On Wed, Feb 26, 2014 at 07:43:25AM +0100, Erwan David wrote:
> > The local resolver can have the resolvers on the LAN configured as
> > forwarders, but you need the local stub resolver. No reason not to have
> > one, really, especially on a busy mail server.
>
> However your "local" resolver could be in another jail/zone/container
> (depending on your OS) with another IP address and not the loopback.
>
> You could also have an IPSEC link to your resolver to get you trust
> you use the right one. This 127.0.0.1 (or ::1) is in my sense too
> restrictive, but you need a trusted link between your postfix and your
> resolver.
Yes, of course. In practice, for most users, the local resolver
is by far the simplest configuration.
--
Viktor.
