A lot has been written lately about DNS as it relates to QMT. As I am
the DNS Admin for the project, I thought it worthwhile to share my thoughts.
NOTE: Although I am the DNS Admin of the project, these are _/MY
/_opinions, based on /_MY _/experiences... they do NOT represent any
official position of the QMT project.
Firstly, let's differentiate the KINDS of DNS service:
- A _*RESOLVING *_DNS server answers /permitted client /requests
to resolve ANY DNS request (like YAHOO.COM) by recursively searching for
an appropriate authoritative DNS server for the domain requested. (A
*RECURSIVE *DNS server is a /synonym /to a *RESOLVING *DNS server)
- AN _*AUTHORITATIVE *_DNS server answers /PUBLIC /requests to
resolve DNS for domains for which it is authoritative (e.g. its own
domains).
Some DNS servers (like BIND 9 and later) have the ability to do both
(securely - BIND8 could do both, but not very securely), while others
(like PDNS) take the QMail approach and use separate programs to do each
kind of task. FWIW, I use PDNS resolvers on some of my QMT servers, and
BIND9 on others.
I'm reasonably well-known for not "drinking the kool-aide" from any
vendor or software project. Instead, I choose the "right tool for
the right use" - and choosing a DNS server is one of those instances
where "one size fits all" is definitely UNTRUE.
SIDE NOTE: I am far less adamant than Eric (my boss on this project!)
that an authoritative DNS service should /not /be on the same server as
a QMT (or other mailserver).
IMHO, there are times when it is appropriate, and times when it is not.
In my experience (which is considerable, though I don't yet consider
myself an expert):
- I have some high-traffic QMT servers that service high-use domains and
use pdns-resolver (and external authoritative DNS servers)
- I have some low-traffic QMT servers where the DNS is BIND9 running as
both recursive (for the localhost) and authoritative (for the serviced
domains).
Again, FWIW, my personal experience is that QMT servers typically fall
into one of 3 categories:
- _*TINY*_: One or two "personal" domains, where the authoritative DNS
is usually at the domain registrar... in this case, I recommend
pdns-resolver (because there is no need for "local" authoritative DNS,
and it is MUCH easier to configure than BIND)
- _*SMALL*_: Several domains, probably not all owned by the same
company, with advanced DNS being hosted locally as well... in this case,
I prefer BIND9 configured with "view" options that limit recursive
lookups to the LAN (if not only the localhost), and acts as the
authoritative server for the domains being served.
- _*LARGE*_: Many domains hosted with high levels of traffic. In this
case, I only slightly prefer BIND9 over PDNS (both only as a
caching-only nameserver, but in my experience BIND9 is somewhat faster
than PDNS) Then, I use a SEPARATE server for authoritative DNS! (I
typically use BIND9 there, unless I want client-access to the DNS
settings, in which case PDNS has a GUI frontend that's reasonable for that).
The end result from my experiences is that PDNS & BIND are /each /good
options, so long as you use each *appropriately*.
Dan McAllister
IT4SOHO
QMT DNS/Mirror Admin
PS: The master authoritative DNS server for QMT is BIND9 :)
--
PLEASE TAKE NOTE OF OUR NEW ADDRESS
===================================
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
