On Thu, 18 May 2017, Robert Kudyba wrote:
Am 18.05.2017 um 22:30 schrieb Reindl Harald:
"with working dnsmasq" says all - DNSMASQ DON'T DO RECURSION - IT CAN#T
you are forwarding to some other nameserver and you are not the only one
But the nameserver I’m forwarding to is in our university.
/etc/resolv.dnsmasq
search subdomain.ourschool.edu ourschool.edu
nameserver 150.108.x.yy
nameserver 150.108.y.xx
seriously - what do you think happens?
you and everybody else on planet earth using 150.xx.xx.xx are coming with the
same IP to the DNSBL/URIBL hosts
Isn’t the point of enabling dnsmasq to cache DNS calls? I’m just
following the instructions at
https://wiki.apache.org/spamassassin/CachingNameserver#Installing_dnsmasq_as_a_Caching_Nameserver
which BTW has a broken link to instructions.
I think this part of the wiki page may not be stressed stongly enough:
Non-forwarding
If you have a large ISP or are using large public DNS provider(s) it is
recommended you not forward mail-related DNS traffic through their DNS
servers (though non-mail DNS traffic from your site shouldn't have
problems.) With bind, this means not having any "forwarders" listed. Or,
at a minimum, you could create exemptions by defining empty forwarders for
DNSBL zones, like this:
/* Disable forwarding for DNSBL queries */
zone "multi.uribl.com" { type forward; forward first; forwarders {}; };
zone "dnsbl.sorbs.net" { type forward; forward first; forwarders {}; };
zone "combined.njabl.org" { type forward; forward first; forwarders {}; };
zone "activationcode.r.mail-abuse.com" { type forward; forward first;
forwarders {}; };
zone "nonconfirm.mail-abuse.com" { type forward; forward first; forwarders {};
};
zone "iadb.isipp.com" { type forward; forward first; forwarders {}; };
zone "bl.spamcop.net" { type forward; forward first; forwarders {}; };
zone "fulldom.rfc-ignorant.org" { type forward; forward first; forwarders {}; };
zone "list.dnswl.org" { type forward; forward first; forwarders {}; };
zone "blackholes.mail-abuse.org" { type forward; forward first; forwarders {};
};
zone "bl.score.senderscore.com" { type forward; forward first; forwarders {}; };
zone "zen.spamhaus.org" { type forward; forward first; forwarders {}; };
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If you are "fighting for social justice," then you are defining
yourself as someone who considers regular old everyday
*equal* justice to be something you don't want. -- GOF at TSM
-----------------------------------------------------------------------
49 days since the first commercial re-flight of an orbital booster (SpaceX)
