On Sun, Feb 08, 2009 at 03:37:20PM +0800, jan gestre wrote:
> On Sun, Feb 8, 2009 at 3:05 PM, Victor Duchovni
> <victor.ducho...@morganstanley.com> wrote:
> > On Sun, Feb 08, 2009 at 02:55:28PM +0800, jan gestre wrote:
> >
> >> Where is the best place to put the DNS caching resolver? in the NAT
> >> device? or in the Mail Server itself?
> >
> > What kind of NAT device is this? Is it capable of running a non-forwarding
> > DNS cache? If the cache in question has sufficiently good port
> > randomization, by all means run on the NAT device, otherwise run it
> > on the Postfix server, and hope the NAT device port selection is not
> > too predictable.
> >
>
> It's a lightweight FreeBSD based firewall called "pfSense", it also
> has an installable TinyDNS package.
TinyDNS is an authoritative DNS server, you need a cache, is Dnscache
also available? If so, that would be perfect, otherwise, you just
install a DNS cache on your Postfix server. See:
http://forum.pfsense.org/index.php?topic=10431.0
Anyway, this question is best asked on the pfSense lists, I know nothing
more about this than what Google turns up...
http://www.google.com/search?q=pfSense+Kaminsky+DNS
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
