Sandy... >Uptime should be 100% on DNS servers. It's 2008! This should not even >be a consideration. No matter how wonderfully they work, a >high-traffic mail server will _always_ be slowed down by using DNS >servers over a WAN.
In a perfect world this would be correct, but as you already know from working in the IT profession, no server, DNS or otherwise has an uptime of 100%. I have yet to see one that does in the 10 years that i have been an IT professional. Yes, things may be slowed down a bit by using a DNS server over a WAN, but in my experience, it's more reliable to use the OpenDNS servers with Declude because they are configured properly for use of the RBL tests. You'd be suprised how many people i talk to in a week who have very little understanding about the role DNS plays in having these tests work properly. >Well... anyone running a help desk for an otherwise stable >product/environment sees the majority of questions for stupid stuff >that is not your fault. Does that mean that corporate help desks, >which are constantly saddled with password resets and access requests, >should just tell users to share the same user account + password? >(Some do: bad ones.) I don't consider the questions that are asked by our customers as "stupid stuff that is not our fault", especially the questions about how DNS plays an important role in our product. When a customer comes to me in a panic about their mail backing up and causing delays, they are quite happy when we diagnose, fix and educate them about the issue, DNS related or otherwise. I do not see that as "bad" service. We provide some of the best support available. If you would like to see the thank you letters and cards that i receive each year, i will gladly show them to you. In my years of working in this business, i have never come across a technical support agent that spent hours on the phone with me (on holidays, weekends, after hours and days off) providing me with an educated, detailed description and resolution of a problem i was having. I have never had a technical support agent give me their personal cell phone number so that i could reach them in their worst time of need. We proudly go above and beyond the call of duty. If that is considered bad service, i don't know what to say. <Actually, what you said was "I suggest always using 208.67.220.220 <because you will never have to rely on your internal DNS" -- that is <not an idle option but a pretty firm prescription from the company. <Guess it depends on whether "suggest" beats "always" or vice versa. I do suggest always using the OpenDNS servers. For the 3rd time... 95% of our support issues are DNS related because of incorrectly configured DNS servers and most of our users are not DNS experts. Although i do always suggest to our customers to use these servers, a few of them choose to obtain outside DNS support to help them get their server configured. On the other hand, most of them are very pleased that we have another option for them. I have been asked many many times to suggest a DNS server that they can use. <All companies either have an internal recursive DNS server (maybe they <don't know its IP?) or already use their ISPs DNS or some other remote <DNS service like OpenDNS. Are you talking about people who have a DNS <server running on localhost, but not a recursive server, and have <dliberately set Declude to use this server instead of the fully <functioning one they must have in order to send mail? G-d help us if <these people are blithely switching to OpenDNS instead of taking their <DNS illiteracy seriously! Like I said above, most of our customers are not DNS experts and call us in time of need for help or advice. You would be surprised how many people i speak with who do not have the recursive option set on their DNS servers or even more so, they are using their ISP's DNS server and the ISP does not allow recursive lookups because of the high traffic. <I would submit that you are both (a) doing your own product a <disservice by hampering its performance AND By suggesting a DNS server to use with our product is far from doing it a disservice. We are simply giving them an option. We are not forcing them to use the OpenDNS servers. <(b) doing your client a <disservice by treating their management like "It's okay that your IT <person doesn't know how to configure/locate the simplest possible DNS <setup, he/she can still be a responsible mail admin." <This may be a <good way to grab more Declude users who would otherwise outsource all <of their anti-spam, but it is unethical to suggest that anyone so <unqualified should be in charge of their company's anti-spam defenses. This is completely off the subject. We have no bearing on how people choose to run their business or educate their employees. We do our best to educate the people who come to us for help. It's not up to us wether or not they choose to run their own DNS server or use the one(s) that we suggest. <Why not just post/reprint some articles on your site about setting up <recursion (presumably in MS DNS) and point them there? Or put together <a HOWTO for PowerDNS or BIND, both free? It is so ridiculously easy <that I shudder to imagine are people trying to make use of such a <techies' product as Declude (sorry, it is, I've been using it since <1.x) who can't handle this. I will work on getting a few articles together next week. If you would like to contribute your extensive knowledge of DNS, shoot me an email at [EMAIL PROTECTED] and i will glady add your information. ---------------------------------------- From: "Sanford Whiteman" <[EMAIL PROTECTED]> Sent: Thursday, October 09, 2008 1:44 AM To: "Linda Pagillo" <declude.junkmail@declude.com> Subject: Re[4]: [Declude.JunkMail] DNS Changes > Kevin, in our experience, the two OpenDNS servers (208.67.220.220 > and 208.67.222.222) that we suggest be used with Declude, work > wonderfully and the uptime is excellent. Uptime should be 100% on DNS servers. It's 2008! This should not even be a consideration. No matter how wonderfully they work, a high-traffic mail server will _always_ be slowed down by using DNS servers over a WAN. > Like i said earlier, we here in support see a lot of problems from > our customer's in-house DNS servers failing to do recursive lookups. Well... anyone running a help desk for an otherwise stable product/environment sees the majority of questions for stupid stuff that is not your fault. Does that mean that corporate help desks, which are constantly saddled with password resets and access requests, should just tell users to share the same user account + password? (Some do: bad ones.) > Giving our customers the suggestion and the option to use the > OpenDNS server(s) is exactly that, a suggestion and an option. Actually, what you said was "I suggest always using 208.67.220.220 because you will never have to rely on your internal DNS" -- that is not an idle option but a pretty firm prescription from the company. Guess it depends on whether "suggest" beats "always" or vice versa. > You can use any DNS server that does recursive lookups. The problem is, > most of the people we come across on a daily basis do not have > recursive lookup option set up on their local DNS servers. All companies either have an internal recursive DNS server (maybe they don't know its IP?) or already use their ISPs DNS or some other remote DNS service like OpenDNS. Are you talking about people who have a DNS server running on localhost, but not a recursive server, and have deliberately set Declude to use this server instead of the fully functioning one they must have in order to send mail? G-d help us if these people are blithely switching to OpenDNS instead of taking their DNS illiteracy seriously! I would submit that you are both (a) doing your own product a disservice by hampering its performance AND (b) doing your client a disservice by treating their management like "It's okay that your IT person doesn't know how to configure/locate the simplest possible DNS setup, he/she can still be a responsible mail admin." This may be a good way to grab more Declude users who would otherwise outsource all of their anti-spam, but it is unethical to suggest that anyone so unqualified should be in charge of their company's anti-spam defenses. Sorry if anyone's feelings are hurt by that. You may have lots of other skills we mail people don't. But if you don't know DNS, you don't know SMTP. And if you don't know SMTP, you don't know "e-mail." Why not just post/reprint some articles on your site about setting up recursion (presumably in MS DNS) and point them there? Or put together a HOWTO for PowerDNS or BIND, both free? It is so ridiculously easy that I shudder to imagine are people trying to make use of such a techies' product as Declude (sorry, it is, I've been using it since 1.x) who can't handle this. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.