On Sat, Jun 22, 2013 at 09:05:25PM +1000, Robert S wrote: > I am having difficulties with lookups by spamassassin - I'm > getting these messages:URIBL_BLOCKED ADMINISTRATOR NOTICE: > The query to URIBL was blocked.See > http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block > for more information. > > I've been advised that my URIBL query traffic may be > aggregated with many others and that I need to use a local > caching recursive DNS server.
This is also true of Spamhaus and other major DNSBLs. > Is dnsmasq able to do this? I've been using it for quite a > few years and am not keen to switch to something else. This isn't a problem for me, because my mail server is also an authoritative NS server, and it runs BIND named. I only run dnsmasq in SOHO settings. That said, I don't trust ISP (nor other external) caches. I set up dnsmasq to use a local named listening on an alternate port. The dnsmasq.conf (dnsmasq.d/ if you prefer) and named.conf are both rather simple: dnsmasq.conf : # we use "nameserver 127.0.0.1" in resolv.conf no-resolv server=127.0.0.1#1053 # other settings not shown named.conf : options { directory "/var/named"; listen-on port 1053 { 127.0.0.1; }; # this also lets me control my own DNSSEC #dnssec-accept-expired yes; dnssec-lookaside auto; dnssec-validation auto; }; (This assumes a recent enough BIND version for DNSSEC support, which is not the case in older RHEL/CentOS and recent OpenBSD.) Is it overkill to run two daemons which do the same thing? Perhaps, but these do not do the same thing. Dnsmasq is a DHCP server and authoritative nameserver; named here is only caching/recursive. It has long been considered a best practice to separate authoritative from caching/recursive name service. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss