Page 1 of 1


Posted: 04 Aug 2017 23:20
by BliXem

I'm noticing this:

0.00 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See ... nsbl-block for more information.

I'm using hetzner VPS: ... massassin/

How can I resolve this?


Posted: 05 Aug 2017 07:58
by pdwalker
What DNS server are you using to resolve your DNS?

Does this DNS server forward the requests somewhere, or does it resolve the requests itself?


Posted: 05 Aug 2017 09:56
by BliXem
Don't know for sure:

The server in question is running at Hetzner and seems to be Hetzner’s front-end forwarding DNS server. Since we’re using Hetzner’s default DNS servers as most of their customers, it seems like the result is too many lookups to URIBL and in consequence URIBL blocking lookups from Hetzner’s.

They say this:

Why does my VM have the IP
Or also:
Why does my VM have a different IP from the one shown in the Robot?
Why does my VM have a private IP?
With the CX models the IPv4 address of the virtual server is a private IP, which is configured 1:1 via NAT on the public IP. Currently the private IP is the same for all: The public IP is displayed in the Robot.
Which network configuration must be done?
With an automatic installation, all the necessary changes have already been made for you and you can use the server right away.
With a custom installation, you need to change the network configuration yourself.
Change your network configuration (IPv4) as follows:
Static IP Address:
Default gateway:

So I think it's already done by them. So I need to turn it off via EFA-Configure?
Update: off/on doesn't matter. Same problem.


Posted: 07 Aug 2017 06:27
by pdwalker
Ok, normally the block lists limit the amount of requests per day. If you are using someone else's DNS server, then it is likely that that particular server has already made too many requests, thus the requests are blocked.

Instead, you need to configure EFA to use it's own forwarder to send the requests. Also, I am assuming that you have a fixed ip that is not shared/NAT'ed with other customers.

How do I know if it is working correctly? Simple, by making a request and looking at the results:
using google's public DNS server - fail.

Code: Select all

[root@efa ~]# host -t TXT
Using domain server:
Aliases: descriptive text " -> Query Refused. See for more information [Your DNS IP:]"
using my own DNS server that does its own lookups - success

Code: Select all

[root@efa ~]# host -t TXT
Using domain server:
Aliases: descriptive text "permanent testpoint"
Have you turned on DNS recursion in your EFA settings? That is under IP Settings, DNS Recursion, Enabled


Ah, I see you have a private IP address, not a public one. That means you are sharing a public IP and it is likely that this ip could be making too many requests. You can try enabling the forwarding and run the test again to see if it makes any difference.

Otherwise, I'm afraid your only solutions are
a/ move your host to a place where you can get a public IP
b/ setup your own dns server with a public IP just so your efa instance can query it and use the RBLs.

Good luck!