On 2022-11-01 at 10:16:15 UTC-0400 (Tue, 1 Nov 2022 10:16:15 -0400) Paul Kudla <p...@scom.ca> is rumored to have said:
> well at lest this is starting to make total sense. > > i was unaware of unbound dns and not really sure that would ever work on a > mail server? > > even if it does elsewhere Unbound works perfectly as a local recursing caching resolver on a mail server. > > postfix 101 > > postfix will always look at the resolv.conf file on a unix system. > > if all you have is 127.0.0.1 (loopback) and assuming that is even attached to > unbond dns its just an added layer that is not nessesary and in my opinion > introduse resolving issues which you do seem to be having. Simply not true. If you want to query a local DNS daemon, it MUST be referenced in resolv.conf. > my final suggestion would be to correct the resolv.conf file which is what > all unix software goes to when using an internal dns system call. > > ie the c libraries that compile postfix (and everything else) will try to use > the internal dns function calls which would always go back to /etc/resolv.conf > > resolv.conf needs to point to valid dns servers (8.8.8.8 for example) It is very unwise to use a free public resolver (such as Google's 8.8.8.8) for a mail server. > or to your own bind dns server running on the system. Or *any* capable DNS resolver. I love BIND, but unless you need to serve authoritative zones or do complicated selective resolution, a purpose-built resolver-only tool like Unbound or the PDNS Resolver is usually a better choice. With a resolver on the local system, a 127.0.0.1 line in resolv.conf would be correct. > these are the standard's on anything unix based. BIND is not part of any standard and is no longer included as a core component in many unix-based systems. For example, FreeBSD no longer includes a BIND (local-named) service in base but does include an optional Unbound (local-unbound) service, fully configured, so you can have a perfectly functional recursing caching resolver managed as part of base without doing any config tuning. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
