DNS Blacklists queries, return null records or don't match a given ip when a web search does.
More in detail
If you run your own mail server chances are that use DNS Blacklists to prevent Spam from reaching your users inbox.
Even thought its not 100% accurate, DNS Blacklists can help you reduce substantially the amount of Spam that reaches your server, its probably, the most efficient way out there.
DNSBl's are very easy to configure on your mail server and they use a query based on the DNS system, which consumes very little bandwidth and server resources.
However DNSBl's are usually made available for free from entities or companies around the world, and 90% of the times, these companies impose usage limits on the amount of queries you can make against their servers.
So if you are a service provider that easily makes over 10 000 queries a day, free solutions are not the way to go, you are required to purchase and register one of their plans.
Even tough its not recommended in a production environment, chances are that your server machine is configured to use one of the many available free DNS server's such as google (22.214.171.124 or 126.96.36.199) for name resolution, the issue starts when your mail server queries the blacklist via the DNS your system has configured, in this case, the google servers. As you can imagine google serves millions of requests and easily their servers get listed on the DNSBl's ban list.
This means that whenever your system tries to query the DNSBl via the google DNS its gets a null or un-existing domain response.
Take for instance this hMailServer log entry as an example:
"TCPIP" 4564 "2016-11-21 18:25:04.219" "DNS query failure. Query: xx.xx.xx.xx.dnsbl.sorbs.net, Type: A/AAAA, DnsQuery return value: 11004. Message: The requested name is valid, but no data of the requested type was found" "TCPIP" 4564 "2016-11-21 18:25:04.219" "DNS lookup: xx.xx.xx.xx.dnsbl.sorbs.net, 0 addresses found: (none), Match: False"
This is the typical result of failed query against a blacklist.
The first thing you should check is the DNS configuration in the network connection your server uses to access the internet and evaluate from there.
If you are using google servers or any other third party dns servers to provide name resolution the alternatives are:
#1 - Use your ISP provider DNS server instead.
#2 - Setup and configure your own DNS server (preferable)
If possible, you should install and configure your own DNS server, mainly because you will be bypassing similar issues and you can keep control of your own DNS infrastructure.
DNS in Windows is very easy to install and its definitely worth spending 15 minutes in setting up the role in the server. It will bring you peace of mind in the long run and will query your DNSBL's properly.
Once installed, make sure you setup your connection to use only your local DNS as a name resolution server.
In Windows you can easily test your server configuration by using the NSLookUp command as such:
cmd: nslookup google.com localhost
Once that request succeds, query a DNSBL such as :
cmd: nslookup 188.8.131.52.zen.spamhaus.org localhost
You should now have a succesful lookup query against the DNSBL's