Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2997
Views
0
Helpful
3
Replies

Why is email not getting an SBRS score "SBRS None"

bechong
Cisco Employee
Cisco Employee

‎07-01-2013 01:58 PM

Hi Folks,

Lots of SPAM is getting through and I noticed in the mail_logs and also in Message Tracking that both legitimate email and SPAM email have no SBRS score. After I changed the configs to point to a public DNS things started to work again. Why is that? My DNS server is resolving things just fine, why would changing the config to point to a public DNS server make things start working again. I am running the latest shipping code and IPAS features are enabled.

Thanks for any input.

Labels:
0 Helpful
3 Replies 3

Valter Da Costa
Cisco Employee
Cisco Employee

‎07-02-2013 08:23 AM

It is possible your DNS servers were not answering fast enough. If you need further check, I recommend opening a support ticket and asking DNS admin to review performance/logs at the DNS servers.

By the way, the use of Internet root DNS servers is not only default but, also, recommended.

Cheers,

-Valter

0 Helpful

mychrislo
Level 1
Level 1
In response to Valter Da Costa

‎07-08-2013 06:00 AM

I wonder this answer is correct or not. I doubt the way "recommended" to set root servers in ironport.

First, the root servers do not answer these queries for anyone, it only handles a handful of 2nd level top domains.

Second, it does come across to me that google dns 8.8.8.8 (or 8.8.4.4) _is_ faster than most small ISP due to DNS Anycast (a closer one is supposed queried) _AND_ much better bandwidth diversity and connectivites from Google. this might be true for individual pc clients, but not always true. e.g. the "network" path to 8.8.8.8 may be long enough or can have many point of failure.

For coporation and bussiness operation, usually private DNS internal view are needed and these needed to be within the perimeter of the corporation.

And due to recent securities concerns, no one want to leak any information (such as DNS queries?) to Google.

0 Helpful

Valter Da Costa
Cisco Employee
Cisco Employee
In response to mychrislo

‎07-08-2013 01:21 PM

Chris,

The recommended setting is to use Internet Root servers. If that represents a risk or a policy vialotion to your company then, of course, you cannot use the recommended setting. This is why the device allows Internal DNS servers to be configure. If your device is experiencing the SBRS none issue and using private DNS servers, then please engage your DNS server admin and our support team.

Regards,

-V

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents