Eric "Shubes" wrote:
>
> I think we need Nick to chime in here with the definitive answer.
>
> That being said, here's my (mis?)understanding.
>
> Yes, you need a *caching* nameserver with the new version that supports
> domain keys. This is so that the mail server isn't querying the
> nameserver(s) (listed in /etc/resolv.conf) for the domain key info for
> each email processed. That would be quite inefficient.
>
> Since it's a caching nameserver, it can't possibly answer requests by
> non-local machines. It *might* be used as a nameserver for other local
> machines, but that's not necessarily advisable as it could open up
> network security holes. Safest route to go would be to have another
> caching nameserver that is used strictly by the local network (e.g. on a
> local file server). Having a local caching server is a good thing.
>
> In order to implement DK, your authoritative server needs to have the
> TXT record containing the appropriate information. (Note, while
> unrelated to DK, it should probably have a TXT SPF record too). If you
> run your own nameserver, that's where it should go. If you use a DNS
> service (such as mydns or dyndns), the TXT records (like the MX record)
> need to go in the DNS server of your provider, *not* your caching
> nameserver. That way, the TXT records are available to the outside world.
>
> Is that about right? Someone *please* correct me if I'm wrong.
>
> This should probably be clarified in the installation notes.
But then if what you are saying is true, then a caching name server is
not *needed* but is a good thing to have to stop inefficiencies. Again,
I say this because I have setups that only have an authoritative name
server on them and the caching name server is the machine immediately
below it in the rack.
I guess the questions are: Does qmail specifically query a name server
on the current machine or does it just do a normal DNS query? If it
specifically does a request to the local machine does it do it on
localhost so that a cachine DNS can be put on localhost and the
authoritative one on the external IP?
Sincerely,
Warren
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
