Any dns experts on the list?
Last week I noticed our one dns server was running at 100% cpu and using
nearly all its available memory. Reboot. Problem goes away until next day.
Repeat, etc. I determined that an outside entity was hammering the dns
server. Blocked them at the main router. Problem
Any dns experts on the list?
I'm not an expert but
...The server needs to do dns lookups for our clients,
That's not a problem as long as you allow outgoing DNS traffic on your
firewall (or in your case cisco router)
and needs to be available to other internet DNS servers for
Greg, this would be a good question to pose in the forums at Scott
Perry's hobby hangout:
http://www.dnsstuff.com/pages/forums.htm
For my two cents, you probably want to identify the kind of DNS traffic
that is coming in, not just who the high volume senders are, that might
help you understand
on 8/18/05 1:49 PM, Markus Gufler wrote:
Are they
querrieng info's about domain names you're hosting or are this requests for
completely other domains and your server does the lookup and report the
result to the client.
The second case (other domains).
From what I've been able to determine,
Agreed on the splitting idea. Keep one DNS firewalled from the outside
world and for use just by your clients and their address space, and
then another one that only resolves what you host and is open to
everyone. If this requires investing in another box, it might make
sense to just move your
Our email server has been blocked by AOL and we are
having trouble getting answers from them . Can anyone give me suggestions on
getting this resolved ASAP.
Howard Smith
These tests (especially BADHEADERS) seem to be catching a lot of legit
mail lately. I've attached one of the headers It seems like many of
the emails are sent from Exchange servers. What exactly makes the
headers bad?Any ideas?
Received: from ss_email.ssc.internal [216.201.186.154] by
Best bet is to contact their postmaster
hotline. Number is available at postmaster.aol.com.
You should sign up for their feedback loop to help
avoid future problems.
Darin.
- Original Message -
From: Howard Smith
To: Declude.JunkMail@declude.com
Sent: Thursday, August 18, 2005
Kevin,
Microsoft E-mail clients have a nasty habit of excluding the To when
there are only CC or BCC recipients. You will almost exclusively see
this on some sort of E-mail blast from Exchange servers. The proper
(RFC compliant) way to construct the headers when no To address is
specified
Hi Kevin,
This email is more our/your FYI than much an answer to your question:
We've also noticed this on other tests of Declude that are built in; but not
much on BADHEADERS. Decludes BADHEADERS test is a good test and accurate in
our opinion; but we have lowered the score on this test as
Or
Instead so splitting if you are running bind set acl security so your local
addresses can do recursion and the public at large can only resolve locally
hosted domains.
This
type of setup allows our internal blocks to query the DNS with recursion and the
allow-queryin the options
Previous email should have said
Or Instead fo
splittingrun bind and
Oh yea
we uses bind on our windows 2000 servers instead of MS due to the portability
and stability. Although MS DNS is very stable it may require OS tweaking to get
it to function stabily under heavy loads. See the
Has this list and the virus list dumped anyone else recently? I'd feel
better if someone said yes.
This is the second time in about two months that I suddenly stopped getting
Declde e-mails. Last time they said it had something to do with their DNS
but it concerns me that I may also be missing
Hi
You are using both Sniffer and the Invariant Systems URI tests together?
Maybe I was even denser than I thought, but I thought they sort of
duplicated each other.
Thanks,
Rob
snip on
We have learned over the past year, that most of the built-in tests of
Declude are not effective like
The 2003 Search companion in Sever 2003 sucks - I just moved from a 2000
sever. Does anyone know how to modify its default setting?
When I used to dig through held e-mails on the 2000 server I would use it to
find and delete e-mail by using the containing text field. So when I saw
the e-mail was
Howard,
In your logs it should indicate a code you can
check on at http://postmaster.info.aol.com/.
Usually they are pretty tenatious on reverse dns
entries. Also, you may want to look for any local clients that may be
forwarding their mail from your server into AOL.
Darrell
Hi Nick-
That would deny his internal users the
ability to resolve external domains. I like the splitting ides - one for
inside with recursion, one for outside without.
-d
- Original Message -
From:
Nick
Hayer
To: Declude.JunkMail@declude.com
Sent: Thursday,
We follow the same procedure that Matt outlined for our
workstation setup under Windows XP, i.e. not turning on Index Server but
configuring the search in that manner and telling it to search all file types
(files with unknown extensions).
I just tested added .SMD as "text" file type in
18 matches
Mail list logo
