On 2022-12-28 at 12:55:20 UTC-0500 (Wed, 28 Dec 2022 12:55:20 -0500)
John Stimson via users <j...@idsfa.net>
is rumored to have said:
[...]
On 2022/12/28 15:07:31 Bill Cole wrote:
Perhaps your DNS resolution is to blame. Are you using a local
recursive
resolver that does no forwarding?
The machine has bind9 running locally to provide DNS for its own
domain, and uses it for name resolution. Bind9 is configured to use
OpenDNS and Google as forwarders.
That's unfit for use with SA or anything else that uses DNSBLs. Many
DNSBLs intentionally do not provide useful service to the free open
resolvers. In the past some free DNS providers have also done things
that are harmful for mail servers, such as replacing NXDOMAIN replies
with default A responses. (I don't know if OpenDNS or Google is doing
that by default now.)
There's not really much gained by forwarding for a mail server, because
a local DNS cache will be MUCH faster on hits and will be fed by what
your mail server asks for, rather than by random other people browsing
the web.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
