On Sat, Jun 22, 2013 at 09:05:25PM +1000, Robert S wrote:
I am having difficulties with lookups by spamassassin - I'm
getting these messages:URIBL_BLOCKED ADMINISTRATOR NOTICE:
The query to URIBL was blocked.See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
I've been advised that my URIBL query traffic may be
aggregated with many others and that I need to use a local
caching recursive DNS server.
This is also true of Spamhaus and other major DNSBLs.
Is dnsmasq able to do this? I've been using it for quite a
few years and am not keen to switch to something else.
This isn't a problem for me, because my mail server is also an
authoritative NS server, and it runs BIND named. I only run dnsmasq
in SOHO settings.
That said, I don't trust ISP (nor other external) caches. I set up
dnsmasq to use a local named listening on an alternate port. The
dnsmasq.conf (dnsmasq.d/ if you prefer) and named.conf are both
rather simple:
dnsmasq.conf :
# we use nameserver 127.0.0.1 in resolv.conf
no-resolv
server=127.0.0.1#1053
# other settings not shown
named.conf :
options {
directory /var/named;
listen-on port 1053 { 127.0.0.1; };
# this also lets me control my own DNSSEC
#dnssec-accept-expired yes;
dnssec-lookaside auto;
dnssec-validation auto;
};
(This assumes a recent enough BIND version for DNSSEC support, which
is not the case in older RHEL/CentOS and recent OpenBSD.)
Is it overkill to run two daemons which do the same thing? Perhaps,
but these do not do the same thing. Dnsmasq is a DHCP server and
authoritative nameserver; named here is only caching/recursive. It
has long been considered a best practice to separate authoritative
from caching/recursive name service.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss