[Dnsmasq-discuss] Recursive warning ...

gypsy gypsy@iswest.com
Thu, 17 Feb 2005 19:41:25 -0800


GrantC wrote:
> 
> On Thu, 17 Feb 2005 17:15:56 +0200, you wrote:
> 
> >Greetings ...
> >
> >       I have read in the mail list archive what a "refused to do a recursive
> >query" is, but I'm lost.
> >
> >       I think that either I have miss configured my installations of dnsmasq
> >or I have a big problem with my network.
> >
> >       I'm currently getting 100MB worth of DNS traffic a day, this might be
> >because I'm using anti-spam DNS stuff, but I'm also getting about 20738
> >of these warning ...
> >
> >       Could I ask for some help to fix this.
> 
> The biggest offender IMHO is the ban by spam filters doing
> reverse lookups for each hit on the machine -- try a different
> approach: kill each nn.nn.nn.nn/24 IP block that sources spam
> in the firewall -- I imagine it wouldn't take long to have your
> very own reject set that will immensely reduce DNS traffic.
> 
> Then whitelist 'collateral damage' IPs, if any.  Worth a try?
> 
> How soon will it be that DNS operators refuse or limit services
> to sites that overload them?  Perhaps that is happening now?
> 
> Cheers,
> Grant.

I'd like to add 2 ideas to the above.

1) Add a DNS server to your list that you are sure DOES allow
recursive.  I won't make any promises, but I'm successful with these:
207.171.0.10 
207.178.128.20
68.65.16.162

while
206.72.64.70 gives that message.

2) http://ip.ludost.net/
from which I obtained some valuable rules for iptables.
--
gypsy