As it seems bind turns off qname minimization for queries to SH. As I
can find something like this in the query log:
named[4205]: success resolving
'49.236.215.178.6XXXXXXXXXXXXXXXX.zen.dq.spamhaus.net/A' after disabling
qname minimization due to 'ncache nxdomain
So, I'd say it's not necessary to turn it off generally, am I right?
Am 14.01.2025 um 19:48 schrieb pgnd via Postfix-users:
can you explain why it's better to turn off QNAME minimization MTAs
and spam checkers?
from earlier post here,
this addresses the use of a local caching resolver
https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/Dns/000-intro.html
and, also from SH
Configuring BIND
https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/Dns/020-Bind.html
and, analysis/commentary from ISC,
QNAME Minimization and Spamhaus
Updated on 21 Mar 2024
https://kb.isc.org/docs/qname-minimization-and-spamhaus
which states, in some contradiction of remedy,
"Spamhaus's initial recommendation was to disable QNAME
minimization altogether, but ISC disagrees: the correct solution is
for Spamhaus to fix its broken servers. QNAME minimization is an
important privacy protection that is enabled by default in BIND and in
most standards-based DNS implementations today."
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
