On 22 Sep 2016, at 23:24, John Hardin wrote:
As far as I understand it, dnsmasq cannot be used for local recursion; it's purely a lightweight local DNS cache layer.
Your understanding is correct; dnsmasq is unfit for service as a resolver for a mail server because it cannot perform recursion, it only does forwarding to other real DNS servers.
You may have to install the full BIND package and tell it to not forward.
As much as I love BIND (no, seriously, I do) it's very hard to recommend it as the first choice for a simple recursive resolver. Unbound does that just fine and doesn't come with BIND's baggage of trying to be the reference implementation of all subtypes of DNS server all at once. Anyone who thought they were doing just fine with dnsmasq can actually do anything they'll need with Unbound, and it is harder to get wrong than BIND.
