> On 5 Mar 2022, at 18:23, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > > On 05.03.22 12:43, Gerben Wierda wrote: >> A forward zone without a forward address gives SERVFAIL >> >> But I was able to use >> >> forward-zone: >> name: "spamhaus.org" >> forward-addr: 127.0.0.1@1053 # do not resolve spamhaus via public DNS >> resolvers >> >> Because I have a second non-forwarding unbound running on port 1053 for >> rspamd already (which has more or less the same issue, but which — unlike >> postfix — can be told to use a different name server itself) > > so, you have multiple SW installed that have problems with forwarding DNS, > but you insist on forwarding DNS?
Yes, because forwarding to quad9 (9.9.9.9) has advantages in that it will not resolve known bad actors. This adds to the protection my users who use my DNS resolver. The two who are having problems (postfix - DNSBL, and rspamd) are exceptions to the rule. rspamd can be configured to use a different resolver than the default resolver, postfix can’t. I’m quite happy now. > turn off all forwarding for servers. Hence: no. ;-) G
