On 02/27/2013 12:26 PM, DTNX Postmaster wrote:
On Feb 27, 2013, at 18:05, Robert Moskowitz wrote:
Another tidbit is you should firewall access to port 53. Your caching server
is only for you. It is listening only on localhost, but why open up a port not
needed.
Review the examples given
On Feb 27, 2013, at 18:05, Robert Moskowitz wrote:
> Another tidbit is you should firewall access to port 53. Your caching server
> is only for you. It is listening only on localhost, but why open up a port
> not needed.
Review the examples given again, please. Why would you need to firewall
On Wed, Feb 27, 2013 at 05:47:28PM +0100, Reindl Harald wrote:
> ... more DNS related suggestions ...
Perhaps Postfix could benefit from a DNS_README.html, with examples
tuning a local cache for MX overrides, RBLDNSD integration using
an internal RBL zone, DNSSEC support, and any other DNS-relate
On 02/27/2013 11:47 AM, Reindl Harald wrote:
Am 27.02.2013 17:42, schrieb Robert Moskowitz:
On Centos 6.3 (bind 9.8.2 with security patches) I did:
yum install bind bind-chroot
In /etc/sysconfig/network-scripts/ifcfg-eth0 set:
DNS1=127.0.0.1
DNS2=::1
ifdown eth0; ifup eth0
Add to /var/nam
Am 27.02.2013 17:42, schrieb Robert Moskowitz:
> On Centos 6.3 (bind 9.8.2 with security patches) I did:
>
> yum install bind bind-chroot
>
> In /etc/sysconfig/network-scripts/ifcfg-eth0 set:
>
> DNS1=127.0.0.1
> DNS2=::1
>
> ifdown eth0; ifup eth0
>
> Add to /var/named/chroot/etc/named.conf
On 02/27/2013 10:43 AM, Viktor Dukhovni wrote:
On Wed, Feb 27, 2013 at 10:20:50AM -0500, Wietse Venema wrote:
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter. One DNS server
per host in a farm of mail servers may not be prac
On 02/27/2013 11:10 AM, Viktor Dukhovni wrote:
I think we've beaten this thread to death, I'm done for now.
And I thank you for all you have said.
On Wed, Feb 27, 2013 at 10:53:58AM -0500, Robert Moskowitz wrote:
> But to share a single DNS among a number of mail servers, say in a
> mail farm that probably has lots of other types of servers running
> with questionable content, I would want secure tunnels from the mail
> server to the DNS ser
On 02/27/2013 10:20 AM, Wietse Venema wrote:
DTNX Postmaster:
On Feb 27, 2013, at 12:58, Wietse Venema wrote:
Viktor Dukhovni:
Perhaps "postfix check" could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I
On Wed, Feb 27, 2013 at 10:20:50AM -0500, Wietse Venema wrote:
> > > I think it would be entirely reasonable to share a DNS cache among
> > > multiple systems within the same trusted perimeter. One DNS server
> > > per host in a farm of mail servers may not be practical.
> >
> > A local cache on
DTNX Postmaster:
> On Feb 27, 2013, at 12:58, Wietse Venema wrote:
>
> > Viktor Dukhovni:
> >> Perhaps "postfix check" could generate a warning if DANE is enabled
> >> and non-local nameservers are found in /etc/resolv.conf (or and/or
> >> its chroot-jail version).
> >
> > I think it would be en
On Wed, Feb 27, 2013 at 03:25:41PM +0100, DTNX Postmaster wrote:
> > I think it would be entirely reasonable to share a DNS cache among
> > multiple systems within the same trusted perimeter. One DNS server
> > per host in a farm of mail servers may not be practical.
>
> A local cache on each, fo
On 02/27/2013 09:25 AM, DTNX Postmaster wrote:
On Feb 27, 2013, at 12:58, Wietse Venema wrote:
Viktor Dukhovni:
Perhaps "postfix check" could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would b
On 02/27/2013 06:58 AM, Wietse Venema wrote:
Viktor Dukhovni:
Perhaps "postfix check" could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be entirely reasonable to share a DNS cache among
mult
On Feb 27, 2013, at 12:58, Wietse Venema wrote:
> Viktor Dukhovni:
>> Perhaps "postfix check" could generate a warning if DANE is enabled
>> and non-local nameservers are found in /etc/resolv.conf (or and/or
>> its chroot-jail version).
>
> I think it would be entirely reasonable to share a DNS
Viktor Dukhovni:
> Perhaps "postfix check" could generate a warning if DANE is enabled
> and non-local nameservers are found in /etc/resolv.conf (or and/or
> its chroot-jail version).
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perime
On 02/27/2013 01:21 AM, Viktor Dukhovni wrote:
On Tue, Feb 26, 2013 at 08:57:51PM -0500, b...@bitrate.net wrote:
When Postfix support for DANE (RFC 6698) is introduced, there will
be a requirement to operate a local nameserver that is DNSSEC aware
on any machine that wants to take advantage of
On Tue, Feb 26, 2013 at 08:57:51PM -0500, b...@bitrate.net wrote:
> > When Postfix support for DANE (RFC 6698) is introduced, there will
> > be a requirement to operate a local nameserver that is DNSSEC aware
> > on any machine that wants to take advantage of peer certificate details
> > published
On 02/26/2013 08:57 PM, b...@bitrate.net wrote:
On Feb 26, 2013, at 11.51, Viktor Dukhovni wrote:
On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
I have recently updated my DNS server and am observing the traffic
from my mail server to constantly query for names. Some of
On Feb 26, 2013, at 11.51, Viktor Dukhovni wrote:
> On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
>
>> I have recently updated my DNS server and am observing the traffic
>> from my mail server to constantly query for names. Some of these
>> names are frequent requests, for e
On Feb 26, 2013, at 17:51, Viktor Dukhovni wrote:
> On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
>
>> I have recently updated my DNS server and am observing the traffic
>> from my mail server to constantly query for names. Some of these
>> names are frequent requests, for e
On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
> I have recently updated my DNS server and am observing the traffic
> from my mail server to constantly query for names. Some of these
> names are frequent requests, for example: zen.spamhaus.org. So I
> was thinking that I could
On 02/26/2013 10:10 AM, Reindl Harald wrote:
Am 26.02.2013 15:58, schrieb Robert Moskowitz:
I have recently updated my DNS server and am observing the traffic from my mail
server to constantly query for
names. Some of these names are frequent requests, for example:
zen.spamhaus.org. So I w
Am 26.02.2013 15:58, schrieb Robert Moskowitz:
> I have recently updated my DNS server and am observing the traffic from my
> mail server to constantly query for
> names. Some of these names are frequent requests, for example:
> zen.spamhaus.org. So I was thinking that I could
> benefit from
I have recently updated my DNS server and am observing the traffic from
my mail server to constantly query for names. Some of these names are
frequent requests, for example: zen.spamhaus.org. So I was thinking
that I could benefit from running a namecaching setup on my mail server
platform.
25 matches
Mail list logo
