On Thu, 2017-05-18 at 21:46 +0000, David Jones wrote: > > From: John Hardin <jhar...@impsec.org> > > I think this part of the wiki page may not be stressed stongly > > enough: > > Non-forwarding > > If you have a large ISP or are using large public DNS provider(s) > > it is > > recommended you not forward mail-related DNS traffic through their > > DNS > > servers (though non-mail DNS traffic from your site shouldn't have > > problems.) With bind, this means not having any "forwarders" > > listed. Or, > > at a minimum, you could create exemptions by defining empty > > forwarders for > > DNSBL zones, like this: > > https://wiki.apache.org/spamassassin/CachingNameserver > > I just simplified that page quite a bit. It needs a little more work > on it but it > should be pretty clear now to not use a forwarding DNS server locally > and do > not point the server to another DNS server in /etc/resolv.conf. > Minor correction: The Bind for RedHat section of the page needs changes to bring it into like with the unbound instructions.
For Fedora you'd use: dnf install bind systemctl enable bind systemctl start bind Can't comment about RHEL/CentOS Martin