Re: URIBL_BLOCKED while using local BIND

Tue, 15 Sep 2015 04:37:12 -0700 


Am 15.09.2015 um 13:23 schrieb Marc Richter:

if you are trying to insult people at all costs


really?

you would recognize it when i intend to do so


*any* expierienced mailadmin out there has a local recursion nameserver 
on his MTA or at least somewhere in his LAN to use a central local cache 
but only you can't do it?



you should read and
understand their posts in full before doing so at least, to not look
like a jackass additional to an impolite person.


obviously it don't work


What I wrote is:

 >> ... but created the exemptions as listed at the very bottom of that
 >> site, to make sure my bind don't forward requests on these services
 >> to my ISP's DNS ...


but it does forward otherwise the problem would be solved


 > and *no* the ISP nameserver is *not* a lot faster in most cases

Also, you shouldn't make assumptions without measuring something:

1. without forwarding:

;; Query time: 543 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)

2. with forwarding to my ISP's servers:

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)

That's 271 times faster than root-servers's lookup.



*lol* yes, the second hit already in your local cache when you don't 
clear it before, you never ever have 2 ms with a forwarding reslover on 
the internet asked - never ever!



for *that* one specific request if you have the luck it's in his cache 
it *can* be faster, otherwise the ISP would need to do the whole 
recursion itself and then answer to your cache with one additional hop



what you also ignore is the fact that you get the lowered TTL depending 
on how old the cache entry on the forwarder is while you own cache entry 
with recursion would be valid the whole TTL of the SOA


in other words: you don't look at the whole picture

anyways 543 msec is high

;; Query time: 121 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Di Sep 15 13:27:59 CEST 2015
;; MSG SIZE  rcvd: 57



Am 15.09.2015 um 12:55 schrieb Reindl Harald:


Am 15.09.2015 um 12:51 schrieb Marc Richter:

I recently read the following in all my filtered Mail:

0.0 URIBL_BLOCKED   ADMINISTRATOR NOTICE: The query to URIBL was
blocked.
See  http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.

So I read what's written there and setup a local DNS server, as
described at http://wiki.apache.org/spamassassin/CachingNameserver .
I did choose to forward the requests to my ISP's DNS servers, since it
is a lot faster


WTF - and all your requests are coming from the ISP resolver and not
from your IP which is the reason that you should setup your own *caching
and recursing* nameserver

and *no* the ISP nameserver is *not* a lot faster in most cases

PEBCAK - problem exists between chair and keyboard





Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to