Auteur: other Datum: Aan: exim-users Onderwerp: Re: [exim] SBL checks not working
Thank you to everyone who has replied! :)
The thought of installing my own caching nameserver on the VPS and
using that as my local resolver to get around this issue did also cross
my mind, however I am already running the powerdns authoritive server on
there to serve out all my zones. Getting the powerdns recursor to work
on the server would be painful (I guess I could create a jail and run it
in there, or bind it to a sub interface ip so it doesn't clash)....
I am a little pissed at my vps provider for assuming that OpenDNS is an
adequate default for everyone. I have raised a support ticket with them
to see whether they have a local resolver. I can see the company has
COLO at a provider in LA (possibly Quadranet). I am sure there must be a
set of local resolvers for the data centre location that will work (this
is certainly the case for my work, we have colo at Hurricane Electric,
HE have a set of resolvers that one can use there).. I have asked the
provider for these if they don't have their own local one in the US.
I guess the local caching nameserver is one way out of this, an
overkill one, but an option... I was really hoping to avoid it if I can.
What a pain in the butt..
Alex.
On 2013-05-29 12:01, Ted Cooper wrote: > On 29/05/13 11:50, Duane Hill wrote:
>> Set your FreeBSD to use a local resolver (if you can). Some
>> ISP/DNS
>> services will return a resolvable result pointing to a common
>> place
>> for addresses that do not resolve or return an NX lookup result.
>
> Look out for VPS providers that block DNS queries that don't go
> through
> their provided DNS servers. Can be a royal pain when attempting to do
> a
> dig +trace only to have every part of it blocked.
>
>> Also, RBLs like spamhaus.org will block lookups from public
>> DNS
>> servers.
>
> Or ISP DNS servers unless they have a deal with the DNS RBL providers
> to
> locally mirror the zone. That is a fairly rare situation in my
> experience.
>
> Basically, your servers should be querying directly, or have a
> commercial deal with them.