[SURBL-Discuss] Feature Request: Whitelist_DNSRBL

Rob McEwen rob at powerviewsystems.com
Thu Dec 9 04:25:31 CET 2004 

>Anyone else doing this or something similar should stop
>doing it post haste!

Jeff:

I appreciate your advice. But I'd like some clairification.

1st, I'm not a SpamAssassin user. In fact, none of your particular
suggestions (so far) regarding local whitelisting will be benefit me.

2nd, I'm running the TreeWalk DNS caching server on my Windows 2000 server
and everything running on my box looks to this application for DNS
resolution. TreeWalk by default goes to the root servers for advice...
except where I have specified otherwise in some "forwarders" strategically
set up. Some of these point to my Hosting provider's DNS server... some
point elsewhere.

3rd, ...and most important... this TreeWalk DNS server is **local only**. It
is NOT a DNS server that propagates info elsewhere and it ONLY serves up
domain resolution to applications running on my box. In fact, there is
security set up where my TreeWalk implementation will NOT server requests
from outside my box.

Therefore, I **think** that most of your gravest concerns are not
applicable???

Finally, the app that I'm using for DNSBL lookups doesn't provide a means to
manually whitelist individual entries.

For all these reasons, I see no other choice but to try to override these
setting on my server at the DNS level. Sure, doing this to whitelist SURBLs
on my DNS caching server is mostly for performance reasons. Therefore, one
could argue that it is not worth the hassle just to squeak a little extra
performance since these will often be cached from previous lookups.

However, I have not choice but to do this with some OTHER DNSBLs that I use.
For example, I do similar lookups with SpamHaus and with MailPolice and
there are occasional instances where they are too aggressive. I don't want
to NOT use them. I just want to have a means to surgically bypass a **few**
of their blocks and doing this in the BIND config files at the **local** DNS
caching server level is most efficient. (assuming that I can eventually get
the syntax correct!!!)

Again, I'm sure that there must be a way for me to get what I want... and it
seems like even if I'm doing something that isn't "by the book" there must
be a way to accomplish it without the more nasty repercussions that you
refer to.

Any suggestions/comments?

Thanks,

Rob McEwen

More information about the Discuss mailing list