DNS configuration for MAPS RBL

  • Thread starter Thread starter tmanstls
  • Start date Start date
T

tmanstls

Trying to use the mail-abuse.org Realtime Blackhole List
service to drop incoming spam. They will not activate the
service because our DNS server will respond to a query
from anyone who asks directly to it with a non-
authoritative response. This bypasses their DNS service
thus they will not enable our DNS server to query them.
They use BIND and we use Microsoft DNS. Is there a way to
configure Microsoft DNS to not respond to requests that it
is not autoritative for. I have found numerous responses
about BIND and the allow-query statement in the config
file but nothing on MS DNS.


Thanks,
TMAN
 
In
tmanstls said:
Trying to use the mail-abuse.org Realtime Blackhole List
service to drop incoming spam. They will not activate the
service because our DNS server will respond to a query
from anyone who asks directly to it with a non-
authoritative response. This bypasses their DNS service
thus they will not enable our DNS server to query them.
They use BIND and we use Microsoft DNS. Is there a way to
configure Microsoft DNS to not respond to requests that it
is not autoritative for. I have found numerous responses
about BIND and the allow-query statement in the config
file but nothing on MS DNS.


Thanks,
TMAN
Click to expand...

Disable recursion on the advanced tab. This disables DNS from using
forwarders and root hints and it will only answer authoritatively or from
its cache. You can empty the cache and there won't be any records in cache
for it to answer with.
 
tmanstls said:
Trying to use the mail-abuse.org Realtime Blackhole List
service to drop incoming spam. They will not activate the
service because our DNS server will respond to a query
from anyone who asks directly to it with a non-
authoritative response. This bypasses their DNS service
thus they will not enable our DNS server to query them.
Click to expand...

That is the normal way to use the RBLs.

Normally it has little or nothing directly to do with your DNS
but is a setting on your Email server which much understand how
to play the RBL game.

RBL method:
You email server is configured to use an RBL DNS server list
(it COULD be your own but usually is not.)
It takes each IP address and turns that into a "known" record based
on the RBL (i.e., appending the RBL name)
Note: This looks SOMETHING like a reverse request but is really
an ordinary forward lookup that is contructed with the IP.
IF it receives a negative response, the sender is not "blocked"
IF it receives (certain) positive responses your email server can CHOOSE
to block their traffic.

The lookups are ordinary DNS lookups and require recursion and or forwarding
to operate in almost all cases.
They use BIND and we use Microsoft DNS. Is there a way to
configure Microsoft DNS to not respond to requests that it
is not autoritative for. I have found numerous responses
about BIND and the allow-query statement in the config
file but nothing on MS DNS.
Click to expand...

That is a completely separate issue in most cases from RBL.
If you do this, you won't be able to use this DNS to assist users
in resolving ANYTHING on the Internet.

Follow Kevin's guide (above in thread) if you really want this
behavior. (Basically, you disable recursion in the ADVANCED
tab -- not on the Forwarding tab -- which actually disables both
true recursion and the use of forwarders.)
 
Back
Top