分类: LINUX
2010-02-11 01:10:40
作为一名邮件管理员已经深深体会到DNS 被劫持的苦痛,目前在中国的ISP 中,大部分DNS已经做了劫持,反垃圾邮件系统在查询RBL (黑名单)时,由于dns 劫持,所以很多正常的IP都会被误判为黑名单IP。
详细请看:
如何判断所用的dns 有没有受到劫持,最简单的测试办法:用nslookup 去查询一个不存在的域名,如果返回一个IP,通过浏览打开这个IP会发现是一个广告页,那么这个DNS 已经被劫持了,如果返回** server can't find wwwsfsefse.com: NXDOMAIN 则未被劫持。
例:
未被劫持的DNS:
[root@mail ~]# nslookup
serwr3rsf.com 61.235.70.98
Server: 61.235.70.98
Address:
61.235.70.98#53
** server can't find serwr3rsf.com: NXDOMAIN
已经被劫持的DNS:
# nslookup sfsef333sf.com
202.96.128.86
Server: 202.96.128.86
Address:
202.96.128.86#53
Non-authoritative answer:
Name:
sfsef333sf.com
Address: 61.140.3.66
不管你所用的DNS是否被劫持,对于经常查询RBL 的邮件系统来说,建立一个系统本地的DNS
缓存是非常有必要的。
在centos 里建立本机DNS 缓存非常方便。
[root@localhost ~]# yum install
caching-nameserver
[root@localhost ~]# chkconfig named on
[root@localhost
~]# service named start
Starting
named: [ OK
]
编辑/etc/resolv.conf,改为下面的内容:
nameserver 127.0.0.1
测试:
[root@localhost ~]# nslookup
Server: 127.0.0.1
Address:
127.0.0.1#53
Non-authoritative answer:
canonical name
= .
Name:
Address:
64.233.189.99
Name:
Address:
64.233.189.103
Name:
Address:
64.233.189.104
Name:
Address:
64.233.189.147
[root@localhost ~]# nslookup
sefsf2sfef.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find sefsf2sfef.com:
NXDOMAIN
测试成功!
