You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by lister lynch <li...@mplynch.com> on 2005/03/22 21:49:01 UTC
Excessive DNS Requests
Our ISP, Covad, is periodically claiming that we have excessive DNS
requests and is threatening to turn off our service. It's primarily due
to SA, I think. Looked around for answers, and already set a bunch of
the BL checks to 0.0 to turn off the rules. Any idea how to further
prevent the excessive DNS requests?
Setup:
SA running on FC1 as firewall, passing mail thru to an Exchange server
on the inside.
Thanks a bunch for any insight,
Mike
Re: Excessive DNS Requests
Posted by Jonathan Nichols <jn...@pbp.net>.
lister lynch wrote:
> Our ISP, Covad, is periodically claiming that we have excessive DNS
> requests and is threatening to turn off our service. It's primarily due
> to SA, I think. Looked around for answers, and already set a bunch of
> the BL checks to 0.0 to turn off the rules. Any idea how to further
> prevent the excessive DNS requests?
>
I'll echo what the others have said - caching-only DNS server will work.
FC1 comes with BIND, iirc.
Do you also have a bunch of clients behind the firewall? Setting up a
caching DNS server might be a good idea for your LAN in general. You can
point the PC clients to the DNS server and hopefully make Covad happy. :)
I'm wondering how many requests they consider to be "excessive" tho..
Re: Excessive DNS Requests
Posted by br...@highstream.net.
Quoting Matt Kettler <mk...@evi-inc.com>:
> lister lynch wrote:
>
> >Our ISP, Covad, is periodically claiming that we have excessive DNS
> >requests and is threatening to turn off our service. It's primarily due
> >to SA, I think. Looked around for answers, and already set a bunch of
> >the BL checks to 0.0 to turn off the rules. Any idea how to further
> >prevent the excessive DNS requests?
> >
> >Setup:
> >SA running on FC1 as firewall, passing mail thru to an Exchange server
> >on the inside.
> >
> >Thanks a bunch for any insight,
> >Mike
> >
> >
> >
>
> Don't bother setting them all to 0. That works, but there's a much
> easier way to turn off all the RBL tests in one shot:
> in /etc/mail/spamassassin/local.cf add:
>
> skip_rbl_checks 1
>
> Another option is to just force ALL network tests to be off. Add the -L
> flag to spamd or spamassassin (depending on which one you use).
>
> Of course, my question is if you are a network of any reasonable size,
> why are you using your ISP's DNS servers for resolution and not your own
> local DNS resolver? (And even if you are a "small fry" you might
> consider having a caching-only local nameserver)
Setting up local cache is great for performance (once you start hitting the
cache) as well. Simplest thing to set up.
djbdns or bind are the 2 I use, I prefer the former for simplicity and small
foot print but this is no place for a DNS religious war, use what you know or
someone is willing to help you with.
brian
Re: Excessive DNS Requests
Posted by Matt Kettler <mk...@evi-inc.com>.
lister lynch wrote:
>Our ISP, Covad, is periodically claiming that we have excessive DNS
>requests and is threatening to turn off our service. It's primarily due
>to SA, I think. Looked around for answers, and already set a bunch of
>the BL checks to 0.0 to turn off the rules. Any idea how to further
>prevent the excessive DNS requests?
>
>Setup:
>SA running on FC1 as firewall, passing mail thru to an Exchange server
>on the inside.
>
>Thanks a bunch for any insight,
>Mike
>
>
>
Don't bother setting them all to 0. That works, but there's a much
easier way to turn off all the RBL tests in one shot:
in /etc/mail/spamassassin/local.cf add:
skip_rbl_checks 1
Another option is to just force ALL network tests to be off. Add the -L
flag to spamd or spamassassin (depending on which one you use).
Of course, my question is if you are a network of any reasonable size,
why are you using your ISP's DNS servers for resolution and not your own
local DNS resolver? (And even if you are a "small fry" you might
consider having a caching-only local nameserver)
Re: Excessive DNS Requests
Posted by Morris Jones <mo...@whiteoaks.com>.
lister lynch wrote:
> Our ISP, Covad, is periodically claiming that we have excessive DNS
> requests and is threatening to turn off our service. It's primarily due
> to SA, I think. Looked around for answers, and already set a bunch of
> the BL checks to 0.0 to turn off the rules. Any idea how to further
> prevent the excessive DNS requests?
Put your own caching DNS on your mail server, so you're not always
banging Covad's DNS. Your spam checks will run a lot faster, too.
Cheers,
Mojo
--
Morris Jones
Monrovia, CA
http://www.whiteoaks.com
Old Town Astronomers: http://www.otastro.org
Re: Excessive DNS Requests
Posted by David Brodbeck <gu...@gull.us>.
Kelson wrote:
> Bob McClure Jr wrote:
>
>> On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
>>
>>> I can't give you specific instructions for FC1, but I know older
>>> versions of
>>> RedHat had a package specifically for this, all preconfigured.
>>
>>
>> I think it was pdnsd, but it appears not to be in the FC sets. Google
>> for it. It was very easy to set up. I still use it.
>
>
> I believe the package is just called caching-nameserver. With FC you
> should be able to just do "yum install caching-nameserver" and it'll
> pull in bind and any other dependencies.
That sounds familiar.
Sorry to be so vague, but it's been a while since I last ran RedHat.
Re: Excessive DNS Requests
Posted by David Brodbeck <gu...@gull.us>.
lister lynch wrote:
> I checked the PDC of the domain (W2003), and it was running DNS for
> forward and reverse lookup zones, as well as caching lookup. There
> shouldn't be any problem installing caching-nameserver on the FC box as
> well, should there?
No, but why not just make the FC box use the PDC as its DNS server?
Re: Excessive DNS Requests
Posted by lister lynch <li...@mplynch.com>.
On Tue, 2005-03-22 at 17:25, Kelson wrote:
> Bob McClure Jr wrote:
> > On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
> >>I can't give you specific instructions for FC1, but I know older versions of
> >>RedHat had a package specifically for this, all preconfigured.
> >
> > I think it was pdnsd, but it appears not to be in the FC sets. Google
> > for it. It was very easy to set up. I still use it.
>
> I believe the package is just called caching-nameserver. With FC you
> should be able to just do "yum install caching-nameserver" and it'll
> pull in bind and any other dependencies.
Thank you all for your prompt, knowledgeable replies.
I checked the PDC of the domain (W2003), and it was running DNS for
forward and reverse lookup zones, as well as caching lookup. There
shouldn't be any problem installing caching-nameserver on the FC box as
well, should there?
Mike
Re: Excessive DNS Requests
Posted by Kelson <ke...@speed.net>.
Bob McClure Jr wrote:
> On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
>>I can't give you specific instructions for FC1, but I know older versions of
>>RedHat had a package specifically for this, all preconfigured.
>
> I think it was pdnsd, but it appears not to be in the FC sets. Google
> for it. It was very easy to set up. I still use it.
I believe the package is just called caching-nameserver. With FC you
should be able to just do "yum install caching-nameserver" and it'll
pull in bind and any other dependencies.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: Excessive DNS Requests
Posted by Bob McClure Jr <ro...@earthlink.net>.
On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
> On Tue, 22 Mar 2005 15:49:01 -0500, lister lynch wrote
> > Our ISP, Covad, is periodically claiming that we have excessive DNS
> > requests and is threatening to turn off our service. It's primarily
> > due to SA, I think. Looked around for answers, and already set a
> > bunch of the BL checks to 0.0 to turn off the rules. Any idea how
> > to further prevent the excessive DNS requests?
>
> Run your own caching DNS server. A side benefit will be faster DNS lookups.
> You'll be able to turn your DNS-based blacklists back on, too.
>
> I can't give you specific instructions for FC1, but I know older versions of
> RedHat had a package specifically for this, all preconfigured.
I think it was pdnsd, but it appears not to be in the FC sets. Google
for it. It was very easy to set up. I still use it.
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
robertmcclure@earthlink.net http://www.bobcatos.com
Worry is a waste of the imagination.
Re: Excessive DNS Requests
Posted by David Brodbeck <gu...@gull.us>.
On Tue, 22 Mar 2005 15:49:01 -0500, lister lynch wrote
> Our ISP, Covad, is periodically claiming that we have excessive DNS
> requests and is threatening to turn off our service. It's primarily
> due to SA, I think. Looked around for answers, and already set a
> bunch of the BL checks to 0.0 to turn off the rules. Any idea how
> to further prevent the excessive DNS requests?
Run your own caching DNS server. A side benefit will be faster DNS lookups.
You'll be able to turn your DNS-based blacklists back on, too.
I can't give you specific instructions for FC1, but I know older versions of
RedHat had a package specifically for this, all preconfigured.
Re: Excessive DNS Requests
Posted by Rick Macdougall <ri...@nougen.com>.
lister lynch wrote:
> Our ISP, Covad, is periodically claiming that we have excessive DNS
> requests and is threatening to turn off our service. It's primarily due
> to SA, I think. Looked around for answers, and already set a bunch of
> the BL checks to 0.0 to turn off the rules. Any idea how to further
> prevent the excessive DNS requests?
>
> Setup:
> SA running on FC1 as firewall, passing mail thru to an Exchange server
> on the inside.
>
> Thanks a bunch for any insight,
Hi,
Run a local caching DNS server ? Is Covad complaining about you hitting
their DNS to do the lookups or something else ?
Regards,
Rick