Just make it simple, set your DNS servers to be your upstream provider..
You pay them money, use their services if you don't want to run your own
DNS server..
PS, don't even THINK of using DoH ;)
BTW, everyone keeps talking about 1.1.1.1 and 8.8.8.8, but consider that..
'https://download.dnscrypt.info/resolvers-list/json/public-resolvers.json'
Anything in that list may not be able to look up DNS queries to RBL's..
Oh, and even some of the LARGEST companies have DNS servers that they
forgot to put a reverse DNS/PTR on..
If you don't have a PTR record, I won't believe you are a DNS server..
On 2021-07-16 10:48 a.m., Brielle via mailop wrote:
On 7/16/21 10:58 AM, Al Iverson via mailop wrote:
Each resolver node is set up of multiple pools that consist of resolvers
I run, my provider, and 8.8.8.8/1.1.1.1.
If you want to guide this dummy on how to run a local resolver like
that, I'd appreciate the tips. :) I was trying to get out of the DNS
business but if I want to do any local DNSBL querying, I guess I have
to reconsider that.
In the meantime, is it bad vibes to query Spamhaus directly against
a.gns.spamhaus.org - e.gns.spamhaus.org? What kind of query level
might invite blocking?
Cheers,
Al
I've had a few people ask, so put up one of the example configs here:
https://sosdg.org/general/dnsdist
I'll prob add another config that is used for supporting auth servers
behind dnsdist later on today. It's also possible to have dnsdist route
queries for both auth and recursive appropriately.
If anyone has specific questions, feel free to drop me a line. I'm not
an expert on dnsdist, but I do have a bit of configuration experience.
For those that don't know...
So the general idea with dnsdist is that its smart in how it routes
queries. It will test servers in the pools to make sure they are
functioning, as well as track their latency. If a server goes offline,
it's marked as down until it returns, removing it temp from the pool.
More complicated setups allow you to have fine grained control how it
distributes queries in the pool, can support query quotas for clients,
block potential DDoS attacks from hitting the backend DNS servers, and
quite a bit more.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
