Exchange 2003, Google DNS, and IMF Connection Filtering RBL Failures
|
From: Kerry Brown on 27 Dec 2009 13:14 If a user mistypes an email address they'll get a cryptic NDR which usually generates a support call. If the mail server gets a NXDOMAIN reply when looking up the target mail server the user will get a NDR that is much easier for them to figure out. Never seeing an NXDOMAIN response can cause some other problems but that's the most common. It can make troubleshooting name resolution problems very hard unless you realise what's going on and temporarily setup a different forwarder. I'm not against using OpenDNS, just pointing out some potential side effects. OpenDNS is an opt in product. What's really bad is when your ISP does DNS injection without telling you. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ "Russ SBITS.Biz [SBS-MVP]" <russ(a)REMOVETHIS.sbits.biz> wrote in message news:C837762B-A1FA-4205-97BC-49DD73059B30(a)microsoft.com... > If the domain doesn't exist? NXDOMAIN? > I really don't care about NDR's > > I'm more in love with the Blocking of "BAD" Sites > For FREE! > Clients love this... :) > Russ > > -- > > Russell Grover - SBITS.Biz [SBS-MVP] > Microsoft Gold Certified Partner > Microsoft Certified Small Business Specialist > World Wide 24hr SBS Remote Support - http://www.SBITS.Biz > 30% OFF Microsoft Online Services - > http://www.microsoft-online-services.com/ > > > > "Kerry Brown" <kerry(a)kdbNOSPAMsys-tems.c*a*m> wrote in message > news:O27j4JrhKHA.1456(a)TK2MSFTNGP06.phx.gbl... >> Yes, but it can cause some weird Exchange NDRs because it never returns >> NXDOMAIN. >> >> -- >> Kerry Brown >> MS-MVP - Windows Desktop Experience: Systems Administration >> http://www.vistahelp.ca/phpBB2/ >> >> >> "Russ SBITS.Biz [SBS-MVP]" <russ(a)REMOVETHIS.sbits.biz> wrote in message >> news:4754ABCD-5178-4E32-9D1E-B200707AEF16(a)microsoft.com... >>> Another reason why I think OPENDNS.com ROCKS :) >>> Free and "WORKS" :) >>> Russ >>> >>> -- >>> >>> Russell Grover - SBITS.Biz [SBS-MVP] >>> Microsoft Gold Certified Partner >>> Microsoft Certified Small Business Specialist >>> World Wide 24hr SBS Remote Support - http://www.SBITS.Biz >>> 30% OFF Microsoft Online Services - >>> http://www.microsoft-online-services.com/ >>> >>> >>> >>> "Ace Fekay [MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message >>> news:u32BfnchKHA.5568(a)TK2MSFTNGP02.phx.gbl... >>>> "Chucko" <chucko(a)myrealbox.com> wrote in message >>>> news:%239v7seahKHA.5380(a)TK2MSFTNGP06.phx.gbl... >>>>> Yes, as it turns out, the folks at Spamhaus are aware of the problem. >>>>> >>>>> From their FAQ: >>>>> >>>>> Your DNSBL blocks nothing at all! >>>>> >>>>> Check what DNS resolvers you are using: If you are using a free "open >>>>> DNS resolver" service such as Google Public DNS or Level3's public DNS >>>>> servers to resolve your DNSBL requests, in most cases you will receive >>>>> a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL servers. >>>>> Please use your own DNS servers when doing DNSBL queries to Spamhaus. >>>>> >>>> >>>> Thank you for posting this info. I hope it helps others when they >>>> search for this issue. >>>> >>>> :-) >>>> >>>> Acee >>>> >>>> >>>>
From: Kerry Brown on 27 Dec 2009 13:14 Thanks, I didn't know that. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ "Chucko" <chucko(a)myrealbox.com> wrote in message news:utHdD0xhKHA.1824(a)TK2MSFTNGP04.phx.gbl... > I believe this behavior is configurable. You just have to turn off their > "SmartCache", under Dashboard, (select your network), Settings, Advanced > Settings. > > Once you turn it off, you'll see NXDOMAIN when appropriate. > > "Kerry Brown" <kerry(a)kdbNOSPAMsys-tems.c*a*m> wrote in message > news:O27j4JrhKHA.1456(a)TK2MSFTNGP06.phx.gbl... >> Yes, but it can cause some weird Exchange NDRs because it never returns >> NXDOMAIN. >> >> -- >> Kerry Brown >> MS-MVP - Windows Desktop Experience: Systems Administration >> http://www.vistahelp.ca/phpBB2/ >> >> >> "Russ SBITS.Biz [SBS-MVP]" <russ(a)REMOVETHIS.sbits.biz> wrote in message >> news:4754ABCD-5178-4E32-9D1E-B200707AEF16(a)microsoft.com... >>> Another reason why I think OPENDNS.com ROCKS :) >>> Free and "WORKS" :) >>> Russ >>> >>> -- >>> >>> Russell Grover - SBITS.Biz [SBS-MVP] >>> Microsoft Gold Certified Partner >>> Microsoft Certified Small Business Specialist >>> World Wide 24hr SBS Remote Support - http://www.SBITS.Biz >>> 30% OFF Microsoft Online Services - >>> http://www.microsoft-online-services.com/ >>> >>> >>> >>> "Ace Fekay [MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message >>> news:u32BfnchKHA.5568(a)TK2MSFTNGP02.phx.gbl... >>>> "Chucko" <chucko(a)myrealbox.com> wrote in message >>>> news:%239v7seahKHA.5380(a)TK2MSFTNGP06.phx.gbl... >>>>> Yes, as it turns out, the folks at Spamhaus are aware of the problem. >>>>> >>>>> From their FAQ: >>>>> >>>>> Your DNSBL blocks nothing at all! >>>>> >>>>> Check what DNS resolvers you are using: If you are using a free "open >>>>> DNS resolver" service such as Google Public DNS or Level3's public DNS >>>>> servers to resolve your DNSBL requests, in most cases you will receive >>>>> a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL servers. >>>>> Please use your own DNS servers when doing DNSBL queries to Spamhaus. >>>>> >>>> >>>> Thank you for posting this info. I hope it helps others when they >>>> search for this issue. >>>> >>>> :-) >>>> >>>> Acee >>>> >>>> >>>> > >
From: Chucko on 27 Dec 2009 14:02 I've had great luck using Open DNS for my clients. I have most of them added as networks under a single account so with one login I can administer and view stats. Additionally, the Open DNS system will even monitor the networks and provide me with a warning if a PC on one of those networks appears to be infected with malware (they can tell by the DNS requests and where those DNS requests are directed). Pretty good stuff, and priced reasonably. "Kerry Brown" <kerry(a)kdbNOSPAMsys-tems.c*a*m> wrote in message news:%233551ByhKHA.4872(a)TK2MSFTNGP05.phx.gbl... > Thanks, I didn't know that. > > -- > Kerry Brown > MS-MVP - Windows Desktop Experience: Systems Administration > http://www.vistahelp.ca/phpBB2/ > > > > > "Chucko" <chucko(a)myrealbox.com> wrote in message > news:utHdD0xhKHA.1824(a)TK2MSFTNGP04.phx.gbl... >> I believe this behavior is configurable. You just have to turn off their >> "SmartCache", under Dashboard, (select your network), Settings, Advanced >> Settings. >> >> Once you turn it off, you'll see NXDOMAIN when appropriate. >> >> "Kerry Brown" <kerry(a)kdbNOSPAMsys-tems.c*a*m> wrote in message >> news:O27j4JrhKHA.1456(a)TK2MSFTNGP06.phx.gbl... >>> Yes, but it can cause some weird Exchange NDRs because it never returns >>> NXDOMAIN. >>> >>> -- >>> Kerry Brown >>> MS-MVP - Windows Desktop Experience: Systems Administration >>> http://www.vistahelp.ca/phpBB2/ >>> >>> >>> "Russ SBITS.Biz [SBS-MVP]" <russ(a)REMOVETHIS.sbits.biz> wrote in message >>> news:4754ABCD-5178-4E32-9D1E-B200707AEF16(a)microsoft.com... >>>> Another reason why I think OPENDNS.com ROCKS :) >>>> Free and "WORKS" :) >>>> Russ >>>> >>>> -- >>>> >>>> Russell Grover - SBITS.Biz [SBS-MVP] >>>> Microsoft Gold Certified Partner >>>> Microsoft Certified Small Business Specialist >>>> World Wide 24hr SBS Remote Support - http://www.SBITS.Biz >>>> 30% OFF Microsoft Online Services - >>>> http://www.microsoft-online-services.com/ >>>> >>>> >>>> >>>> "Ace Fekay [MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message >>>> news:u32BfnchKHA.5568(a)TK2MSFTNGP02.phx.gbl... >>>>> "Chucko" <chucko(a)myrealbox.com> wrote in message >>>>> news:%239v7seahKHA.5380(a)TK2MSFTNGP06.phx.gbl... >>>>>> Yes, as it turns out, the folks at Spamhaus are aware of the problem. >>>>>> >>>>>> From their FAQ: >>>>>> >>>>>> Your DNSBL blocks nothing at all! >>>>>> >>>>>> Check what DNS resolvers you are using: If you are using a free "open >>>>>> DNS resolver" service such as Google Public DNS or Level3's public >>>>>> DNS servers to resolve your DNSBL requests, in most cases you will >>>>>> receive a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL >>>>>> servers. Please use your own DNS servers when doing DNSBL queries to >>>>>> Spamhaus. >>>>>> >>>>> >>>>> Thank you for posting this info. I hope it helps others when they >>>>> search for this issue. >>>>> >>>>> :-) >>>>> >>>>> Acee >>>>> >>>>> >>>>> >> >>
From: Russ SBITS.Biz [SBS-MVP] on 27 Dec 2009 18:23 Price? it's free for the basics :) -- Russell Grover - SBITS.Biz [SBS-MVP] Microsoft Gold Certified Partner Microsoft Certified Small Business Specialist World Wide 24hr SBS Remote Support - http://www.SBITS.Biz 30% OFF Microsoft Online Services - http://www.microsoft-online-services.com/ "Chucko" <chucko(a)myrealbox.com> wrote in message news:OelmscyhKHA.1540(a)TK2MSFTNGP06.phx.gbl... > I've had great luck using Open DNS for my clients. > > I have most of them added as networks under a single account so with one > login I can administer and view stats. > > Additionally, the Open DNS system will even monitor the networks and > provide me with a warning if a PC on one of those networks appears to be > infected with malware (they can tell by the DNS requests and where those > DNS requests are directed). > > Pretty good stuff, and priced reasonably. > > "Kerry Brown" <kerry(a)kdbNOSPAMsys-tems.c*a*m> wrote in message > news:%233551ByhKHA.4872(a)TK2MSFTNGP05.phx.gbl... >> Thanks, I didn't know that. >> >> -- >> Kerry Brown >> MS-MVP - Windows Desktop Experience: Systems Administration >> http://www.vistahelp.ca/phpBB2/ >> >> >> >> >> "Chucko" <chucko(a)myrealbox.com> wrote in message >> news:utHdD0xhKHA.1824(a)TK2MSFTNGP04.phx.gbl... >>> I believe this behavior is configurable. You just have to turn off >>> their "SmartCache", under Dashboard, (select your network), Settings, >>> Advanced Settings. >>> >>> Once you turn it off, you'll see NXDOMAIN when appropriate. >>> >>> "Kerry Brown" <kerry(a)kdbNOSPAMsys-tems.c*a*m> wrote in message >>> news:O27j4JrhKHA.1456(a)TK2MSFTNGP06.phx.gbl... >>>> Yes, but it can cause some weird Exchange NDRs because it never returns >>>> NXDOMAIN. >>>> >>>> -- >>>> Kerry Brown >>>> MS-MVP - Windows Desktop Experience: Systems Administration >>>> http://www.vistahelp.ca/phpBB2/ >>>> >>>> >>>> "Russ SBITS.Biz [SBS-MVP]" <russ(a)REMOVETHIS.sbits.biz> wrote in message >>>> news:4754ABCD-5178-4E32-9D1E-B200707AEF16(a)microsoft.com... >>>>> Another reason why I think OPENDNS.com ROCKS :) >>>>> Free and "WORKS" :) >>>>> Russ >>>>> >>>>> -- >>>>> >>>>> Russell Grover - SBITS.Biz [SBS-MVP] >>>>> Microsoft Gold Certified Partner >>>>> Microsoft Certified Small Business Specialist >>>>> World Wide 24hr SBS Remote Support - http://www.SBITS.Biz >>>>> 30% OFF Microsoft Online Services - >>>>> http://www.microsoft-online-services.com/ >>>>> >>>>> >>>>> >>>>> "Ace Fekay [MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message >>>>> news:u32BfnchKHA.5568(a)TK2MSFTNGP02.phx.gbl... >>>>>> "Chucko" <chucko(a)myrealbox.com> wrote in message >>>>>> news:%239v7seahKHA.5380(a)TK2MSFTNGP06.phx.gbl... >>>>>>> Yes, as it turns out, the folks at Spamhaus are aware of the >>>>>>> problem. >>>>>>> >>>>>>> From their FAQ: >>>>>>> >>>>>>> Your DNSBL blocks nothing at all! >>>>>>> >>>>>>> Check what DNS resolvers you are using: If you are using a free >>>>>>> "open DNS resolver" service such as Google Public DNS or Level3's >>>>>>> public DNS servers to resolve your DNSBL requests, in most cases you >>>>>>> will receive a "not listed" (NXDOMAIN) reply from Spamhaus' public >>>>>>> DNSBL servers. Please use your own DNS servers when doing DNSBL >>>>>>> queries to Spamhaus. >>>>>>> >>>>>> >>>>>> Thank you for posting this info. I hope it helps others when they >>>>>> search for this issue. >>>>>> >>>>>> :-) >>>>>> >>>>>> Acee >>>>>> >>>>>> >>>>>> >>> >>> > >
From: Kerry Brown on 27 Dec 2009 18:37
Here's a link that talks about DNS injection and NXDOMAIN. http://www.circleid.com/posts/nxdomain_substitution_good_or_evil/ Again, OpenDNS does this but it can be turned off and OpenDNS is an opt in service. It is important to be aware of of the consequences of DNS injection but in the case of OpenDNS it may be justified. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ "Kerry Brown" <kerry(a)kdbNOSPAMsys-tems.c*a*m> wrote in message news:eHhFiByhKHA.2780(a)TK2MSFTNGP05.phx.gbl... > If a user mistypes an email address they'll get a cryptic NDR which > usually generates a support call. If the mail server gets a NXDOMAIN reply > when looking up the target mail server the user will get a NDR that is > much easier for them to figure out. Never seeing an NXDOMAIN response can > cause some other problems but that's the most common. It can make > troubleshooting name resolution problems very hard unless you realise > what's going on and temporarily setup a different forwarder. > > I'm not against using OpenDNS, just pointing out some potential side > effects. OpenDNS is an opt in product. What's really bad is when your ISP > does DNS injection without telling you. > > -- > Kerry Brown > MS-MVP - Windows Desktop Experience: Systems Administration > http://www.vistahelp.ca/phpBB2/ > > > "Russ SBITS.Biz [SBS-MVP]" <russ(a)REMOVETHIS.sbits.biz> wrote in message > news:C837762B-A1FA-4205-97BC-49DD73059B30(a)microsoft.com... >> If the domain doesn't exist? NXDOMAIN? >> I really don't care about NDR's >> >> I'm more in love with the Blocking of "BAD" Sites >> For FREE! >> Clients love this... :) >> Russ >> >> -- >> >> Russell Grover - SBITS.Biz [SBS-MVP] >> Microsoft Gold Certified Partner >> Microsoft Certified Small Business Specialist >> World Wide 24hr SBS Remote Support - http://www.SBITS.Biz >> 30% OFF Microsoft Online Services - >> http://www.microsoft-online-services.com/ >> >> >> >> "Kerry Brown" <kerry(a)kdbNOSPAMsys-tems.c*a*m> wrote in message >> news:O27j4JrhKHA.1456(a)TK2MSFTNGP06.phx.gbl... >>> Yes, but it can cause some weird Exchange NDRs because it never returns >>> NXDOMAIN. >>> >>> -- >>> Kerry Brown >>> MS-MVP - Windows Desktop Experience: Systems Administration >>> http://www.vistahelp.ca/phpBB2/ >>> >>> >>> "Russ SBITS.Biz [SBS-MVP]" <russ(a)REMOVETHIS.sbits.biz> wrote in message >>> news:4754ABCD-5178-4E32-9D1E-B200707AEF16(a)microsoft.com... >>>> Another reason why I think OPENDNS.com ROCKS :) >>>> Free and "WORKS" :) >>>> Russ >>>> >>>> -- >>>> >>>> Russell Grover - SBITS.Biz [SBS-MVP] >>>> Microsoft Gold Certified Partner >>>> Microsoft Certified Small Business Specialist >>>> World Wide 24hr SBS Remote Support - http://www.SBITS.Biz >>>> 30% OFF Microsoft Online Services - >>>> http://www.microsoft-online-services.com/ >>>> >>>> >>>> >>>> "Ace Fekay [MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message >>>> news:u32BfnchKHA.5568(a)TK2MSFTNGP02.phx.gbl... >>>>> "Chucko" <chucko(a)myrealbox.com> wrote in message >>>>> news:%239v7seahKHA.5380(a)TK2MSFTNGP06.phx.gbl... >>>>>> Yes, as it turns out, the folks at Spamhaus are aware of the problem. >>>>>> >>>>>> From their FAQ: >>>>>> >>>>>> Your DNSBL blocks nothing at all! >>>>>> >>>>>> Check what DNS resolvers you are using: If you are using a free "open >>>>>> DNS resolver" service such as Google Public DNS or Level3's public >>>>>> DNS servers to resolve your DNSBL requests, in most cases you will >>>>>> receive a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL >>>>>> servers. Please use your own DNS servers when doing DNSBL queries to >>>>>> Spamhaus. >>>>>> >>>>> >>>>> Thank you for posting this info. I hope it helps others when they >>>>> search for this issue. >>>>> >>>>> :-) >>>>> >>>>> Acee >>>>> >>>>> >>>>> |