Dns forwarders not validating

BIND is by far the most used DNS software on Internet.

Hi, I recall it's recommended to use a local DNS server. Jerry @jhoff: online DNS and URL blacklists tend to ban public DNS servers (Open DNS servers, ISP DNS servers, Google DNS) due to the tremendous amount of queries they receive from them (i.e., they are used by many people at once thus quickly exceed the daily free query limit).We need to install ‘bind9 bind9utils bind9-doc dnsutils’ to install BIND 9 & related tools.Open your terminal & execute the following command, Once all the packages have been installed, we will move into the configuration part.I haven't seen the issue in the linked post above (is configured to block only responses I see) but I do see an increase in SPAM since I added the forwarders.Problem is some Comcast video stuff doesn't work correctly if you're using a local DNS server :( @Krisztián Fekete (Vamsoft): Yeah, I just have a single server - this is "home" e-mail... Wondering if you or anyone else has any experience using an of them (besides MSFT DNS) with ORF?DNS servers resolve DNS hostnames to their corresponding IP addresses.Public IPv4 addresses enable communication over the Internet, while private IPv4 addresses enable communication within the network of the instance (either EC2-Classic or a VPC).To change the DNS server, open ‘/etc/resol.conf‘ & make the following DNS entry, save the file & exit.We now have our client ready with DNS pointing to our server.I do use MSFT DNS service and always have but I'd like to setup DNS forwarders but recall that being a problem. Using such public DNS server as a forwarder will result in degraded spam filtering performance, as these online blacklist will not reply to your queries (they time out or return an error).If you insist on using forwarders, conditional forwarding could be a workaround: @Krisztián Fekete (Vamsoft): I assume you're suggesting I should setup conditional forwarders for each dnsbl and surbl I have configured?


  1. This essentially makes your internal DNS server a slave of its forwarders; so. Cache pollution filtering tells DNS not to cache NS and glue records for.

Leave a Reply

Your email address will not be published. Required fields are marked *