I'm not Nick, but I'll chime in. You are correct.
On 7/28/06, Eric Shubes <[EMAIL PROTECTED]> wrote:
Jake Vickers wrote:
> Warren (mailing lists) wrote:
>> Jake Vickers wrote:
>>
>>> You have to set up at least a caching name server on your mail server to
>>> run the new version.
>>>
>>
>> Why? This is important to me because I use toaster on machines that run
>> mydns, which only serves as a primary source nameserver and does not
>> return records for other domains. Is this going to be a problem? Is
>> /etc/resolv.conf no longer used by toaster?
>>
> The domainkeys function requires at least a caching DNS server on the
> mail server itself to help speed up the requests. I believe (someone
> correct me if I'm wrong) this is for answering requests by other
> machines, not for local requests.
I think we need Nick to chime in here with the definitive answer.
That being said, here's my (mis?)understanding.
Yes, you need a *caching* nameserver with the new version that supports
domain keys. This is so that the mail server isn't querying the
nameserver(s) (listed in /etc/resolv.conf) for the domain key info for
each email processed. That would be quite inefficient.
Since it's a caching nameserver, it can't possibly answer requests by
non-local machines. It *might* be used as a nameserver for other local
machines, but that's not necessarily advisable as it could open up
network security holes. Safest route to go would be to have another
caching nameserver that is used strictly by the local network (e.g. on a
local file server). Having a local caching server is a good thing.
In order to implement DK, your authoritative server needs to have the
TXT record containing the appropriate information. (Note, while
unrelated to DK, it should probably have a TXT SPF record too). If you
run your own nameserver, that's where it should go. If you use a DNS
service (such as mydns or dyndns), the TXT records (like the MX record)
need to go in the DNS server of your provider, *not* your caching
nameserver. That way, the TXT records are available to the outside world.
Is that about right? Someone *please* correct me if I'm wrong.
This should probably be clarified in the installation notes.
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
