Loading ...
Sorry, an error occurred while loading the content.

291631Re: Running namecache service on postfix server?

Expand Messages
  • Robert Moskowitz
    Feb 27, 2013
    • 0 Attachment
      On 02/27/2013 06:58 AM, Wietse Venema wrote:
      > Viktor Dukhovni:
      >> Perhaps "postfix check" could generate a warning if DANE is enabled
      >> and non-local nameservers are found in /etc/resolv.conf (or and/or
      >> its chroot-jail version).
      > I think it would be entirely reasonable to share a DNS cache among
      > multiple systems within the same trusted perimeter. One DNS server
      > per host in a farm of mail servers may not be practical.

      In such a case I would run IPsec between them with a policy for only DNS
      traffic through the tunnel. ESP encapsulation is rather cheap and
      assures you the traffic is going where you want it.

      Or if you have very good VLAN control, you could run 802.1AE, but the
      app space cannot tell (typically) if MACsec is working.
    • Show all 25 messages in this topic