Re: SPF support in opendkim?

From: Steve Jenkins <>
Date: Sun, 14 Aug 2011 17:08:10 -0700

On Sun, Aug 14, 2011 at 11:30 AM, Todd Lyons <> wrote:
> On CentOS with EPEL repo, it seems to be just as easy as bind.
> yum install bind97
> versus
> yum install unbound

Yep - it's THAT easy. :)

> I've never messed with it but can I assume it achieves operational
> stability on parity with bind?  I know that opendkim can link against
> libunbound instead of the regular resolvers, and I have one of my big
> volume machines using unbound, and it seems stable there.  Unbound can
> only be a resolver though, right?  All of our internal resolvers do
> some internal authoritative stuff too.

Hey, Todd. Yes on the operational stability question. It's been rock
solid for us. You can, however, configure local zones with Unbound so
it can be authoritative for your internal stuff, too. We've set up
hostname.local A records in our Unbound server, and then added .local
as a search domain on all our boxes. DNS lookups are lightening fast,
and we can connect internally between all our boxes with single-word
hostnames without having to maintain local /etc/hosts files on each
(since we set all our boxes' first DNS server as the IP of our
mailserver running Unbound, and then tell Unbound to allow queries
from the local subnet).

Of course, you can do all the same stuff with Bind, but we've found
Unbound to have the same rock-solid stability and less overhead. We
really "dig" Unbound (har har... DNS joke).

I haven't linked OpenDKIM against libunbound, however. Murray (or
anyone else know knows) - what advantages will that yield?

Received on Mon Aug 15 2011 - 00:08:23 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:19 PST