Re: training bayes database

Thu, 10 May 2018 05:07:59 -0700 

On 05/10/2018 07:02 AM, Reio Remma wrote:

On 10.05.18 14:58, Matus UHLAR - fantomas wrote:

Am 09.05.2018 um 16:28 schrieb Matthew Broadhead:
i guess my dns is set to use my isp's dns server.  do i need to set up dns relay on my machine so it comes from my ip? 


there is no way we send more than 500k emails from our domain so i 
should qualify for the free lookup?



On 09/05/18 20:43, David Jones wrote:

Yes.  Setup BIND, unbound, or pdns_recursor on your SA server that 
is not forwarding to another DNS server then set your 
/etc/resolv.conf or SA dns_server to 127.0.0.1.  This will make your 
DNS queries isolated from your IP to stay under their daily limit.



Keep in mind that if your SA box is behind NAT that is not dedicated 
to your server then other DNS queries could get combined with your 
shared public IP.  This is not likely since others are not going to 
query RBL/URIBL servers but it's possible.  If your SA server is 
directly on the Internet as an edge mail gateway then this won't be 
a problem.




On 10.05.18 12:15, Matthew Broadhead wrote:

i already had bind handling my dns.  i just had to add to 
/etc/named.conf


allow-query-cache {localhost; any;};


NO!
this way everyone is allowed to use your server as recursive DNS.


only allow "localhost;" it defined all ipv4 and ipv6 address on your 
system.


It's also better to define allow-recursion instead.
While it means something different, they both have same defaults, but
allow-recursion has more clear meaning.


recursion yes;


not needed by default.


and to /etc/resolv.conf

nameserver 127.0.0.1


i cannot believe that is not the default.  i always assumed my dns 
was working correctly.



It's not default to have DNS server on your system. And it's not 
default to
have localhost in resolv.conf - it may be authoritative-only. 



On a slightly related note. We're running a PFSense firewall with DNS 
Forwarder (dnsmasq) in front of our mail server. From what I've gleaned 
from the net is that it caches as well. Should I still install a local 
(BIND) on the mail server?


Thanks!
Reio



YES!  As I was corrected on this mailing list last year, dnsmasq is only 
a forwarding DNS server so it will cause your queries to be lumped into 
whatever it's forwarding to.  Setup a real recursive DNS server local on 
your mail server since it should have it's own dedicated NAT or real 
public IP on your pfSense firewall so your DNS queries will be 
completely isolated.


--
David Jones
























					Reply via email to