Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

Suddenly getting lots of false positives.

 

 

First page Previous page 1 2 Next page Last page  View All SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


admin at game-point

May 26, 2012, 1:06 PM

Post #26 of 45 (704 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

OK I continue to get this problem - lots of spam is coming through now with:
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
medium trust

I think it's likely to have something to do with me changing the
machine's hostname to ip.game-point.net because it started happening
just after that. Can anyone think of why this might have caused the
problem and how I can fix it?

--
Best regards,
Jeremy Morton (Jez)

On 24/05/2012 10:14, Jeremy Morton wrote:
> I've gotten a lot of false positives coming into my inbox lately, and
> the principle reason for most of them seems to be that they are matching
> the following rule:
> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
> medium trust
>
> I'm not sure why they're matching this rule, so I thought I'd ask you
> guys to see whether you could figure it out. Here's a sample message
> that made it through my spam filter, which is definitely spam (note that
> I have it configured to attach X-Spam-Report to every message so I can
> see why it was NOT marked as spam):
>
> ==================================================
> From - Wed May 23 10:53:41 2012
> X-Account-Key: account2
> X-UIDL: UID308596-1160697276
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> X-Mozilla-Keys:
> Return-path: <niw9 [at] etisbew>
> Envelope-to: bugzilla [at] game-point
> Delivery-date: Wed, 23 May 2012 10:37:58 +0100
> Received: from [59.94.13.26]
> by ip.game-point.net with esmtp (Exim 4.69)
> (envelope-from <niw9 [at] etisbew>)
> id 1SX80z-0005qn-7r
> for bugzilla [at] game-point; Wed, 23 May 2012 10:37:58 +0100
> Received: from apache by etisbew.com with local (Exim 4.63)
> (envelope-from <splashedoo6 [at] realliving>)
> id A10PD7-HLT0O1-68
> for bugzilla [at] game-point; Wed, 23 May 2012 15:07:55 +0530
> To: bugzilla [at] game-point
> Subject: Good afternoon,
> Date: Wed, 23 May 2012 15:07:55 +0530
> From: "Stella Cotton" <niw9 [at] etisbew>
> Message-ID: <74FC52565ECB52BB625FD430CB8D155D [at] etisbew>
> X-Priority: 3
> X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="------------03070800307080108050505"
> X-Spam-Status: No, score=0.7
> X-Spam-Score: 7
> X-Spam-Bar: /
> X-Spam-Flag: NO
> X-Spam-Report: Spam detection software, running on the system
> "ip.game-point.net", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or label
> similar future email. If you have any questions, see
> the administrator of that system for details.
> Content preview: It is what a man needs to overcome the most delicate
> problem.
> Your power and strength of your porksword will please her! Make your body
> as strong as your spirit is!Click It is what a man needs to overcome the
> most delicate problem. Your power and strength of your porksword will
> please
> her! Make your body as strong as your spirit is! [...]
> Content analysis details: (0.7 points, 3.0 required)
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
> [URIs: bestinternetdancer.com]
> 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
> [URIs: bestinternetdancer.com]
> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
> trust
> [59.94.13.26 listed in list.dnswl.org]
> 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
> [59.94.13.26 listed in dnsbl.sorbs.net]
> 0.6 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
> 0.2 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
> [score: 0.6609]
> 0.0 HTML_MESSAGE BODY: HTML included in message
>
> This is a multi-part message in MIME format.
> --------------03070800307080108050505
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain; charset="iso-8859-2"
>
> It is what a man needs to overcome the most delicate problem. Your power
> and strength of your porksword will please her! Make your body as strong
> as your spirit is!Click
>
> --------------03070800307080108050505
> Content-Transfer-Encoding: 7bit
> Content-Type: text/html; charset="us-ascii"
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=windows-1250">
> <STYLE></STYLE>
> </HEAD>
> <BODY>
> <div style="width:600px;">
> <div style="background: none repeat scroll 0 0 #FDF3F0; border-top: 3px
> solid #E7431D; padding: 25px;">
> <div style="font-size: 180%;">
>
> <em>It is what a man needs to overcome the most delicate problem.
> <br>Your power and strength of your porksword will please her! <br>Make
> your body as strong as your spirit is!</em>
> </div>
> </div>
> <div id="nav" style="background: none repeat scroll 0 0 #4D4D4F;
> font-size: 90%; line-height: 40px;">
> <a style="color: #FFFFFF; padding: 12px 25px;"
> href="http://pijqasos.bestinternetdancer.com/page.html?Wsl7zrBeopsqjfqBjDy27csllzE">Click</a>
>
> </div>
> </div>
> </BODY></HTML>
> --------------03070800307080108050505--
> ==================================================
>
>
> Any ideas why the sender would be in the dnswl with medium trust? I did
> recently change my machine's hostname to ip.game-point.net.
>


wolfgang.zeikat at desy

May 26, 2012, 1:38 PM

Post #27 of 45 (699 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

In an older episode, on 2012-05-26 22:06, Jeremy Morton wrote:
> OK I continue to get this problem - lots of spam is coming through now
> with:
> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
> medium trust

We had so many false positives with that rule, that I - as others who
replied to your post already (see below) - have come to the conclusion
that www.dnswl.org is not a reliable source of trust for us and disabled
the rule by configuring

score RCVD_IN_DNSWL_MED RBL 0

0 is zero, not uppercase o

>
> I think it's likely to have something to do with me changing the
> machine's hostname to ip.game-point.net because it started happening
> just after that.

I doubt that.

Regards,

wolfgang

---------- Forwarded Message ----------

Subject: Re: Suddenly getting lots of false positives.
Date: Thursday, 24. May 2012
From: "corpus.defero" <corpus.defero [at] idnet>
To: users [at] spamassassin

On Thu, 2012-05-24 at 10:14 +0100, Jeremy Morton wrote:
> I've gotten a lot of false positives coming into my inbox lately, and
> the principle reason for most of them seems to be that they are matching
> the following rule:
> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
> medium trust
>

Given the connecting IP is listed with an number of anti-spam
blocklists:

59.94.13.26 Listed in Spamhaus XBL (CBL Data)
59.94.13.26 Listed in Spamhaus PBL (ISP Maintained)
59.94.13.26 Listed in Barracuda Reputation List
59.94.13.26 Listed in dul.dnsbl.sorbs.net
59.94.13.26 Listed in UCE PROTECT LEVEL 2
59.94.13.26 Listed in UCE PROTECT LEVEL 3

and that

bestinternetdancer.com

Is listed in Spamhaus domain block list & the multi.uribl.com block list
you'd have to wonder why it gets a reduction from: www.dnswl.org

I'm not 100% but isn't http://www.dnswl.org/ a 'DIY' whitelisting site
that anyone can kind of abuse?

The rule is tucked away in 72_active.cf, along with the other 'pay to
spam' whitelists from the likes of Return Path. I suggest you add this
to your local.cf to deal with such abuse:

score RCVD_IN_DNSWL_MED 0
score RCVD_IN_RP_CERTIFIED 0
score RCVD_IN_RP_SAFE 0

But that's just my default settings on every instance of SA that I work
on. Sometimes I add points for Return Path as it seems to help BLOCK
spam rather than pass ham - but that's a can of worms and a different
subject.


wolfgang.zeikat at desy

May 26, 2012, 1:44 PM

Post #28 of 45 (698 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

In an older episode, on 2012-05-26 22:38, Wolfgang Zeikat wrote:

> We had so many false positives

Oops, I used your term "false positives" by accident. I and many others
tend no call false Ham classifications
false negatives
(negative scores change the classification towards ham)

So:
We had so many false negatives
> with that rule, that I - as others who
> replied to your post already (see below) - have come to the conclusion
> that www.dnswl.org is not a reliable source of trust for us and disabled
> the rule by configuring
>
> score RCVD_IN_DNSWL_MED RBL 0
>
> 0 is zero, not uppercase o

Cheers,

wolfgang


rwmaillists at googlemail

May 26, 2012, 4:25 PM

Post #29 of 45 (696 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

On Sat, 26 May 2012 22:44:54 +0200
Wolfgang Zeikat wrote:

> In an older episode, on 2012-05-26 22:38, Wolfgang Zeikat wrote:
>
> > We had so many false positives
>
> Oops, I used your term "false positives" by accident. I and many
> others tend no call false Ham classifications
> false negatives
> (negative scores change the classification towards ham)

It depends on context. He was originally wrong because he wrote
that he was getting false positives in his inbox, which implies a false
positive in the overall spamassassin result. OTOH RCVD_IN_DNSWL_MED
hitting spam is a false positive in the individual rule which is a
test for ham.

> So:
> We had so many false negatives
> > with that rule, that I - as others who
> > replied to your post already (see below) - have come to the
> > conclusion that www.dnswl.org is not a reliable source of trust for
> > us and disabled the rule by configuring
> >
> > score RCVD_IN_DNSWL_MED RBL 0

The OP should probably update his rules first since the rule currently
scores -2.3 rather than -4, and rules haven't been updated since
February.

I don't think setting it to zero is a good idea, it wont turn-off the
lookup so you might just as well set it to -0.001 and monitor the
rule's performance.


niamh at fullbore

May 27, 2012, 12:53 AM

Post #30 of 45 (695 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

Hello Jeremy,

Saturday, May 26, 2012, 9:06:55 PM, you wrote:

JM> OK I continue to get this problem - lots of spam is coming through now with:
JM> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
JM> medium trust

JM> I think it's likely to have something to do with me changing the
JM> machine's hostname to ip.game-point.net because it started happening
JM> just after that. Can anyone think of why this might have caused the
JM> problem and how I can fix it?

You are using google's servers aren't you?

Could they be part of the problem? Given you previously said-

JM> I actually get: Host 40.152.71.64.list.dnswl.org not found:
JM> 5(REFUSED)

And-

"Access to the dnswl.org public nameservers may be blocked for all
users doing more than 100000 queries per day at any time. dnswl.org
is under no obligation to contact the owners of IP addresses seen
doing more than the specified limit before blocking such access."

--
Best regards,
Niamh mailto:niamh [at] fullbore


admin at game-point

May 27, 2012, 2:28 AM

Post #31 of 45 (694 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

I don't see what relevance the DNS servers I use on my my machine have
to do with querying dnswl.org - surely dnswl.org shouldn't even know if
I'm using Google's nameservers?

--
Best regards,
Jeremy Morton (Jez)

On 27/05/2012 08:53, Niamh Holding wrote:
>
> Hello Jeremy,
>
> Saturday, May 26, 2012, 9:06:55 PM, you wrote:
>
> JM> OK I continue to get this problem - lots of spam is coming through now with:
> JM> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
> JM> medium trust
>
> JM> I think it's likely to have something to do with me changing the
> JM> machine's hostname to ip.game-point.net because it started happening
> JM> just after that. Can anyone think of why this might have caused the
> JM> problem and how I can fix it?
>
> You are using google's servers aren't you?
>
> Could they be part of the problem? Given you previously said-
>
> JM> I actually get: Host 40.152.71.64.list.dnswl.org not found:
> JM> 5(REFUSED)
>
> And-
>
> "Access to the dnswl.org public nameservers may be blocked for all
> users doing more than 100000 queries per day at any time. dnswl.org
> is under no obligation to contact the owners of IP addresses seen
> doing more than the specified limit before blocking such access."
>


jarif at iki

May 27, 2012, 2:39 AM

Post #32 of 45 (716 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

On Sun, May 27, 2012 12:28, Jeremy Morton wrote:
> I don't see what relevance the DNS servers I use on my my machine have
> to do with querying dnswl.org - surely dnswl.org shouldn't even know if
> I'm using Google's nameservers?
>

You ask Google. Google does not know. They ask dnswl.org's DNS. dnswl.org
does not see You. They see only Google. And lots of them. They block
Google.

Just put this to your named.conf.local if you use bind.


zone "combined.njabl.org" { type forward; forward first; forwarders {}; };
zone "dnsbl.sorbs.net" { type forward; forward first; forwarders {}; };
zone "zen.spamhaus.org" { type forward; forward first; forwarders {}; };
zone "activationcode.r.mail-abuse.com" { type forward; forward first;
forwarders {}; };
zone "nonconfirm.mail-abuse.com" { type forward; forward first; forwarders
{}; };
zone "iadb.isipp.com" { type forward; forward first; forwarders {}; };
zone "bl.mailspike.net" { type forward; forward first; forwarders {}; };
zone "wl.mailspike.net" { type forward; forward first; forwarders {}; };
zone "bb.barracudacentral.org" { type forward; forward first; forwarders
{}; };
zone "psbl.surriel.com" { type forward; forward first; forwarders {}; };
zone "bl.score.senderscore.com" { type forward; forward first; forwarders
{}; };
zone "list.dnswl.org" { type forward; forward first; forwarders {}; };
zone "multi.uribl.com" { type forward; forward first; forwarders {}; };
zone "ovi.com" { type forward; forward first; forwarders {}; };


niamh at fullbore

May 27, 2012, 2:41 AM

Post #33 of 45 (695 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

Hello Jeremy,

Sunday, May 27, 2012, 10:28:17 AM, you wrote:

JM> surely dnswl.org shouldn't even know if
JM> I'm using Google's nameservers?

Of course it will know from which nameserver it receives a query.

--
Best regards,
Niamh mailto:niamh [at] fullbore


admin at game-point

May 27, 2012, 3:03 AM

Post #34 of 45 (694 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

OK so that leads me to 2 questions:

Why doesn't dnswl just allow big nameservers like Google? Surely they
know they're legit and lots of people use them.

Why does this work from my Windows box at home which is using Google's
nameservers?
nslookup 40.152.71.64.list.dnswl.org
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: 40.152.71.64.list.dnswl.org
Address: 127.0.6.3


--
Best regards,
Jeremy Morton (Jez)

On 27/05/2012 10:41, Niamh Holding wrote:
>
> Hello Jeremy,
>
> Sunday, May 27, 2012, 10:28:17 AM, you wrote:
>
> JM> surely dnswl.org shouldn't even know if
> JM> I'm using Google's nameservers?
>
> Of course it will know from which nameserver it receives a query.
>


niamh at fullbore

May 27, 2012, 3:12 AM

Post #35 of 45 (694 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

Hello Jeremy,

Sunday, May 27, 2012, 11:03:18 AM, you wrote:

JM> Why doesn't dnswl just allow big nameservers like Google?

Did you read my quote?

Quite simply if you are placing that much load on dnswl then pay...
Google obviously don't.

--
Best regards,
Niamh mailto:niamh [at] fullbore


niamh at fullbore

May 27, 2012, 3:18 AM

Post #36 of 45 (691 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

Hello Jeremy,

Sunday, May 27, 2012, 11:03:18 AM, you wrote:

JM> Why does this work from my Windows box at home which is using Google's
JM> nameservers?

Because google will be using a cluster of servers and the one that
handled that query might not have hit the 100,000 limit?

Why are you using Goole's servers anyway?

--
Best regards,
Niamh mailto:niamh [at] fullbore


me at junc

May 27, 2012, 6:29 AM

Post #37 of 45 (694 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

Den 2012-05-27 11:28, Jeremy Morton skrev:
> I don't see what relevance the DNS servers I use on my my machine
> have to do with querying dnswl.org - surely dnswl.org shouldn't even
> know if I'm using Google's nameservers?

you are free to use google public dns as you like, but the more users
using google dns servers the highter query hits come from google dns,
and if that limit is over 100000 query dnswl block more querys, and this
affact ALL google dns users, its fun to keep below dnswl radar there no
? :=)

this problem is gone if you have own local dns server in 127.0.0.1, but
only if you still keep below the dnswl limit pr query ip

should i say "using shared resourses, makes shared limits" ?


me at junc

May 27, 2012, 6:34 AM

Post #38 of 45 (695 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

Den 2012-05-27 11:39, Jari Fredriksson skrev:

> zone "combined.njabl.org" { type forward; forward first; forwarders
> {}; };
[zones]

why not disable dnseval plugin in spamassassin ?

saves more ram then add more zones to bind :=)


me at junc

May 27, 2012, 6:39 AM

Post #39 of 45 (692 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

Den 2012-05-27 12:03, Jeremy Morton skrev:
> OK so that leads me to 2 questions:
>
> Why doesn't dnswl just allow big nameservers like Google?

haha, why not ask google to pay for datafeed from spamhaus so wee all
can get it for free ?

> Surely they know they're legit and lots of people use them.

incurrect, most isps force there dynamic clients to use there isp dns
servers so thay can block service as thepiratebay, if dynamic users
running bind on there own there is nothing blocked

> Why does this work from my Windows box at home which is using
> Google's nameservers?
> nslookup 40.152.71.64.list.dnswl.org
> Server: google-public-dns-a.google.com
> Address: 8.8.8.8
>
> Non-authoritative answer:
> Name: 40.152.71.64.list.dnswl.org
> Address: 127.0.6.3

try to understand dnssec ?


jarif at iki

May 27, 2012, 7:27 AM

Post #40 of 45 (694 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

On Sun, May 27, 2012 16:34, Benny Pedersen wrote:
> Den 2012-05-27 11:39, Jari Fredriksson skrev:
>
>> zone "combined.njabl.org" { type forward; forward first; forwarders
>> {}; };
> [zones]
>
> why not disable dnseval plugin in spamassassin ?
>
> saves more ram then add more zones to bind :=)
>

Adding zones w/o forwarders will request directly them zones, thus allow
dnseval to work. I want dnseval, but I do not want it use Google.

Google is fast and reliable cache for general use, much better than bind
alone.


me at junc

May 27, 2012, 7:51 AM

Post #41 of 45 (690 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

Den 2012-05-27 16:27, Jari Fredriksson skrev:

> Adding zones w/o forwarders will request directly them zones, thus
> allow
> dnseval to work. I want dnseval, but I do not want it use Google.

okay, using forwards in options ?

here i dont use global forwsards so i have it like you just on another
way of doing the same

hint zone is my friend :)

> Google is fast and reliable cache for general use, much better than
> bind
> alone.

okay, stats are fine, but i dont use it this way, using forwards in
options gives more problems then it solves, here i just use pr zone
forwards if dns is not working for blocked or other stupid dns hosters
that blocks querys from so called dynamic ips, hmp :)

in all i have found registraded dns servers in dk-hostmaster nic that
allow public query with recurse lookups, thay are ready for ddos

and with edns0 servers that do it wrong makes another problem


matthias at leisi

May 27, 2012, 2:09 PM

Post #42 of 45 (695 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

On Sat, May 26, 2012 at 10:38 PM, Wolfgang Zeikat
<wolfgang.zeikat [at] desy> wrote:
> In an older episode, on 2012-05-26 22:06, Jeremy Morton wrote:
>>
>> OK I continue to get this problem - lots of spam is coming through now
>> with:
>> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
>> trust
>
>
> We had so many false positives with that rule, that I - as others who
> replied to your post already (see below) - have come to the conclusion that

Care to share with dnswl.org (which I represent) or the list here what
"false positives" you got?

In most cases, "so many" false positives are more a question of
setting up the trust path in SpamAssassin correctly. If it is some
error in our data, we'd like to know (and correct).

Thanks,
-- Matthias, for dnswl.org


jarif at iki

May 27, 2012, 2:15 PM

Post #43 of 45 (693 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

On Mon, May 28, 2012 00:09, Matthias Leisi wrote:
> On Sat, May 26, 2012 at 10:38 PM, Wolfgang Zeikat
> <wolfgang.zeikat [at] desy> wrote:
>> In an older episode, on 2012-05-26 22:06, Jeremy Morton wrote:
>>>
>>> OK I continue to get this problem - lots of spam is coming through now
>>> with:
>>> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
>>> medium
>>> trust
>>
>>
>> We had so many false positives with that rule, that I - as others who
>> replied to your post already (see below) - have come to the conclusion
>> that
>
> Care to share with dnswl.org (which I represent) or the list here what
> "false positives" you got?
>
> In most cases, "so many" false positives are more a question of
> setting up the trust path in SpamAssassin correctly. If it is some
> error in our data, we'd like to know (and correct).
>
> Thanks,
> -- Matthias, for dnswl.org
>

Personally I'm quite happy with dnswl.org. I have 0 spam with this rule
triggered in my corpus (which can be seen in
http://ruleqa.spamassassin.org)

Great service.


corpus.defero at idnet

May 28, 2012, 12:53 AM

Post #44 of 45 (695 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

On Sun, 2012-05-27 at 12:39 +0300, Jari Fredriksson wrote:
> On Sun, May 27, 2012 12:28, Jeremy Morton wrote:
> > I don't see what relevance the DNS servers I use on my my machine have
> > to do with querying dnswl.org - surely dnswl.org shouldn't even know if
> > I'm using Google's nameservers?
> >
>
> You ask Google. Google does not know. They ask dnswl.org's DNS. dnswl.org
> does not see You. They see only Google. And lots of them. They block
> Google.
>
Exactly - just like Spamhaus. The difference with Spamhaus is you will
usually get no A record back even for a blacklisted IP or domain.

I'm sure they are not the only blocklist to do it. It's all mostly
related to revenue protection & money, but hey - their blocklist, their
rules.

I must add that the Barracuda list works flawlessly through Google's
servers and is still the best list I've found.


jarif at iki

May 28, 2012, 10:33 AM

Post #45 of 45 (688 views)
Permalink
Re: Suddenly getting lots of false positives. [In reply to]

On Sun, May 27, 2012 17:51, Benny Pedersen wrote:
> Den 2012-05-27 16:27, Jari Fredriksson skrev:
>
>> Adding zones w/o forwarders will request directly them zones, thus
>> allow
>> dnseval to work. I want dnseval, but I do not want it use Google.
>
> okay, using forwards in options ?
>
> here i dont use global forwsards so i have it like you just on another
> way of doing the same
>
> hint zone is my friend :)
>
>> Google is fast and reliable cache for general use, much better than
>> bind
>> alone.
>
> okay, stats are fine, but i dont use it this way, using forwards in
> options gives more problems then it solves,

Just occurred to me, that this may be true. Some big sites optimize the
returned A record according to the query and location of it. I just
disabled my global forwarders. Did not even use my ISP, as it seems they
do not support DNSSEC.

> here i just use pr zone
> forwards if dns is not working for blocked or other stupid dns hosters
> that blocks querys from so called dynamic ips, hmp :)
>

I would be very pleased to see your zones for that. Thanks in advance ;)

First page Previous page 1 2 Next page Last page  View All SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.