On 3/26/2013 1:29 PM, Lima Union wrote: > No ipv6 here and pdnsd is using 8.8.8.8 as DNS server.
Instead of using a caching DNS proxy daemon querying Google's public DNS servers, I recommend you run a recursing caching resolver on your Postfix host, such as PowerDNS recursor (I've been using it for years without any issues). There are a few reasons for this: 1. Spamhaus refuses dnsbls queries from Google DNS servers, and most public DNS servers, because of volume. Thus you can't query the Zen list using this proxy setup. Other dnsbl operators may block Google DNS as well. 2. Latency is greatly reduced as your DNS queries are direct instead of proxied. On a high volume server latency is critical as it limits message throughput. 3. If you have DNS related problems at some point in the future, you have complete control and troubleshooting ability. If using Google or another DNS server via proxy you're at that operator's mercy. And there is always the possibility that Google may modify results in some way, or respond inaccurately due to some policy or other reason. It's best to run your own resolver and do direct queries. -- Stan
