Dave Taht <[email protected]> writes: > Since most forwarders can't be trusted to return NXDOMAIN, an internal > email box at several of my sites runs dns directly. A few dnsrbl > providers offer ipv6 transport, so it's possible.
Ah, I see. I just run bind on cerowrt. Have to set an ntp server by IP (or in /etc/hosts; I use an internal GPS-backed server) to bootstrap, but otherwise it works well. > One advantage of dnssec is we get NXDOMAIN working again, so a > forwarder can be used... Presumably only if the forwarder doesn't strip the dnssec stuff? -Toke
signature.asc
Description: PGP signature
_______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
