[Dnsmasq-discuss] Can I set up dnsmasq to act as a local caching recursive DNS server?
/dev/rob0
rob0 at gmx.co.uk
Sat Jun 22 14:19:02 BST 2013
On Sat, Jun 22, 2013 at 09:05:25PM +1000, Robert S wrote:
> I am having difficulties with lookups by spamassassin - I'm
> getting these messages:URIBL_BLOCKED ADMINISTRATOR NOTICE:
> The query to URIBL was blocked.See
> http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
> for more information.
>
> I've been advised that my URIBL query traffic may be
> aggregated with many others and that I need to use a local
> caching recursive DNS server.
This is also true of Spamhaus and other major DNSBLs.
> Is dnsmasq able to do this? I've been using it for quite a
> few years and am not keen to switch to something else.
This isn't a problem for me, because my mail server is also an
authoritative NS server, and it runs BIND named. I only run dnsmasq
in SOHO settings.
That said, I don't trust ISP (nor other external) caches. I set up
dnsmasq to use a local named listening on an alternate port. The
dnsmasq.conf (dnsmasq.d/ if you prefer) and named.conf are both
rather simple:
dnsmasq.conf :
# we use "nameserver 127.0.0.1" in resolv.conf
no-resolv
server=127.0.0.1#1053
# other settings not shown
named.conf :
options {
directory "/var/named";
listen-on port 1053 { 127.0.0.1; };
# this also lets me control my own DNSSEC
#dnssec-accept-expired yes;
dnssec-lookaside auto;
dnssec-validation auto;
};
(This assumes a recent enough BIND version for DNSSEC support, which
is not the case in older RHEL/CentOS and recent OpenBSD.)
Is it overkill to run two daemons which do the same thing? Perhaps,
but these do not do the same thing. Dnsmasq is a DHCP server and
authoritative nameserver; named here is only caching/recursive. It
has long been considered a best practice to separate authoritative
from caching/recursive name service.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the Dnsmasq-discuss
mailing list