On 02/27/2013 01:21 AM, Viktor Dukhovni wrote:
On Tue, Feb 26, 2013 at 08:57:51PM -0500, b...@bitrate.net wrote:
When Postfix support for DANE (RFC 6698) is introduced, there will
be a requirement to operate a local nameserver that is DNSSEC aware
on any machine that wants to take advantage
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter.
On Feb 27, 2013, at 12:58, Wietse Venema wie...@porcupine.org wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be entirely reasonable to
On 02/27/2013 06:58 AM, Wietse Venema wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be entirely reasonable to share a DNS cache among
On 02/27/2013 09:25 AM, DTNX Postmaster wrote:
On Feb 27, 2013, at 12:58, Wietse Venema wie...@porcupine.org wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
On Wed, Feb 27, 2013 at 03:25:41PM +0100, DTNX Postmaster wrote:
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter. One DNS server
per host in a farm of mail servers may not be practical.
A local cache on each,
DTNX Postmaster:
On Feb 27, 2013, at 12:58, Wietse Venema wie...@porcupine.org wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be
On Wed, Feb 27, 2013 at 10:20:50AM -0500, Wietse Venema wrote:
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter. One DNS server
per host in a farm of mail servers may not be practical.
A local cache on each,
On 02/27/2013 10:20 AM, Wietse Venema wrote:
DTNX Postmaster:
On Feb 27, 2013, at 12:58, Wietse Venema wie...@porcupine.org wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its
On Wed, Feb 27, 2013 at 10:53:58AM -0500, Robert Moskowitz wrote:
But to share a single DNS among a number of mail servers, say in a
mail farm that probably has lots of other types of servers running
with questionable content, I would want secure tunnels from the mail
server to the DNS server
On 02/27/2013 11:10 AM, Viktor Dukhovni wrote:
I think we've beaten this thread to death, I'm done for now.
And I thank you for all you have said.
On 02/27/2013 10:43 AM, Viktor Dukhovni wrote:
On Wed, Feb 27, 2013 at 10:20:50AM -0500, Wietse Venema wrote:
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter. One DNS server
per host in a farm of mail servers may not be
Am 27.02.2013 17:42, schrieb Robert Moskowitz:
On Centos 6.3 (bind 9.8.2 with security patches) I did:
yum install bind bind-chroot
In /etc/sysconfig/network-scripts/ifcfg-eth0 set:
DNS1=127.0.0.1
DNS2=::1
ifdown eth0; ifup eth0
Add to /var/named/chroot/etc/named.conf options
On 02/27/2013 11:47 AM, Reindl Harald wrote:
Am 27.02.2013 17:42, schrieb Robert Moskowitz:
On Centos 6.3 (bind 9.8.2 with security patches) I did:
yum install bind bind-chroot
In /etc/sysconfig/network-scripts/ifcfg-eth0 set:
DNS1=127.0.0.1
DNS2=::1
ifdown eth0; ifup eth0
Add to
On Wed, Feb 27, 2013 at 05:47:28PM +0100, Reindl Harald wrote:
... more DNS related suggestions ...
Perhaps Postfix could benefit from a DNS_README.html, with examples
tuning a local cache for MX overrides, RBLDNSD integration using
an internal RBL zone, DNSSEC support, and any other
On Feb 27, 2013, at 18:05, Robert Moskowitz r...@htt-consult.com wrote:
Another tidbit is you should firewall access to port 53. Your caching server
is only for you. It is listening only on localhost, but why open up a port
not needed.
Review the examples given again, please. Why would
On 02/27/2013 12:26 PM, DTNX Postmaster wrote:
On Feb 27, 2013, at 18:05, Robert Moskowitz r...@htt-consult.com wrote:
Another tidbit is you should firewall access to port 53. Your caching server
is only for you. It is listening only on localhost, but why open up a port not
needed.
Am 26.02.2013 15:58, schrieb Robert Moskowitz:
I have recently updated my DNS server and am observing the traffic from my
mail server to constantly query for
names. Some of these names are frequent requests, for example:
zen.spamhaus.org. So I was thinking that I could
benefit from
On 02/26/2013 10:10 AM, Reindl Harald wrote:
Am 26.02.2013 15:58, schrieb Robert Moskowitz:
I have recently updated my DNS server and am observing the traffic from my mail
server to constantly query for
names. Some of these names are frequent requests, for example:
zen.spamhaus.org. So I
On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
I have recently updated my DNS server and am observing the traffic
from my mail server to constantly query for names. Some of these
names are frequent requests, for example: zen.spamhaus.org. So I
was thinking that I could
On Feb 26, 2013, at 17:51, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
I have recently updated my DNS server and am observing the traffic
from my mail server to constantly query for names. Some of these
names are
On Feb 26, 2013, at 11.51, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
I have recently updated my DNS server and am observing the traffic
from my mail server to constantly query for names. Some of these
names are
On 02/26/2013 08:57 PM, b...@bitrate.net wrote:
On Feb 26, 2013, at 11.51, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
I have recently updated my DNS server and am observing the traffic
from my mail server to constantly
On Tue, Feb 26, 2013 at 08:57:51PM -0500, b...@bitrate.net wrote:
When Postfix support for DANE (RFC 6698) is introduced, there will
be a requirement to operate a local nameserver that is DNSSEC aware
on any machine that wants to take advantage of peer certificate details
published via
24 matches
Mail list logo
