On Sun, 2013-06-23 at 06:52 +1000, Robert S wrote: > The OpenDNS website states "OpenDNS is the largest and most reliable > _recursive_ DNS service available ...". Presumably this explains why > my queries are not blocked when I use OpenDNS.
Again, nope. The OpenDNS server will do the query -- thus, if used by too many clients, it will exceed the limit of "abuse" just like your ISP's caching (and recursive) DNS does. Please read my previous explanation (quoted below) about the order of nameservers again. > Various discussions on the net state that typo correction causes > problems on OpenDNS with SURBL/URIBL. However the spamassassin wiki > at http://wiki.apache.org/spamassassin/OpenDnsAndUribls states that > OpenDNS do not use typo correction by default. "Typo correction" does introduce a whole lot of issues -- for the clients. DNS servers getting blocked by a DNSxL is none of them, though. > If these things are true then the last question is - is it safe to use > OpenDNS IP addresses in my resolv.conf (and hence the remainder of my > small network) or should I stick to the addresses provided by my ISP? I'd argue the evidence provided in this thread suggests to stick to the first nameserver currently listed in your resolv.conf -- your own. > On Sun, Jun 23, 2013 at 5:59 AM, Karsten Bräckelmann wrote: > > On Sat, 2013-06-22 at 21:16 +1000, Robert S wrote: > > > I've eliminated this problem by using openDNS servers: > > > > Nope. You've eliminated the problem by dropping your ISP's DNS servers. > > > > SA uses the first listed nameserver, IIRC, which previously was your > > ISP's. By removing them, the third listed became the first -- your local > > nameserver. The additional two nameservers usually are not used. > > > > The other piece of the puzzle is, that your own server is not configured > > to forward DNS queries to your ISP's DNS server. It either resolves, or > > forwards to another server not blocked for abuse. > > > > > > > # cat /etc/resolv.conf > > > domain mydomain.net.au > > > search mydomain.net.au > > > nameserver 192.168.0.33 #<--- My server IP > > > nameserver 208.67.220.220 > > > nameserver 208.67.222.222 -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
