Re: [IMail Forum] Non Recursion in DNS and effect on IMail

Sun, 02 Jul 2006 05:41:28 -0700 

Len:

It does.

DNS/SelectDNSServer/RightClick/Properties/Advanced/Check Disable Recurion

I ran a www.DNSReport.com report on various servers and got a Red Flag on
this item as my DNS Server did not have Disable Recursion checked, thus
allowing all and sundry to use my DNS server. The idea was to use my DNS
server just for my own domains to reduce DNS traffic and stop third parties
using our DNS server for proxy DOS attacks. See report
(http://www.dnsreport.com/info/opendns.htm)

As soon as I did this, IMail accounts stopped receiving e-mails and received
message "Could not deliver" when sending. The e-mail accounts were all for
domains I was hosting. and I have DNS forwarders identified for domains for
which I am not SOA.

Could you expand your response a bit - I am not a Unix expert. In fact I
fell into providing e-mail services by mistake and now have to manage
thousands of them "on the side", as its not my main business and am not a
network expert.

Ted Daniels

----- Original Message ----- 
From: "Len Conrad" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Sunday, July 02, 2006 4:11 AM
Subject: Re: [IMail Forum] Non Recursion in DNS and effect on IMail


>
> >I recently checked "No Recursion" in Win2K DNS (Advanced Tab) so
> >that my DNS server would act as DNS only for domains for which my
> >DNS server was SOA in order to deny third parties the ability to use
> >my DNS server for  DOS attacks and so on.
>
> >All users reported that they could no longer send or receive e-mail
> >apart from those sent by other domains for which my DNS server was
> >SOA. Un-check No Recursion and the mail started flowing again.
> >
> >Any way around this?
>
> With MS DNS? no, recursion is either on or off.  With a firewall, you
> can leave MS DNS recursion on and block access from internet to port 53.
>
> Use  DNS like BIND that allows recursion restricted by ACL, eg, for
> your subnet.
>
> Len
>
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Reply via email to