Loading ...
Sorry, an error occurred while loading the content.

292232Re: dictionary-attack

Expand Messages
  • Stan Hoeppner
    Mar 27, 2013
    • 0 Attachment
      On 3/26/2013 1:29 PM, Lima Union wrote:

      > No ipv6 here and pdnsd is using as DNS server.

      Instead of using a caching DNS proxy daemon querying Google's public DNS
      servers, I recommend you run a recursing caching resolver on your
      Postfix host, such as PowerDNS recursor (I've been using it for years
      without any issues). There are a few reasons for this:

      1. Spamhaus refuses dnsbls queries from Google DNS servers, and most
      public DNS servers, because of volume. Thus you can't query the Zen
      list using this proxy setup. Other dnsbl operators may block Google DNS
      as well.

      2. Latency is greatly reduced as your DNS queries are direct instead of
      proxied. On a high volume server latency is critical as it limits
      message throughput.

      3. If you have DNS related problems at some point in the future, you
      have complete control and troubleshooting ability. If using Google or
      another DNS server via proxy you're at that operator's mercy. And there
      is always the possibility that Google may modify results in some way, or
      respond inaccurately due to some policy or other reason.

      It's best to run your own resolver and do direct queries.

    • Show all 48 messages in this topic