Loading ...
Sorry, an error occurred while loading the content.

291633Re: Running namecache service on postfix server?

Expand Messages
  • Viktor Dukhovni
    Feb 27 7:09 AM
    • 0 Attachment
      On Wed, Feb 27, 2013 at 03:25:41PM +0100, DTNX Postmaster wrote:

      > > I think it would be entirely reasonable to share a DNS cache among
      > > multiple systems within the same trusted perimeter. One DNS server
      > > per host in a farm of mail servers may not be practical.
      >
      > A local cache on each, forwarding to two or three resolvers that are
      > nearby? Local for DNSSEC verification, nearby cache for performance
      > reasons? Am I missing something that would make that impractical?

      No, and that's pretty much what my original post suggests:

      On Tue, Feb 26, 2013 at 04:51:22PM +0000, Viktor Dukhovni wrote:

      > On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
      >
      > Setting up DNSSEC on a local unbound cache that forwards all queries
      > to an upstream server boils down to:
      >
      > /etc/unbound/unbound.conf
      > server:
      > ...
      > trust-anchor: ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
      >
      > # Forward all requests to upstream server at 192.0.2.1
      > forward-zone:
      > name: "."
      > forward-addr: "192.0.2.1"

      As you say, one would typically add a couple of additional upstream caches:

      forward-addr: "192.0.2.2"
      forward-addr: "192.0.2.3"

      --
      Viktor.
    • Show all 25 messages in this topic