On 02/27/2013 09:25 AM, DTNX Postmaster wrote:
On Feb 27, 2013, at 12:58, Wietse Venema <wie...@porcupine.org> wrote:
Viktor Dukhovni:
Perhaps "postfix check" could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter. One DNS server
per host in a farm of mail servers may not be practical.
A local cache on each, forwarding to two or three resolvers that are
nearby? Local for DNSSEC verification, nearby cache for performance
reasons? Am I missing something that would make that impractical?
Lots of cat skinners out here.
