Hallo,
On my machine, the authoriative server (BIND) only listends on the
the ethernet IP interface, while the recursive server (unbound)
listends only on 127.0.0.1. It validates queries for my own domain,
just like for any other.
I wanted to prevent installing and caring for two software instances on
such a minor system.
So two tasks for me:
a) fix the internal DNSSEC issue
Nothing to fix in DNSSEC, rather, split the auth and recursive
resolvers.
We'll see. Maybe I can convince bind to be a recursive resolver on the
local interface and ask
itself via the external interface for the own domains. Essentially your
setup, but only with
bind. I thought I did so in the past, but it also may be I simply forgot
about it. I believe
bind doesn't offer the easy way to simply check and add ad flags for
it's own domains when
used as recursive resolver.
Or maybe I'll document situation and simply ignore the missing DANE for
these two hosts ;-)
For Freedom In Peace
--
http://www.dstoecker.eu/ (PGP key available)
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org