logo
home
datafeed
about
usage
mirrors
rss feeds
help us
links
contact
faq

 

DNS Query Refused

If you have reached this page because:

  • your email bounced with a "Query Refused" message
  • you received a TXT record response of "Query Refused. See http...
  • you received an A record response of 127.0.0.1
  • spamassassin is firing the URIBL_BLOCKED rule

Read below for more information...

"Query Refused" Explained


URIBL provides public lookups over DNS for low volume usage. If you spam check a large amount of email, or you use a shared DNS platform for resolution, you may receive a response saying the query was refused. That said, Public DNS providers such as OpenDNS or Google Public DNS are effected due to the high volume of queries they generate, as are many other internet service providers (ISP) that use caching nameservers for their customer base.

If you are unsure which DNS server is being blocked, a blocked TXT query from the effected device will indicate the IP address of the nameserver that is being blocked:

Linux:

$ host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See https://uribl.com/refused.shtml for more information [Your DNS IP: 1.2.3.4]"

Windows:

c:\> nslookup -q=txt 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com text = 

      "127.0.0.1 -> Query Refused. See https://uribl.com/refused.shtml for more information [Your DNS IP: 1.2.3.4]"

Email Rejected?

If an email you sent bounced, and included a link to this page, then it was rejected because the receiver has not implemented URIBL lookups correctly. URIBL uses bitmask responses to indicate a domain being listed. Our Implementation guidelines provide the bitmask responses. All queries that we refuse, we return a 127.0.0.1 response to, as bit 0x1 is not used for domain classification. SpamAssassin supports the 0x1 bitmask response, and provides a URIBL_BLOCKED rule which will fire if the query was refused by URIBL.

If you send a query to "black.uribl.com" and we deliver a 127.0.0.1 response back to that query, that is not a positive listing. Only 127.0.0.2 responses indicate a listing on black.uribl.com. Really you should be using multi.uribl.com for resolution, and doing proper bitmask checking. If your software does not support bitmask checking of the 4th octet, contact your software vendor, or stop using URIBL completely.


Low Volume Workaround?

If you are low volume user, you have a few options. Possibly changing your nameservers from a public dns provider (ie opendns/google) to your local ISP may solve it. If your local ISP is also effected because they are very large (ie cox/att/comcast/etc), you may need to use your own recursive DNS solution. If your company has DNS servers, point to them for resolution. Alternatively, you could setup a caching nameserver on the loopback of the machine doing the spam checking, and point the DNS to localhost.


Reducing Query Volume

If you use Spamassassin to scan your email, you can reduce query volume by applying uri skip lists. For example, you could skip sending queries for commonly seen domains that will not be blacklisted, such as

uridnsbl_skip_domain googleapis.com goo.gl googlegroups.com docs.google.com
uridnsbl_skip_domain youtu.be linkedin.com fbcdn.net licdn.com twimg.com redbox.com
uridnsbl_skip_domain amazon.ca amazonses.com amazonaws.com ssl-images-amazon.com images-amazon.com media-amazon.com
uridnsbl_skip_domain instagram.com pinterest.com pinimg.com facebookmail.com yahoodns.net tumblr.com
uridnsbl_skip_domain groupon.com grouponcdn.com office365.com booking.com
You should also consider adding uri skips on your company domains. Especially if your mail clients append footers with your company url in each email. Because our DNS cache TTL is so low, each email containing your company domain could generate one or more queries.
uridnsbl_skip_domain mydomain.com mydomain.net mydomain.org
With Datafeed over DNS service, we can also help you identify which domains are queried the most often and help you elimiate those queries to reduce your query volumes and costs. Contact dnsadmin@uribl.com for assistance.


Datafeed Service

For those that have no solution for the DNS workarounds listed above, we provide commercial Datafeed Service.


Contact Us?

If you need more information regarding this issue, please contact the URIBL DNS Admin