I think you are right, Eric, What I do for my main box is have the caching nameserver on it and use as forwarders the default that came with the caching name server (djbdns) and added the name servers of my ISP (the box is COLO, so even that is really fast when it comes to lookups). Those also are the authoritative ones for my domains. I have always had great experience when splitting caching and auth name servers.
Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 14.02.2011 um 20:58 schrieb Eric Shubert: > Hey Marek, > > Using Bind is fine, but using a single server/process for both authoritative > and resolver purposes is not a good practice. It can be done, but I would try > very hard to keep them separate before endeavoring to put them together. It > can be done, but it's a bit tricky to do well (accurately and securely). > > If at all possible, I would use an authoritative DNS server that's external > to QMT, then simply install the caching-nameserver package on QMT to use as a > resolver. You should also modify the resolver's configuration to use > forwarders, but that's not absolutely necessary. caching-nameserver > configuration should work ok as is. > > Martin, do you have anything to add? (Sorry for jumping in again) > > -- > -Eric 'shubes' > > On 02/14/2011 12:14 PM, d...@demod.pl wrote: >> Thank You for advice. >> >> I think, I must learn about DNS much more as I thought before i wrote >> these emails. >> >> I'm using BIND (named). >> >> Yes it's authoritative DNS server and i think it's a local resolver. Now >> I understand it's wrong practice? >> >> Now i'm going to try apply you advices and read something more about DNS >> server. >> >> I will let you know about my progress >> >> >> >> regards >> >> Marek >> >> >> >> ----- Original Message ----- From: "Eric Shubert" <e...@shubes.net> >> To: <qmailtoaster-list@qmailtoaster.com> >> Sent: Monday, February 14, 2011 4:24 PM >> Subject: [qmailtoaster] Re: DNS temporary failure if one DNS server dont >> work. >> >> >>> I agree whole heartedly with Martin (whatever that's worth). >>> >>> Two key questions which haven't been answered yet by Marek: >>> 1) which software is he using (bind or djbdns) >>> 2) is he using the local resolver as an authoritative DNS server as >>> well? (I would hope not, but you never know). >>> >>> I gotta chuckle regarding Marek's name, as there is a commercial email >>> server called "Marek Mail". :) >>> >>> Thanks, Martin. I'll let you finish up with this one. >>> -- >>> -Eric 'shubes' >>> >>> On 02/14/2011 01:39 AM, Martin Waschbüsch wrote: >>>> Seeing as it does not work right now, I don't know where the servers >>>> are listed on his system. Clearly there must be some configuration >>>> issue. >>>> >>>> But at the same time, IMHO it is the best solution to ensure there is >>>> a properly configured local DNS server. >>>> Such a local DNS server has a config where you can list forwarding >>>> DNS servers and that is where his name servers should be configured. >>>> >>>> Imagine resolv.conf lists the two outside DNS servers directly. >>>> Let's assume that the first entry (will be queried first) is down. >>>> >>>> Although the system tries to send 50 individual mails to >>>> some...@googlemail.com, the mail server will experience a timeout for >>>> the first name server and only then query the secondary server. All >>>> that happens 50 times(!) >>>> Now, if you have a working caching DNS server, as soon as the first >>>> timeout happened and the secondary DNS server was queried, the local >>>> server has the DNS entry stored and the remaining 49 messages do not >>>> encounter any timeout at all. >>>> >>>> Martin >>>> >>>> >>>> -- >>>> Martin Waschbüsch >>>> IT-Dienstleistungen >>>> Lautensackstr. 16 >>>> 80687 München >>>> >>>> Telefon: +49 89 57005708 >>>> Fax: +49 89 57868023 >>>> Mobil: +49 170 2189794 >>>> mar...@waschbuesch.de >>>> http://martin.waschbuesch.de >>>> >>>> Am 14.02.2011 um 09:06 schrieb Tony White: >>>> >>>>> Hi, >>>>> So what/where are the two dns servers Marek >>>>> says he is using? >>>>> >>>>> >>>>> On 14/02/2011 7:02 PM, Martin Waschbüsch wrote: >>>>>> That is not correct! >>>>>> If localhost runs a caching DNS server, it will fetch DNS >>>>>> information from forwarding DNS servers, which can be the ISP's, >>>>>> Google's, whatever. >>>>>> The whole point of having a local caching DNS server is that it not >>>>>> only takes care of using all DNS servers it knows about to fetch >>>>>> data, but also to store that data and prevent DNS-lookup-heavy >>>>>> applications (like E-Mail servers) to generate lots of additional >>>>>> traffic and overhead. >>>>>> >>>>>> So, if Marek runs a local DNS server and still gets problems, then >>>>>> we need to look at that config. >>>>>> If not, he really should install a caching DNS server (named, >>>>>> djbdns, etc.) >>>>>> >>>>>> In any case, resolv.conf is just fine only pointing to the local >>>>>> server. >>>>>> >>>>>> Martin >>>>>> >>>>>> -- >>>>>> Martin Waschbüsch >>>>>> IT-Dienstleistungen >>>>>> Lautensackstr. 16 >>>>>> 80687 München >>>>>> >>>>>> Telefon: +49 89 57005708 >>>>>> Fax: +49 89 57868023 >>>>>> Mobil: +49 170 2189794 >>>>>> mar...@waschbuesch.de >>>>>> http://martin.waschbuesch.de >>>>>> >>>>>> Am 14.02.2011 um 07:59 schrieb Bruno De Leone: >>>>>> >>>>>>> That means your only DNS is your local DNS so the qmail will never >>>>>>> find any server outside it's network... >>>>>>> >>>>>>> You should add the DNS of your preference. For example, to add >>>>>>> google's DNS, edit the file /etc/resolv.conf and add these lines >>>>>>> at the end of the file: >>>>>>> >>>>>>> nameserver 8.8.8.8 >>>>>>> nameserver 4.4.4.4 >>>>>>> >>>>>>> On Mon, Feb 14, 2011 at 4:39 AM,<d...@demod.pl> wrote: >>>>>>> In resolv.conf I have only: >>>>>>> "search localdomain >>>>>>> nameserver 127.0.0.1" >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- From: "Tony White"<t...@ycs.com.au> >>>>>>> >>>>>>> To:<qmailtoaster-list@qmailtoaster.com> >>>>>>> Sent: Monday, February 14, 2011 2:55 AM >>>>>>> >>>>>>> Subject: Re: [qmailtoaster] DNS temporary failure if one DNS >>>>>>> server dont work. >>>>>>> >>>>>>> >>>>>>> Marek, >>>>>>> What order are the dns servers in /etc/resolv.conf? >>>>>>> If they are the failing one on line one then reverse them. >>>>>>> >>>>>>> On 14/02/2011 9:03 AM, d...@demod.pl wrote: >>>>>>> Thanks for fast reply. >>>>>>> I use 2 named servers. >>>>>>> everyone in different locations. One DNS server is on the same >>>>>>> machine as qmailtoaster and always on. But when secondary DNS on >>>>>>> the other location die i canot send email outside. >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- From: "Carlos Herrera >>>>>>> Polo"<carlos.herrerap...@gmail.com> >>>>>>> To:<qmailtoaster-list@qmailtoaster.com> >>>>>>> Sent: Sunday, February 13, 2011 10:02 PM >>>>>>> Subject: Re: [qmailtoaster] DNS temporary failure if one DNS >>>>>>> server dont work. >>>>>>> >>>>>>> >>>>>>> Djbdns or named >>>>>>> >>>>>>> 2011/2/13, Martin Waschbüsch<mar...@waschbuesch.de>: >>>>>>> What you could try is this: >>>>>>> >>>>>>> Have a local caching DNS server and that takes care of resolving >>>>>>> to as many >>>>>>> 'real' DNS servers as you like. >>>>>>> Doing so means that your DNS server (local) is ALWAYS on (unless >>>>>>> the daemon >>>>>>> dies) and this problem won't occur again. >>>>>>> >>>>>>> Martin >>>>>>> >>>>>>> -- >>>>>>> Martin Waschbüsch >>>>>>> IT-Dienstleistungen >>>>>>> Lautensackstr. 16 >>>>>>> 80687 München >>>>>>> >>>>>>> Telefon: +49 89 57005708 >>>>>>> Fax: +49 89 57868023 >>>>>>> Mobil: +49 170 2189794 >>>>>>> mar...@waschbuesch.de >>>>>>> http://martin.waschbuesch.de >>>>>>> >>>>>>> Am 13.02.2011 um 19:48 schrieb<d...@demod.pl> <d...@demod.pl>: >>>>>>> >>>>>>> Hello everyone >>>>>>> >>>>>>> I have a problem with my qmailtoster. When one of my DNS server is >>>>>>> down i >>>>>>> cant send email. When i try send email outside i have an error >>>>>>> message: >>>>>>> DNS temporary failure. This hapen even if one DNS server works >>>>>>> correctly. >>>>>>> Does anyone know how can I solve it? >>>>>>> >>>>>>> Thanx for you help. >>>>>>> Marek >>>>>>> >>>>>>> >>>>>>> __________ Informacja programu ESET NOD32 Antivirus, wersja bazy >>>>>>> sygnatur >>>>>>> wirusow 5835 (20110131) __________ >>>>>>> >>>>>>> Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. >>>>>>> http://www.eset.pl lub http://www.eset.com >>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------------------- >>>>>>> >>>>>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>>>>> (www.vickersconsulting.com) >>>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>>> installations. >>>>>>> If you need professional help with your setup, contact them today! >>>>>>> --------------------------------------------------------------------------------- >>>>>>> >>>>>>> Please visit qmailtoaster.com for the latest news, updates, and >>>>>>> packages. >>>>>>> >>>>>>> To unsubscribe, e-mail: >>>>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>>>> For additional commands, e-mail: >>>>>>> qmailtoaster-list-h...@qmailtoaster.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> best wishes >>>>>>> Tony White >>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------------------- >>>>>>> >>>>>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>>>>> (www.vickersconsulting.com) >>>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>>> installations. >>>>>>> If you need professional help with your setup, contact them today! >>>>>>> --------------------------------------------------------------------------------- >>>>>>> >>>>>>> Please visit qmailtoaster.com for the latest news, updates, and >>>>>>> packages. >>>>>>> To unsubscribe, e-mail: >>>>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>>>> For additional commands, e-mail: >>>>>>> qmailtoaster-list-h...@qmailtoaster.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> __________ Informacja programu ESET NOD32 Antivirus, wersja bazy >>>>>>> sygnatur wirusow 5835 (20110131) __________ >>>>>>> >>>>>>> Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. >>>>>>> >>>>>>> http://www.eset.pl lub http://www.eset.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> __________ Informacja programu ESET NOD32 Antivirus, wersja bazy >>>>>>> sygnatur wirusow 5835 (20110131) __________ >>>>>>> >>>>>>> Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. >>>>>>> >>>>>>> http://www.eset.pl lub http://www.eset.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------------------- >>>>>>> >>>>>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>>>>> (www.vickersconsulting.com) >>>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>>> installations. >>>>>>> If you need professional help with your setup, contact them today! >>>>>>> --------------------------------------------------------------------------------- >>>>>>> >>>>>>> Please visit qmailtoaster.com for the latest news, updates, and >>>>>>> packages. >>>>>>> To unsubscribe, e-mail: >>>>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>>>> For additional commands, e-mail: >>>>>>> qmailtoaster-list-h...@qmailtoaster.com >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> --------------------------------------------------------------------------------- >>>>>> >>>>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>>>> (www.vickersconsulting.com) >>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>> installations. >>>>>> If you need professional help with your setup, contact them today! >>>>>> --------------------------------------------------------------------------------- >>>>>> >>>>>> Please visit qmailtoaster.com for the latest news, updates, and >>>>>> packages. >>>>>> >>>>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>>> For additional commands, e-mail: >>>>>> qmailtoaster-list-h...@qmailtoaster.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> best wishes >>>>> Tony White >>>>> >>>>> Yea Computing Services >>>>> http://www.ycs.com.au >>>>> 4 The Crescent >>>>> Yea >>>>> Victoria >>>>> Australia 3717 >>>>> >>>>> Telephone No's >>>>> VIC : 03 9008 5614 >>>>> FAX : 03 9008 5610 (FAX2Email) >>>>> >>>>> >>>>> >>>>> IMPORTANT NOTICE >>>>> >>>>> This communication including any file attachments is intended solely >>>>> for >>>>> the use of the individual or entity to whom it is addressed. If you are >>>>> not the intended recipient, or the person responsible for delivering >>>>> this communication to the intended recipient, please immediately notify >>>>> the sender by email and delete the original transmission and its >>>>> contents. Any unauthorised use, dissemination, forwarding, printing or >>>>> copying of this communication including file attachments is prohibited. >>>>> It is your responsibility to scan this communication including any file >>>>> attachments for viruses and other defects. To the extent permitted by >>>>> law, Yea Computing Services and its associates will not be liable for >>>>> any loss or damage arising in any way from this communication including >>>>> any file attachments. >>>>> >>>>> >>>>> --------------------------------------------------------------------------------- >>>>> >>>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>>> (www.vickersconsulting.com) >>>>> Vickers Consulting Group offers Qmailtoaster support and installations. >>>>> If you need professional help with your setup, contact them today! >>>>> --------------------------------------------------------------------------------- >>>>> >>>>> Please visit qmailtoaster.com for the latest news, updates, and >>>>> packages. >>>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>> For additional commands, e-mail: >>>>> qmailtoaster-list-h...@qmailtoaster.com >>>>> >>>>> >>>> >>>> >>>> --------------------------------------------------------------------------------- >>>> >>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>> (www.vickersconsulting.com) >>>> Vickers Consulting Group offers Qmailtoaster support and installations. >>>> If you need professional help with your setup, contact them today! >>> >>> >>> >>> --------------------------------------------------------------------------------- >>> >>> Qmailtoaster is sponsored by Vickers Consulting Group >>> (www.vickersconsulting.com) >>> Vickers Consulting Group offers Qmailtoaster support and installations. >>> If you need professional help with your setup, contact them today! >>> --------------------------------------------------------------------------------- >>> >>> Please visit qmailtoaster.com for the latest news, updates, and packages. >>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >>> >>> >>> >>> >>> __________ Informacja programu ESET NOD32 Antivirus, wersja bazy >>> sygnatur wirusow 5835 (20110131) __________ >>> >>> Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. >>> >>> http://www.eset.pl lub http://www.eset.com >>> >>> >> >> >> __________ Informacja programu ESET NOD32 Antivirus, wersja bazy >> sygnatur wirusow 5835 (20110131) __________ >> >> Wiadomosc zostala sprawdzona przez program ESET NOD32 Antivirus. >> >> http://www.eset.pl lub http://www.eset.com >> >> >> >> --------------------------------------------------------------------------------- >> >> Qmailtoaster is sponsored by Vickers Consulting Group >> (www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and installations. >> If you need professional help with your setup, contact them today! > > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and packages. > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
