On Thu, May 08, 2008 at 12:03:30AM -0500, Sam Fourman Jr. wrote:
> On Wed, May 7, 2008 at 10:41 PM, Jon Radel <[EMAIL PROTECTED]> wrote:
> > Sam Fourman Jr. wrote:
> > >> > (...) I want to host email for 10 different domains (...)
> > >> If you're currently using a setup that involves the same IP
> > >> address for both authoritative (domains you host) and recursive
> > >> queries (client DNS requests), you should get these split onto
> > >> separate addresses.
>
> What I am really after is, well it is probably a fine line.... the
> most secure DNS can be while still providing the outside world
> recursive queries.
> because there is no real (sane) way to host email servers and not
> provide recursive queries.
Are you *sure* you don't mean "while still providing the _internal
network_ recursive queries" or "not provide _reverse_ queries"? Really,
really sure?
I would dispute the necessity of either, at least for a modest setup,
but I will agree that both are helpful: a caching nameserver can speed
up name resolution, potentially increasing throughput on a busy server;
a proper reverse DNS can help get past spam filters.
But providing all of the world access to recursive DNS is not a good
idea, and certainly not necessary.
Joachim
--
TFMotD: zmore, zless (1) - view compressed files
