Is there a way to make Postfix/postscreen use a specific DNS server?
Reason for the question:
My network has an internal (non-ISP forwarding) DNS server for both
internal and external resolution, and that is default nameserver
across the network including for the mail server. That DNS server
includes a broad set of applied RPZ restrictions (which remove the
vast majority of ads and trackers - a very popular addition). The RPZ
zone has though on very rare occasions resulted in Postfix getting
SERVFAIL and rejecting domains (reject_unknown_sender_domain), which
could be classed as false positives - not for critical emails, but
occasionally for retail mail-outs etc.
I provide a fully "clean and complete" DNS for spamassassin DNSBL
lookups by running a recursive caching nameserver on-localhost (SA has
an defined option to specify a DNS server). As noted above the mail
server as a whole does not use this - it uses the network-wide local
nameserver, ensuring that it can resolve local As CNAMEs etc as needed.
Note: I realise one option is that I could probably add local domain
resolution to the localhost nameserver and use it as the default for
the mail server... but my first question is whether postfix has or
could have ability to have a specific nameserver (as Spamassassin
does), or if this would be a Bad Idea (TM) for reasons unknown to me.
Simon.
--
Simon Wilson
M: 0400 12 11 16
