Is it possible to tell unbound not to use forwarders only for some specific domains?
gerben.wierda at rna.nl
Sat Dec 28 17:13:23 UTC 2019
I am using unbound and rspamd.
Unbound is configured as follows (snippet)
# Quad9 phising/malware site blocking DNS 220.127.116.11
# Quad9 2nd DNS
# Fallback if Quad9 is out: Google:
# forward-addr: 18.104.22.168
It seems that rspamd doesn’t like that, because the DNS masters for multi.uribl.com and dnl.dnswl.org apparently do not like getting a DNS query forwarded from public DNS servers. Which produces errors like:
2019-12-28 17:47:20 #16267(controller) <gp88ff>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2019-12-28 17:47:20 #16267(controller) <k7m6sm>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dwl.dnswl.org while 'no records with this name' was expected when querying for 'TTE6_6BJCREYADp1do_TGob69-N7R.dwl.dnswl.org'(likely DNS spoofing or BL internal issues)
which breaks rspamd I think
So, I think (not sure) that I am supposed not to use a forwarder to a public DNS provider with rspamd. But that would mean I lose the advantage of Quad9. Hence, I was thinking that I m,ight need to tell unbound an exception for these domains, sidestepping the forwarding. Is that possible? (Does it solve my issue? I don’t know but I’d like to try).
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http://masteringarchimate.com/>
Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Unbound-users