On Thu, May 08, 2008 at 12:03:30AM -0500, Sam Fourman Jr. wrote: > On Wed, May 7, 2008 at 10:41 PM, Jon Radel <[EMAIL PROTECTED]> wrote: > > Sam Fourman Jr. wrote: > > >> > (...) I want to host email for 10 different domains (...) > > >> If you're currently using a setup that involves the same IP > > >> address for both authoritative (domains you host) and recursive > > >> queries (client DNS requests), you should get these split onto > > >> separate addresses. > > What I am really after is, well it is probably a fine line.... the > most secure DNS can be while still providing the outside world > recursive queries. > because there is no real (sane) way to host email servers and not > provide recursive queries.
Are you *sure* you don't mean "while still providing the _internal network_ recursive queries" or "not provide _reverse_ queries"? Really, really sure? I would dispute the necessity of either, at least for a modest setup, but I will agree that both are helpful: a caching nameserver can speed up name resolution, potentially increasing throughput on a busy server; a proper reverse DNS can help get past spam filters. But providing all of the world access to recursive DNS is not a good idea, and certainly not necessary. Joachim -- TFMotD: zmore, zless (1) - view compressed files