On 9/18/2015 4:25 PM, Matus UHLAR - fantomas wrote:
On 16.09.15 09:50, Bowie Bailey wrote:
The SA config is probably a better solution than the bind exemptions.
I would say just the opposite. For example, MTA at SMTP level can look up
RBLs, and SA would benefit from having records in local cache
True. I was thinking more in terms of the amount of work needed in
setup and maintenance. Whenever SA changes it's RBL list (which is,
admittedly, not that often), you need to update the exemption list in
bind. And if you make a typo in the domain name, it is not immediately
obvious since you are still getting results from the query.
On the other hand, if you point SA to it's own non-forwarding DNS
server, it just works and you don't have to touch it again.
--
Bowie