At 5:41 PM -0700 10/4/01, Elliot Wilen imposed structure on a stream of electrons, yielding: >I think I found out what's going on. What follows is my interpretation. > >The MAPS subscription requires that DNS queries be made directly >from the IP address you provide when you subscribe. When I have the >mail server set to use our ISP's DNS servers, they're unable to >handle the query because they aren't subscrbed to MAPS. Having the >mail server use the local DNS server doesn't help, since it passes >requests for unknown addresses onto the ISP's DNS servers.
Ewww. That is a bit ugly. Why do you have your local nameserver set up that way? Your local nameserver should be doing it's own recursion, not slaving to your ISP's nameserver. >Solution: Enter the IP address for one of mail-abuse.org's name >servers into the first line of the Name Server field in TCP/IP >settings. Don't enter the local DNS server here--it just adds an >unnecessary extra layer to the lookups and increases the load on >poor old MacDNS. (But if you do have the SIMS machine refer to a >local DNS server, then THAT machine must have the mail-abuse.org >name server as its parent server. Also, that machine needs to be the >one with the MAPS subscription.) Are you sure you understand how DNS works? Servers do not necessarily have 'parent' servers. Any good resolver can do it's own recursion and get an address itself. ISP's typically provide nameservers to provide a local cache and reduce all the traffic that would come from everyone doing their own recursion, and to deal with the fact that Windows used to have a badly broken resolver that could not do its own recursion. >Problem with this solution: the mail-abuse.org name server is also >going to be queried when SIMS does its other lookups. This doesn't >hurt anything but it puts an extra load on mail-abuse.org. > >Possible feature request: have SIMS perform RBL lookups directly. Can you define what you mean by that? If you mean build a proper recursive resolver into SIMS, that would be a bit much to handle the pathological case of having nothing but MacDNS as a local nameserver. I have not tried it, but unless Apple lied about the OT resolver you can make it do its own recursion by pointing it at nameservers that will not recurse for you but will send back NS references, like the root servers. This may get you where you want to be (getting the queries to the MAPS nameserver to come straight from your SIMS server) but it is a bit unusual. You are better off (assuming that you have more than one machine needing DNS) running a real nameserver locally. MacDNS doesn't count. QuickDNS certainly does (I think that even the old free 'lite' version would work for this) as would any version of bind or djbdns on your favorite flavor of Unix. >It >seems that this should be too hard. For example, with WhatRoute, >when you do a name lookup, it seems to bypass the DNS servers listed >in TCP/IP and query the authoritative DNS server directly. No, it does not. Look at the options in WhatRoute: you can either have it use the OT DNS config or you can specify alternate settings. I don't believe it will do its own recursion though, since a correct recursive resolver is significantly more complex to code than a simple non-recursive one and there's little point to re-implementing such a thing when you have one in the OS. Incidentally, I suspect that your problem may well be MacDNS choking. The MAPS zones return an extra TXT record, and I seem to recall that going nuts when given one of those is one of MacDNS' known flaws. -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
