291637Re: Running namecache service on postfix server?
- Feb 27, 2013On Wed, Feb 27, 2013 at 10:20:50AM -0500, Wietse Venema wrote:
> > > I think it would be entirely reasonable to share a DNS cache amongThis was the intent of my original example, I guess I did not draw
> > > multiple systems within the same trusted perimeter. One DNS server
> > > per host in a farm of mail servers may not be practical.
> > A local cache on each, forwarding to two or three resolvers that are
> > nearby? Local for DNSSEC verification, nearby cache for performance
> > reasons? Am I missing something that would make that impractical?
> I think it would be helpful to give examples of how "secure DNS"
> caches can be shared, instead of outright banning this. On non-trivial
> deployments, DNS and MAIL are managed by different people.
sufficient attention to the:
stanza at the bottom of the unbound.conf example. We'll need to
provide a similar configuration example for BIND, and explain the
rationale for both, so other local nameservers could also be
supported by an MTA administrator who understands the requirements.
- << Previous post in topic Next post in topic >>