Eric "Shubes" wrote: > > I think we need Nick to chime in here with the definitive answer. > > That being said, here's my (mis?)understanding. > > Yes, you need a *caching* nameserver with the new version that supports > domain keys. This is so that the mail server isn't querying the > nameserver(s) (listed in /etc/resolv.conf) for the domain key info for > each email processed. That would be quite inefficient. > > Since it's a caching nameserver, it can't possibly answer requests by > non-local machines. It *might* be used as a nameserver for other local > machines, but that's not necessarily advisable as it could open up > network security holes. Safest route to go would be to have another > caching nameserver that is used strictly by the local network (e.g. on a > local file server). Having a local caching server is a good thing. > > In order to implement DK, your authoritative server needs to have the > TXT record containing the appropriate information. (Note, while > unrelated to DK, it should probably have a TXT SPF record too). If you > run your own nameserver, that's where it should go. If you use a DNS > service (such as mydns or dyndns), the TXT records (like the MX record) > need to go in the DNS server of your provider, *not* your caching > nameserver. That way, the TXT records are available to the outside world. > > Is that about right? Someone *please* correct me if I'm wrong. > > This should probably be clarified in the installation notes.
But then if what you are saying is true, then a caching name server is not *needed* but is a good thing to have to stop inefficiencies. Again, I say this because I have setups that only have an authoritative name server on them and the caching name server is the machine immediately below it in the rack. I guess the questions are: Does qmail specifically query a name server on the current machine or does it just do a normal DNS query? If it specifically does a request to the local machine does it do it on localhost so that a cachine DNS can be put on localhost and the authoritative one on the external IP? Sincerely, Warren --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]