| Table of Contents |
|---|
Installing
SpamAssassin will perform many DNS lookups for NetworkTests to significantly improve scoring of messages primarily by DNSBlocklists like Spamhaus, SORBS, etc. This information needs to be cached locally to improve performance and limit the number of external DNS queries since some DNSBlockLists have limits on free usage.
...
Packaging varies slightly between distributions so refer Internet articles for details and current information for your OS version. The default configuration files should give us a desired caching non-forwarding DNS server listening locally only.
Debian/Ubuntu:
| No Format |
|---|
apt-get update
apt-get install unbound
|
RHEL/CentOS:
| No Format |
|---|
yum install unbound
chkconfig unbound on
service unbound start
|
Fedora:
| No Format |
|---|
dnf install unbound
systemctl enable unbound
systemctl start unbound
|
...
Default PowerDNS Recursor installs should be the desired non-forwarding caching only DNS server listening only on localhost. Refer to other online articles for details about the config files and settings specific to your OS version.
Debian/Ubuntu:
| No Format |
|---|
apt-get update
apt-get install pdns-recursor
|
RHEL/CentOS:
| No Format |
|---|
# EPEL repository required yum install epel-release yum install pdns-recursor chkconfig pdns-recursor on service pdns-recursor start |
Fedora:
| No Format |
|---|
dnf install pdns-recursor
systemctl enable pdns-recursor
systemctl start pdns-recursor
|
BIND
Debian/Ubuntu:
| No Format |
|---|
apt-get update
apt-get install bind9
|
RHEL/CentOS:
| No Format |
|---|
yum install bind bind-utils
chkconfig named on
service named start
|
Fedora:
| No Format |
|---|
dnf install bind bind-utils systemctl enable named systemctl start named |
djbdns
djbdns/tinydns is D. J. Bernstein's DNS daemon.
If you have a good guide to the commands required to install this on a typical system, please edit this page and fill out this section.
Debian:
To install djbdns on Debian you need to fetch (with apt for example) the packages "daemontools-installer" and "djbdns-installer". What this packages will do is fetch the source code, compile it, and create Debian packages both for daemontools and djbdns. After installing those packages, you can issue the commands "build-daemontools" and "build-djbdns" which will create the final debian packages and prompt for installation. Example:
| No Format |
|---|
apt-get update
apt-get install djbdns-installer daemontools-installer
build-daemontools
build-djbdns
|
Note that you may keep and reuse (just not redistribute) the debian packages created with the installer packages.
After installing djdbs, you need to create the "dnscache" instance under /service. Supposing you want the cache to listen on the loopback device, you would do:
| No Format |
|---|
dnscache-conf dnscache dnslog /service/dnscache 127.0.0.1
|
rbldnsd
Rbldnsd is not a recursive caching DNS server. It is an authoritative DNS server primarily used to host private/internal zones from feeds like Spamhaus, Invaluement, SORBS, etc. Typically rbldnsd will listen on an alternate port then the primary DNS server setup above would forward specific zones to rbldnsd.
...
- Rsync the feed files into /var/lib/rbldnsd
List the feed files in /etc/systemd/system/rbldnsd-dsbl.service
No Format .include /etc/systemd/rbldnsd.conf [Unit] Description=DNSBL (rbldnsd) dsbl instance [Service] ExecStart=/sbin/rbldnsd -n -f -r /var/lib/rbldnsd -b 127.0.0.1/530 dul.dnsbl.sorbs.net:ip4set:dul.dnsbl.sorbs.net http.dnsbl.sorbs.net:dnset:http.dnsbl.sorbs.net smtp.dnsbl.sorbs.net:ip4set:smtp.dnsbl.sorbs.net new.spam.dnsbl.sorbs.net:ip4set:new.spam.dnsbl.sorbs.net dnsbl-1.uceprotect.net:ip4set:dnsbl-1.uceprotect.net
Enable and start the service
No Format systemctl enable rbldnsd-dsbl systemctl start rbldnsd-dsbl
rbldnsd should now be listening on port 530
No Format # netstat -tunlap | grep rbldns udp 0 0 127.0.0.1:530 0.0.0.0:* 901/rbldnsd
- Setup your main DNS caching server to forward to rbldnsd. This is an example for PowerDNS recursor:
/etc/pdns-recursor/recursor.conf
No Format forward-zones-file=/etc/pdns-recursor/forward-zones
/etc/pdns-recursor/forward-zones
No Format dul.dnsbl.sorbs.net=127.0.0.1:530 http.dnsbl.sorbs.net=127.0.0.1:530 smtp.dnsbl.sorbs.net=127.0.0.1:530 new.spam.dnsbl.sorbs.net=127.0.0.1:530 dnsbl-1.uceprotect.net=127.0.0.1:530
...
- not have proper connectivity outbound to the Internet - a firewall could be blocking UDP/TCP 53
- have reached the free usage limit of the DNSBlockList - remove the "+short" to see more detail in the ANSWER section
- may not be configured correctly - search for articles on how to setup your specific DNS caching server on your specific OS
Spamhaus Zen:
| No Format |
|---|
dig +short 2.0.0.127.zen.spamhaus.org 127.0.0.10 127.0.0.4 127.0.0.2 |
...