Recursive DNS issue / configuration

MiamiJack

MiamiJack

Active Member
Proxmox Subscriber
Sep 17, 2020
316
21
38
Hello All,

I believe bind was installed previously as a caching server, and we're trying to resolve some RBL issues and caching dns locally, thinking I may want to change my caching server.

I'm not as familiar with PVE as Centos and needed some guidance to accomplish the following:

1. Identify and remove the existing caching server (based on what I see looks like bind is my reverse)
2. Install the current recommended DNS caching server

I know how to install powerdns recursive server (if thats a preferred choice), if not some instructions/reference would also be appreciated.

Below is what is installed currently, that I'm thinking may not be working well causing me some false positives with RBLs.

Any assistance/direction appreciated! Thank you!


Code: 
bind9-dnsutils/stable,stable-security,now 1:9.16.27-1~deb11u1 amd64 [installed,automatic]
dns-root-data/stable,now 2021011101 all [installed,automatic]
dnsutils/stable,stable-security,now 1:9.16.27-1~deb11u1 all [installed]
libdns-export1104/now 1:9.11.5.P4+dfsg-5.1+deb10u5 amd64 [installed,local]
libdns-export1110/stable,now 1:9.11.19+dfsg-2.1 amd64 [installed,automatic]
libdns1104/now 1:9.11.5.P4+dfsg-5.1+deb10u5 amd64 [installed,local]
libdns1110/stable,now 1:9.11.19+dfsg-2.1 amd64 [installed,automatic]
libnet-dns-perl/stable,now 1.29-1 all [installed]

current resolv.conf
Code: 
nameserver 127.0.0.1
nameserver 1.1.1.1
nameserver 8.8.4.4

current /etc/default/bind9
Code: 
#
# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

Current /etc/bind/named.conf.options
Code: 
acl goodclients {
localhost;
localnets;
};

options {
        directory "/var/cache/bind";



        recursion yes;
        allow-query { goodclients; };

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        listen-on-v6 { none; };
};
 
Last edited:
MiamiJack said:
I believe bind was installed previously as a caching server, and we're trying to resolve some RBL issues and caching dns locally, thinking I may want to change my caching server.
Click to expand...
In general I think most known resolvers (bind, powerdns_recursor, unbound) should do a decent job at resolving.
Regarding caching - there's nothing too much to do there - you do not want to cache results much longer than what the RBL providers suggest (else you'll reject mails despite the IP having been delisted)

In any case - have not worked with bind in a longer while - and cannot say too much about your config - but maybe explain what is not working

we have a getting started page, which I can recommend in general in our wiki - it links to a short tutorial about setting up unbound:
https://pmg.proxmox.com/wiki/index....edicated_DNS_Resolver_on_Proxmox_Mail_Gateway
 
You must log in or register to reply here.
Top Bottom