291613Re: Running namecache service on postfix server?
- Feb 26, 2013On 02/26/2013 08:57 PM, btb@... wrote:
> On Feb 26, 2013, at 11.51, Viktor Dukhovni <postfix-users@...> wrote:I don't think there is a MUST there in the IETF tradition. More of a
>> On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
>>> I have recently updated my DNS server and am observing the traffic
>>> from my mail server to constantly query for names. Some of these
>>> names are frequent requests, for example: zen.spamhaus.org. So I
>>> was thinking that I could benefit from running a namecaching setup
>>> on my mail server platform. This would cut down on traffic and time
>>> on my mail server.
>>> Is this a practice that is common? Are there any downsizes to doing this?
>> When Postfix support for DANE (RFC 6698) is introduced, there will
>> be a requirement to operate a local nameserver that is DNSSEC aware
>> on any machine that wants to take advantage of peer certificate details
>> published via DNSSEC to scalably deliver verified TLS email to many
>> sites without the overhead of local per-site configuration.
> why must the nameserver be local? i gather the point is to be able to trust the dns responses, which of course goes without saying - but there are methods for accomplishing this in scenarios with a non local nameserver, aren't there? i think rfc 6698 speaks to this briefly?
SHOULD; I think it is a matter of performance, and perhaps security (I
would have to net it out; definitely less 'room' for a MITM). I suspect
people with experience in this area (mine is elsewhere in the IETF and
IEEE 802) can well list the advantages of 'co-location'.
- << Previous post in topic Next post in topic >>