On 10.05.18 15:23, David Jones wrote:
On 05/10/2018 07:12 AM, Reio Remma wrote:
On 10.05.18 15:08, David Jones wrote:
On 05/10/2018 07:02 AM, Reio Remma wrote:
On a slightly related note. We're running a PFSense firewall with
DNS Forwarder (dnsmasq) in front of our mail server. From what I've
gleaned from the net is that it caches as well. Should I still
install a local (BIND) on the mail server?
Thanks!
Reio
YES! As I was corrected on this mailing list last year, dnsmasq is
only a forwarding DNS server so it will cause your queries to be
lumped into whatever it's forwarding to. Setup a real recursive DNS
server local on your mail server since it should have it's own
dedicated NAT or real public IP on your pfSense firewall so your DNS
queries will be completely isolated.
There's also the option of DNS Resolver (unbound) on the firewall -
would that be better?
Reio
No. Your DNS traffic for your general network served by your firewall
is much different from your mail server DNS lookup. You will probably
want to forward your firewall DNS server to OpenDNS, Google, or even
do DNS over TLS someday.
https://wiki.apache.org/spamassassin/CachingNameserver
My favorite is PowerDNS Recursor but Unbound is very popular.
That seems to have worked - installed unbound and set dns_server
127.0.0.1 in local.cf
Thanks,
Reio