291631Re: Running namecache service on postfix server?
- Feb 27, 2013On 02/27/2013 06:58 AM, Wietse Venema wrote:
> Viktor Dukhovni:In such a case I would run IPsec between them with a policy for only DNS
>> Perhaps "postfix check" could generate a warning if DANE is enabled
>> and non-local nameservers are found in /etc/resolv.conf (or and/or
>> its chroot-jail version).
> I think it would be entirely reasonable to share a DNS cache among
> multiple systems within the same trusted perimeter. One DNS server
> per host in a farm of mail servers may not be practical.
traffic through the tunnel. ESP encapsulation is rather cheap and
assures you the traffic is going where you want it.
Or if you have very good VLAN control, you could run 802.1AE, but the
app space cannot tell (typically) if MACsec is working.
- << Previous post in topic Next post in topic >>