291633Re: Running namecache service on postfix server?
- Feb 27 7:09 AMOn Wed, Feb 27, 2013 at 03:25:41PM +0100, DTNX Postmaster wrote:
> > I think it would be entirely reasonable to share a DNS cache amongNo, and that's pretty much what my original post suggests:
> > multiple systems within the same trusted perimeter. One DNS server
> > per host in a farm of mail servers may not be practical.
> A local cache on each, forwarding to two or three resolvers that are
> nearby? Local for DNSSEC verification, nearby cache for performance
> reasons? Am I missing something that would make that impractical?
On Tue, Feb 26, 2013 at 04:51:22PM +0000, Viktor Dukhovni wrote:
> On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
> Setting up DNSSEC on a local unbound cache that forwards all queries
> to an upstream server boils down to:
> trust-anchor: ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
> # Forward all requests to upstream server at 192.0.2.1
> name: "."
> forward-addr: "192.0.2.1"
As you say, one would typically add a couple of additional upstream caches:
- << Previous post in topic Next post in topic >>