>>>> given that install unbound as local resolver takes 2 minutes it's even not >>>> worth to argue on that topic and a spamfilter without RBL's and URIBL's is >>>> just nonsense >> >>>I have installed a caching DNS server before (albeit probably about 15 >>>years ago). But it just shouldn't be necessary. >> >> It can be necessary if you have enough mail volume.
>That's not what I'm saying. It should not be necessary to run a >full-blown DNS server for SA to do it's queries. It should be possible >to call a library and create a DNS context that has all of it's own >parameters and then use that in an isolated way. Then other services >on the system are completely unaffected. Don't tell me someone has >never tweaked some parameter in your supposedly caching-only >nameserver and inadvertantly broken something or wished they could >tweak something and can't because of the dependencies. And it's very >possible that the queries might be for different names using custom >query parameters in an async way and so on in which case the system >resolver API might not be ideal. You missed my point which I clarified yesterday in a previous post. >I'm not pooh-poohing your advice. I'm just saying the DNS bits should >be librarified so that these things don't even need extra thought. >This stuff might be what you do all the time but I don't. I do this >once every few years. This is the sort of thing that makes people >switch to "cloud services". If you don't do this kind of work often, I completely understand it's hard to keep up with everything. I am sure I can't keep up with some of the stuff that you do everyday. One option is to use something like http://efa-project.org/ so it can be handled for you automatically by smart people like Shawn that do this everyday.