IP and Domain
Reputation Checker
1

Is a private DNS server required in order to use Spamhaus DNSBLs? DQS or Rsync?

Back

Is a private DNS server required in order to use Spamhaus DNSBLs? DQS or Rsync?

Using a private DNS resolver is not necessary, but it is worth considering.

NOTE: There can be issues with using some consumer oriented ISPs, and many “open” or “public” DNS services.

  • Some of them use NXDOMAIN hijacking to monetize null DNS answers as explained in this FAQ
  • Other public DNS servers are blocked from querying Spamhaus data; see this FAQ

Some public DNS providers provide non-hijacked responses for known DNSBL zones like Spamhaus, but such servers can be risky to use to answer DNSBL queries.

Spamhaus DNSBL data can be accessed and used through the global Domain Name System (DNS).

  • DNS traffic itself carries the questions and answers regarding the (DNSBL listed/not-listed) status of IP addresses and domains;
  • Normally one or more DNS servers (typically two) are configured in an operating system.
    • Those are the IP addresses of the servers that will negotiate all the DNS requests made by your applications, and therefore those DNS servers will be the vehicle for your Spamhaus DNSBL requests, too.

There are several ways to access Spamhaus DNSBL data:

  • For many small, low-volume users’ mail servers, Spamhaus data is available free of charge via our own global network of mirrors.
    • These low-volume mail servers issue a DNS query via the locally specified DNS server.
      • that DNS server could be operated locally on the same computer,
      • on the same network as the mail server,
      • operated by a hosting ISP or other outsourced DNS provider,
      • or it could be an “open” or “public” DNS server that answers anyone who queries it.

For higher-volume clients which exceed a query volume threshold, our expectation is that they use either

  • The Spamhaus Datafeed Query Service (DQS).
    • DQS queries work just like small-user queries, via whatever DNS server is configured in the operating system.

or

  • The Spamhaus Datafeed Rsync Service
    • This delivers the DNSBL zone data to their own local DNS server,
    • in order to utilize Datafeed Rsync, users must run a local DNS server which receives and stores Spamhaus data, and answers their queries.

Most ISPs, hosting and DNS service providers are very careful about providing highly accurate DNS results. As long as legitimate DNS servers are used, our DNSBL zones will provide accurate answers and mail filtering will work correctly.

For additional information please see this related article on Spamhaus Technology’s blog.

Back