On 5/13/2015 10:08 AM, David Jones wrote:
From: Chris <cpoll...@embarqmail.com>
Sent: Wednesday, May 13, 2015 8:50 AM
To: Jeremy McSpadden
Cc: users@spamassassin.apache.org
Subject: Re: Turning off queries to SORBS
On Wed, 2015-05-13 at 02:05 +0000, Jeremy McSpadden wrote:
dig +trace and see if your ISP is intercepting queries.

--
Jeremy McSpadden | Flux Labs
Local - 850-250-5590x501 | Mobile - 850-890-2543
Fax - 850-254-2955 | Toll Free - 877-699-FLUX
Web - http://www.fluxlabs.net

Jeremy, I'm replying to you again and Ccing the list which I forgot to
do last night. Below are the results of the above command. I don't see
anywhere my ISP is involved. I've put the output on pastebin so it
doesn't get mangled here on the list dig +trace
54.139.130.12.dnsbl.sorbs.net
http://pastebin.com/up0A2xD1
Dig +trace doesn't work quite like that.  It will show you exactly what a
recursive DNS server would do on a client's behalf when doing a full
recursive query to the Internet  -- not forwarding to another DNS caching
server.  It's very helpful to troubleshoot DNS servers giving bad/stale info
but it's not able to help you see your DNS query flow.

You just have to look at your /etc/resolv.conf to see where it's pointed and
start there.  If you aren't sure that the DNS server in /etc/resolv.conf isn't
doing full recursive lookups on it's own, then you need to find one or stand
up your own private DNS server so you know what it's doing for sure.

If you have a high volume of mail (more than a  few hundred to a thousand
mailboxes as a rough number), I would recommend setting up your own DNS
recursive server (PowerDNS recursor or BIND) with forwarding disabled.  Then
also setup the same thing on each SA mail server but forward to your new
private DNS server, then update the /etc/resolv.conf to point to 127.0.0.1.

SA server (/etc/resolv.conf) -> 127.0.0.1 -> private DNS server (not forwarding) 
-> Internet

To make sure you are not forwarding queries to your ISP, check you named.conf file for any "forwarders" lines. If you have any, remove them so your server will do the lookups itself rather than forwarding them elsewhere.

--
Bowie

Reply via email to