On 18 May 2017, at 17:05, Robert Kudyba wrote:
On May 18, 2017, at 4:41 PM, David Jones <djo...@ena.com> wrote:
From: Robert Kudyba <rkud...@fordham.edu>
Am 18.05.2017 um 22:30 schrieb Reindl Harald:
"with working dnsmasq" says all - DNSMASQ DON'T DO RECURSION - IT
CAN#T
you are forwarding to some other nameserver and you are not the
only one
But the nameserver I’m forwarding to is in our university.
Your server needs to do it's on full recursive DNS lookups.
So dnsmasq is no longer an option?
It never was a reasonable option for anything more than a toy mail
server on a network with real recursers that aren't shared by mail
servers doing significant volume.
If you want a mail server to perform decently while using all the modern
tools for fraud & spam detection (DNSBLs, SPF, DKIM, DMARC, DANE,
requiring FCrDNS with a non-generic name, etc.) you need a fully
recursive (never-forwarding) DNS resolver with a sizable cache on the
same machine or at worst the same physical LAN. A substantial fraction
of the time it takes to accept or reject a piece of mail is spent
waiting for DNS replies, especially if you are relying on a cache that
in on the other side of a router.
/etc/resolv.dnsmasq
search subdomain.ourschool.edu ourschool.edu
nameserver 150.108.x.yy
nameserver 150.108.y.xx
Tangent: You do know that your email address a complete Received trail
is in your mail, right? Not much point in obfuscation...
Isn’t the point of enabling dnsmasq to cache DNS calls? I’m just
following the
instructions at
https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.apache.org_spamassassin_CachingNameserver-23&d=DwIFEA&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=Xfhs5TxObQNstiygWZx6rtuJIMJ_Q65ueMPfIdG6MPw&s=YjlCBF15mxOWWMeVSUh_L9Jz1s8o454zFPqUC_5chAU&e=
Installing_dnsmasq_as_a_Caching_Nameserver which BTW has a broken
link to instructions.
Evidence that the wiki does not see a lot of maintenance. There's a LOT
of staleness there.
I see there’s rbldnsd.
ONLY if you have a way to get full copies of the zones you want, because
rbldnsd is ONLY authoritative. It is useful if you're paying for a
subscription to a DNSBL provider like Spamhaus, but it's NOT a
general-purpose resolver.
On Fedora and one of our 2 servers, we run NIS & ypbind. One runs
NetworkManager and the other just the network service. I guess I’m
looking for the best recommendation and easy configuration without
conflicts.
IMHO NetworkMangler doesn't belong on ANY server, but that's a rant for
elsewhere...
Unbound is by far my favorite for pure simple caching fully-recursive
resolvers. I use BIND as well, but only where I need complex rigs that I
have not yet tried to implement with Unbound.
The link to http://njabl.org/rsync.html <http://njabl.org/rsync.html>
is broken at the moment.
It shall remain so until such time as it is removed, as NJABL is long
dead.
