Hi,
I am trying to setup the DNS Blacklist checking. What will happen if the DNSBL site I specified does not work, e.g. downed?
Will my Domino server accept all mails, or reject all mails? Any written information about this?
Million Thanks!
Eric
Subject: What is the DNSBL Site does not work?
Depends on why the DNSBL is down.
If the DNSBL in question is under a DDoS attack, then it is possible that DNS queries to it may take a long time or time out. In that case (I have never seen this, so don’t know for sure), you might end up bouncing mail with a 4xx error code (transient failure) and the inbound message would be re-queued and try again later.
If it is stone cold dead, then DNS queries to it would fail very quickly and this would look just the same as querying a live DNSBL site and finding a host not listed there - that is mail would be accepted quickly.
In at least one case that I know of (remember ORBZ?), the DNSBL was taken down by its maintainer as a result of legal threats but many users continued to query the zones. The maintainer’s solution to that problem was to list all of IPv4 in the zones for that DNSBL so that sites continuing to query them started to block all email. This provided an incentive for users to stop querying the dead DNSBL.
[And of course the good folks that brought us ORBZ reinvented themselves as the DSBL which is now one of the very best lists to query for insecure relays, proxies and formmail.]
HTH
Chris Linfoot