This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

DNS Security Service interfering with SPAM filter

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DNS Security Service interfering with SPAM filter

Go to solution
khsieh
L2 Linker

‎10-06-2021 04:12 PM

I have the DNS Security Service and it is set to sinkhole various malicious domains, including newly registered ones. The problem is that our on-premise spam filter tries to do lookups against the sending domain when we receive email, and I believe that the lookups for the MX records and maybe TXT records, etc. My anti-Spyware policy is set to sinkhole newly registered domains. We found that all DNS lookups against the sending domain were returning zero results. Kind of like the action is block instead of sinkhole.

 

The result is that my span filter was really slowing down waiting for DNS results that wouldn't ever arrive. This was slowing down normal mail delivery by hours.

 

Obviously I don't want to disable DNS Security completely. I am also having problems sending email to some domains that are showing as parked, etc. We have put those domains in as exceptions.

 

Is there a way to minimize impact of DNS Security on mail operations? I have a ticket open with support, and they're saying that the service is working properly (I never said it wasn't). This is a bit more of a design type question. For example, can I allow TXT and MX record lookups while sinkhole for other A records?

 

The only other think I can think of is to set my spam filter to use different DNS servers, and to set the DNS Security policy for that specific DNS traffic to alert only.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite

‎10-12-2021 12:51 PM

Hello,

Create a custom policy that allows that IP of the SPAM filter to go out to the internet and not get sinkholed.

 

Regards,

View solution in original post

0 Likes Likes
1 REPLY 1

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite

‎10-12-2021 12:51 PM

Hello,

Create a custom policy that allows that IP of the SPAM filter to go out to the internet and not get sinkholed.

 

Regards,

0 Likes Likes
  • 1 accepted solution
  • 3059 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks