAIN for mail filtering to work properly. For example:
-
- The command “$ host 2.0.0.127.zen.spamhaus.org DNS.server” provides similar results.
- In Windows, try “C:\>nslookup 2.0.0.127.zen.spamhaus.org”.
NOTE:
It is critical to check for correct results for both ‘listed’ and ‘not listed’ queries. In either case, the italicized DNS.server in the above example represents the hostname or IP address of the DNS server you wish to query.
If the @DNS.server is not included on the command line query, the query will be handled by the DNS server configured in the local computer’s OS. That is the server most people wish to check.
Checking our DBL zone uses similar DNS queries; see this DBL FAQ for details.
ADDITIONAL CHECKS
To confirm that the mail server will provide the correct results for delivery error messages, it is also valuable to check the TXT record of ‘2.0.0.127.zen.spamhaus.org’ with ‘dig’ or ‘host’:
- To find which DNS server(s) a unix, linux or OSX computer is using, run this command on the machine in question: “$ cat /etc/resolv.conf”.
- In Windows, the DNS servers are configured under “Control Panel/Network and Internet”.