On Thu, 22 Sep 2016, Thomas Barth wrote:
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:


 URIBL_BLOCKED shows you are using still a dns-forwarder and so won't get
 results from a lot of blacklists

 fix that - use a local caching resolver with *no forwarding* and if you
 are using dnsmasq just don't do that for a inbound mailserver

I found an instruction here for a debian system

https://manageacloud.com/configuration/local_dns_caching

Seems to work local dns caching but I dont understand why I shouldnt use it for inbound mailserver and why I still see URIBL_BLOCKED=0.001

Lists shouldn't have said "caching", that confuses the issue. Caching and recursion are two different, unrelated pieces.

Focus on the "recursion" and "no forwarding" parts of that recommendation. If you're configuring a non-local DNS server's IP address anywhere in the mix (ignoring for the moment the root zones), you're doing it wrong.

As far as I understand it, dnsmasq cannot be used for local recursion; it's purely a lightweight local DNS cache layer. That's why Lists said don't use it for inpbound mail.

You may have to install the full BIND package and tell it to not forward.



--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  A government is a lot like a gun: It's always loaded,
  and it's stupid and dangerous to point it at anything
  you don't intend to hurt.                             -- GOF at TSM
-----------------------------------------------------------------------
 275 days since the first successful real return to launch site (SpaceX)

Reply via email to