I am running redhat 8 mailserver. and I just noticed that I am being hit by dns searches... how do I block these.

See /etc/named.conf for the allow-query entry, to specify which hosts are permitted to do DNS lookups on the machine. Of course, if you're not actually using the machine as a DNS server you ought to disable named.

If I only want to use the server for mail and local surfing can I disable the named?
and just use a gateway.

The only file that is there is named.custom is that the same as named.conf? in this case

and how do I disable the file.
chmod or delete or other?

I did find /etc/log.d/conf/services/named.conf?

Well first, are the DNS queries from external IPs or internal? Your local clients will need to make DNS lookups for any connections they make to the Internet. The easiest way to disallow remote hosts querying your server for DNS is to firewall off port 53 completely from the outside world (both TCP and UDP).

the dns queries in the log are coming from the server itself.. and I am the only one using it... and I know they queries are not mine.
I'll go look at port 53 on the netserver

Your mail server is making the queries. It does a DNS lookup every time it sends a message, and likely it also tries to do a reverse lookup of every IP that connects to deliver mail to you. If you totally disable DNS you will break your mail server.

I disagree... the mail logs show constant activity when our office was closed down.


would this be open relay then?

Probably bouncing messages that were sent to non-existent users on your system. Look, if the queries have a source address of your server SOME application on your server is making those queries and you're going to break it when you disable DNS. Now given the fact that you're primarily running the box as a mail server, and additionaly given that the two examples you just posted a) start with mail. and b) sound like porn spammer hosts, I willing to bet money it's your mail server.

However, it's your server and you're welcome to break it if you want to. Just don't come back tomorrow asking why you suddenly can't deliver mail.

By the way, even if you do have /etc/resolv.conf configure to query your ISPs name server and mail continues to work, you'll add a lot more latency to your lookups and that will impact performance.

I really don't see why you're so paranoid about your own server doing DNS lookups. DNS is the foundation of the Internet. It is also true that if you have the processing horsepower, it's much better to do queries locally on your own network rather than across the Internet, because you will have significantly better performance. As long as Internet users aren't doing zone file transfers of your entire zone off your DNS server, you're fine! Let your internal boxes query all they want, all it's doing is increasing your Internet performance.

I highly suggest reading DNS & BIND from O'Reilly.

I was worried that I may have been providing the mail for the spammers somehow... I have to watch my logs for garbage like the forementioned spammers... our users are not allowed to do that sort of stuff. thanks for your input.

Just don't allow relay from external IPs. You can easily test that by going to an outside box (one that's not on your network), telnet to your mail server on port 25, and issue the SMTP commands by hand. Make sure your MAIL FROM is not in your domain and neither is the RCPT TO. If it accepts the message, you have problems.

Obviously the above uses a private IP (10.0.0.3) where you would be using the public IP if connecting from a remote system, but you get the idea. Above is an example of a server which DOES allow relaying. This is bad.

A server which does not allow relaying would have responded with the below, instead of "250 OK" after the RCPT TO line.
Note that you cannot do this test from inside your network, because your server SHOULD relay for internal hosts.