On 2025-10-22 at 11:48:16 UTC-0400 (Wed, 22 Oct 2025 17:48:16 +0200)
Fourhundred Thecat via Postfix-users <[email protected]>
is rumored to have said:
On 2025-10-22 17:40, Viktor Dukhovni via Postfix-users wrote:
In other words, the ONLY entry in /etc/resolv.conf on an MTA
should be 127.0.0.1. And that resolver might use multiple
forwarders, but would then track which of its forwarders are
responsive and avoid the non-responsive ones (except for
occasional concurent probes to check whether they're back).
DO NOT make the mistake of listing remote nameservers in
/etc/resolv.conf.
you mean I should only ever have 127.0.0.1 in /etc/resolv.conf and use
some local recursive caching resolver such as unbound ?
is this standard/recommended setup for Postfix ?
That has been broadly considered the best practice for all Unix/Linux
MTAs for decades.
It has been recommended here and in other fora for mail admins
repeatedly and consistently.
In some larger environments it may make sense to consolidate resolution
by many separate MTA machines in a shared resolver cache on a host on
the same LAN as the MTAs. Any circumstance where all of your DNS queries
need to pass through a router is bad.
--
Bill Cole
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
