On 7/15/21 12:26 PM, John Levine via mailop wrote:
It appears that Tim Bray via mailop <t...@kooky.org> said:
Just check which DNS servers you are using. And lot of the 8.8.8.8
and 9.9.9.9 of the world and similar don't work very well for RBLs
s/very well/at all/
I usually install a local unbound.
You have to unless the ISP DNS resolver is small enough not to run
into the query limits that Spamhaus and other large BLs have.
R's,
John
Off topic slightly, but someone might find the setup useful...
I use a combination of dnsdist and powerdns recursor to give me a bit of
flexibility and reliability.
Each resolver node is set up of multiple pools that consist of resolvers
I run, my provider, and 8.8.8.8/1.1.1.1.
For stuff relating to big CDNs, its set to route queries to my upstream
(CenturyLink for example) DNS servers for best possible geolocation
based performance.
For DNSbl queries, it routes to my own resolvers only.
For general queries and any time the above pools are marked as 'down',
its routed to the best performing 'up' servers built from the above
pools plus the big ones (8.8.8.8, 1.1.1.1, opendns).
Since queries are directed in pools towards the resolvers with lowest
latency, it offers a pretty good combination of performance and reliability.
I'd be happy to share the config with people if anyone wants to toy with
it. Also works really really well as a load balancer and ddos filter
for authorative servers.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
