On Apr 19, 2010, at 9:22 PM, Steve wrote:
> You can run that caching DNS where ever you want as long as you secure that
> DNS. If you use BIND and are using forwarders to your ISP name servers then
> that caching will not necessarily help much if your ISP's NS are the problem.
>
thanks for the reply.
this is where i get upside down.
if im caching only on localhost 127.0.0.1, and I point my OS to use local dns,
it will query root servers correct ?
but sitting on the inside behind aNATed ip , how then does it resolv internal
hosts if Im resolving from root servers ? i guess i could pull secondary from
internal dns server, but I do not want addresses to bleed over.- sorry i know "
not a postfix thread issue. just trying make sure my requests are coming out
correctly.
-j
> If this would be the case then instruct your BIND to forward queries for
> spamhaus.org directly to their name servers instead going over your ISP's
> name servers. Something like that here below might be helpful to you:
> ------------------------------------------
> zone "spamhaus.org" in {
> type forward;
> allow-query { 127.0.0.1; };
> forwarders {
> 82.94.216.239; // ns8.spamhaus.org
> 194.82.174.6; // ns20.ja.net
> 149.20.58.65; // ns.dns-oarc.net
> 194.109.9.101; // ns3.xs4all.nl
> 207.241.224.5; // ns2.spamhaus.org
> 192.150.94.200; // ns3.spamhaus.org
> 195.169.124.71; // ns3.surfnet.nl
> };
> ------------------------------------------
>
i will keep this handy. i could have used this snippit this morning. :)
> Keep in mind that the NS list for spamhaus.org could change in the future. If
> that happens then you need to update that forwarders list from above.
>
as in most things these days. thanks.
> Keep in mind that if you put out that server on the net that you update the
> list of IPs allowed to query that zone by updating allow-query. Most likely
> you will not need to do anything because you are not authoritative for that
> domain/zone but god only knows what else you will add to your named.conf so
> limiting additionally inside the zone will not do any harm.
