response-policy zones from spamhaus.org
stenc at s-carlsen.dk
Sat Oct 7 21:58:51 UTC 2017
On 07-10-2017 21.36, MAYER Hans wrote:
> Dear All,
> We are using response-policy zones as a service from spamhaus.org
> This is used for web access as well as for SMTP ( incoming and outgoing )
> Actually this worked fine over years.
> Now we have the situation if I dig www.airindia.in I get as result
> ;; ADDITIONAL SECTION:
> bad-nameservers.rpz.spamhaus.org. 60 IN SOA need.to.know.only. hostmaster.spamhaus.org. 1507403414 300 60 432000 60
> This indicates that it is listed in the bad-nameservers.rpz.spamhaus.org database from spamhaus.org which I have configured as a slave zone in my DNS server.
> Our employees are travelling a lot and therefore it is not acceptable that the Indian Airline is not reachable.
> Such zones are defined as type slave. Therefore it’s not possible to update such a zone.
> I also tried to define these records in my own RPZ and hoping it has higher priorities. But it isn’t.
> Finally I tried a forward only zone for airindia.in to a server in my environment which does not use RPZ. But this doesn’t work too.
> Any ideas how I could shade or overwrite the content of RPZ ?
I would look at the mail server configuration. It might be possible to
add a positive list in front of the spamhaus lookup.
> I am using BIND 9.11.2
> Kind regards
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
More information about the bind-users