Blcoking DNS from outsider
- Thread starter pluk
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Please clarify your question, pluk.
What do you mean?
I'm not sure what DNS has to do with relaying, and your question isn't clear to me.
Jeff
What do you mean?
I'm not sure what DNS has to do with relaying, and your question isn't clear to me.
Jeff
blcoking DNS
For example, I can presently use the Direct Admin server 1 (DA1) as my DNS server. Many times, people use this to replay mails or even to pull records. This could cause severe slowdown to the server.
Any way to prevent people to use this DNS as their client machine's DNS?
Sorry if I'm not too clear.
For example, I can presently use the Direct Admin server 1 (DA1) as my DNS server. Many times, people use this to replay mails or even to pull records. This could cause severe slowdown to the server.
Any way to prevent people to use this DNS as their client machine's DNS?
Sorry if I'm not too clear.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Re: blcoking DNS
That said, it's not a good idea to allow anyone to use your server for "recursive" queries; that is queries for sites for which you're not authoritative.
However, if you do that, then not even your machine can use your DNS server to find DNS records. So you'll have to use someone else's DNS servers for your system's DNS resolution.
To do that you'll have to find one or more DNS servers you can use for recursive lookups (that's lookups of domains for which your server is NOT authoritative), and list it/them in your /etc/resolv.conf file.
It's important to know that the latter is a MUST; if you don't do it your server won't work.
We use DNS servers provided by our bandwidth provider for recursive DNS, and we list them in our /etc/resolv.conf file.
For instructions for the resolv.conf file see "man resolv.conf".
Jeff
By default, the only people who can use your server to relay email would be your email users. And you can shut them out as well, but that's a different topic.pluk said:
DNS is a very efficient protocol; we server DNS for many thousands of sites on 300MHZ systems and we never get even measurable server load.
That said, it's not a good idea to allow anyone to use your server for "recursive" queries; that is queries for sites for which you're not authoritative.
We use the "recursion no;" statement as part of the options in our /etc/named.conf file.
However, if you do that, then not even your machine can use your DNS server to find DNS records. So you'll have to use someone else's DNS servers for your system's DNS resolution.
To do that you'll have to find one or more DNS servers you can use for recursive lookups (that's lookups of domains for which your server is NOT authoritative), and list it/them in your /etc/resolv.conf file.
It's important to know that the latter is a MUST; if you don't do it your server won't work.
We use DNS servers provided by our bandwidth provider for recursive DNS, and we list them in our /etc/resolv.conf file.
For instructions for the resolv.conf file see "man resolv.conf".
Jeff