On 11-02-2025 10:31, Viktor Dukhovni via Postfix-users wrote:
Use a validating resolver on the local machine as a cache that forwards
to that upstream. You SHOULD NOT trust the AD bit from a resolver
running on another machine, the DNS protocol (DoH aside, when you
fully trust the upstream) is not immune to MiTM attacks.
Would setting up a secondary bind, on my local postfix box, solve this?
Or should I set one up completely on it's own?
Would love to not have duplicate zone setup's
I'm no expert to say the least, so this may be a stupid question:
If setting up a completely seperate bind is preferred, could I make an
"empty" setup and use my primary as forwarder?
:-)
Danjel
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
