On Fri, Jul 16, 2021 at 5:29 PM Tim Bray via mailop <mailop@mailop.org> wrote: > > On 16/07/2021 17:58, Al Iverson via mailop wrote: > > If you want to guide this dummy on how to run a local resolver like > > that, I'd appreciate the tips.:) I was trying to get out of the DNS > > business but if I want to do any local DNSBL querying, I guess I have > > to reconsider that. > > On an debian/ubuntu system just > > apt install unbound > > It comes configured fairly safely, listening only on localhost. > > and edit /etc/resolv.conf to say > > nameserver 127.0.0.1 > > And there isn't much else to it for single machine. Indeed it is quite > a good way to bring DNSSEC up to the local machine.
Thanks! I'll give that a shot, much appreciated. Sounds quite easy and just what I need. I'm struggling to get past my 20 year old mindset of "don't run a DNS server if you don't have to" because bind was a common hax0r vector, once upon a time. Until catching on to the limitations around DNSBL resolution limitations, I'd been quite happy with public resolvers. Spamhaus has been warning about them for a while, so I can't be surprised. I just wasn't thinking much about it. (On my XNND DNS tools site, the web-based DNS tools by default will rotate through a list of common public DNS servers, to help spread the joy around. Maybe I'll add an allow list of DNSBL domains that use a local resolver instead.) Cheers, Al Iverson -- Al Iverson // Wombatmail // Chicago Deliverability: https://spamresource.com DNS Tools: https://xnnd.com _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
