On Wednesday, December 8, 2004, 7:25:31 PM, Rob McEwen wrote: > 1st, I'm not a SpamAssassin user. In fact, none of your particular > suggestions (so far) regarding local whitelisting will be benefit me.
OK That's fine, but please chose a parent zone you control if you want to set up a subdomain. And please ask your application writers to support a local whitelist, like SA does. It's a good way to prevent a lot of unnecessary DNS queries. > 2nd, I'm running the TreeWalk DNS caching server on my Windows 2000 server > and everything running on my box looks to this application for DNS > resolution. TreeWalk by default goes to the root servers for advice... > except where I have specified otherwise in some "forwarders" strategically > set up. Some of these point to my Hosting provider's DNS server... some > point elsewhere. OK I'm not familiar with that program but you may need to have it forward the local whitelist zone to itself in order to prevent outbound zone transfer requests. (If it has the ability to query the root servers, it probably also has the ability to request transfers of more specific zones such as the fake ones you're trying to set up for local whitelisting (or blacklisting).) > 3rd, ...and most important... this TreeWalk DNS server is **local only**. It > is NOT a DNS server that propagates info elsewhere and it ONLY serves up > domain resolution to applications running on my box. In fact, there is > security set up where my TreeWalk implementation will NOT server requests > from outside my box. We're not concerned about inbound requests to your box or what it serves or doesn't serve to the outside world. The problem with fake subdomains is that they usually send out packets to the zone's parents regarding the delegation. Those packets are essentially extraneous noise to the parent zone's name servers. Dealing with those unnecessary packets causes the name servers some load, causes logging and generally annoys operators of those name servers. > Finally, the app that I'm using for DNSBL lookups doesn't provide a means to > manually whitelist individual entries. [...] > Again, I'm sure that there must be a way for me to get what I want... and it > seems like even if I'm doing something that isn't "by the book" there must > be a way to accomplish it without the more nasty repercussions that you > refer to. Yes, ask the application makers to add a whitelisting feature. Jeff C. -- "If it appears in hams, then don't list it."
