Simple command-line test of your DNSBL resolver
Simple command-line test of your DNSBL resolver
From a command-line prompt on the same server (IP address) as your mail server, enter whichever of these commands matches your operating system:
- “nslookup” for Windows
- “dig” for UNIX and UNIX-like systems
run:
C:/> nslookup 2.0.0.127.zen.spamhaus.org
$ dig 2.0.0.127.zen.spamhaus.org +short
Try the commands a few times to confirm the results stay the same. (Sometimes paths to public DNS resolvers are variable, and the results could differ depending on the path.) The normal results you should see if everything is working are:
127.0.0.4
127.0.0.2
127.0.0.10
If any of the tests return 127.255.255.254 then your queries (and very likely those of the mail server) are being blocked (“ACL’d”) because the DNS resolver being used is an open public resolver. Some mail servers mistakenly reject all mail due to that 127.255.255.* return code. This can be resolved by changing how your mail server queries Spamhaus DNSBLs.
Run this at the command line to find out which resolver is being used:
C:/> nslookup -querytype=txt whoami.fastly.net
$ dig txt whoami.fastly.net
Read more at these pages about open public resolvers or about Spamhaus DNSBL return codes.
Advanced diagnostic:
There is a small possibility that the DNS resolver used by your mail server is different than that used by the command line shell used, resulting in different answers due to this.
The point of this test is to query the same DNS resolvers as those used by your mail server.
If you know what DNS resolver your mail server queries you can put it into those command lines like this, substituting either the hostname or the IP for DNS_resolver:
$ dig @DNS_resolver 2.0.0.127.zen.spamhaus.org +short
C:/> nslookup 2.0.0.127.zen.spamhaus.org DNS_resolver
Back