Jake Vickers wrote:
Warren (mailing lists) wrote:
Jake Vickers wrote:
You have to set up at least a caching name server on your mail server to
run the new version.
Why? This is important to me because I use toaster on machines that run
mydns, which only serves as a primary source nameserver and does not
return records for other domains. Is this going to be a problem? Is
/etc/resolv.conf no longer used by toaster?
The domainkeys function requires at least a caching DNS server on the
mail server itself to help speed up the requests. I believe (someone
correct me if I'm wrong) this is for answering requests by other
machines, not for local requests.
I think we need Nick to chime in here with the definitive answer.
That being said, here's my (mis?)understanding.
Yes, you need a *caching* nameserver with the new version that supports
domain keys. This is so that the mail server isn't querying the
nameserver(s) (listed in /etc/resolv.conf) for the domain key info for
each email processed. That would be quite inefficient.
Since it's a caching nameserver, it can't possibly answer requests by
non-local machines. It *might* be used as a nameserver for other local
machines, but that's not necessarily advisable as it could open up
network security holes. Safest route to go would be to have another
caching nameserver that is used strictly by the local network (e.g. on a
local file server). Having a local caching server is a good thing.
In order to implement DK, your authoritative server needs to have the
TXT record containing the appropriate information. (Note, while
unrelated to DK, it should probably have a TXT SPF record too). If you
run your own nameserver, that's where it should go. If you use a DNS
service (such as mydns or dyndns), the TXT records (like the MX record)
need to go in the DNS server of your provider, *not* your caching
nameserver. That way, the TXT records are available to the outside world.
Is that about right? Someone *please* correct me if I'm wrong.
This should probably be clarified in the installation notes.
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
