Table of Contents |
---|
Installing
Installing a Local Caching Nameserver
...
SpamAssassin will perform many DNS lookups for NetworkTests to significantly improve scoring of messages primarily by DNSBlocklists like Spamhaus, SORBS, etc. This information needs to be cached locally to improve performance and limit the number of external DNS queries since some DNSBlockLists have limits on free usage.
...
- Rsync the feed files into /var/lib/rbldnsd
- List the feed files in /etc/systemd/system/rbldnsd-dsbl.service
No Format .include /etc/systemd/rbldnsd.conf [Unit] Description=DNSBL (rbldnsd) dsbl instance [Service] ExecStart=/sbin/rbldnsd -n -f -r /var/lib/rbldnsd -b 127.0.0.1/530 dul.dnsbl.sorbs.net:ip4set:dul.dnsbl.sorbs.net http.dnsbl.sorbs.net:dnset:http.dnsbl.sorbs.net smtp.dnsbl.sorbs.net:ip4set:smtp.dnsbl.sorbs.net new.spam.dnsbl.sorbs.net:ip4set:new.spam.dnsbl.sorbs.net dnsbl-1.uceprotect.net:ip4set:dnsbl-1.uceprotect.net
- Enable and start the service
No Format systemctl enable rbldnsd-dsbl systemctl start rbldnsd-dsbl
- rbldnsd should now be listening on port 530
No Format # netstat -tunlap | grep rbldns udp 0 0 127.0.0.1:530 0.0.0.0:* 901/rbldnsd
- Setup your main DNS caching server to forward to rbldnsd. This is an example for PowerDNS recursor:
- /etc/pdns-recursor/recursor.conf
No Format forward-zones-file=/etc/pdns-recursor/forward-zones
- /etc/pdns-recursor/forward-zones
No Format dul.dnsbl.sorbs.net=127.0.0.1:530 http.dnsbl.sorbs.net=127.0.0.1:530 smtp.dnsbl.sorbs.net=127.0.0.1:530 new.spam.dnsbl.sorbs.net=127.0.0.1:530 dnsbl-1.uceprotect.net=127.0.0.1:530
- /etc/pdns-recursor/recursor.conf
Using
...
SpamAssassin local.cf
No Format |
---|
dns_available yes |
...
NOTE: Make sure DHCP is not changing the nameserver setting in the /etc/resolv.conf away from 127.0.0.1.
Testing
...
Use dig to test DNS queries. If you don't get a response then the local DNS server could:
...