[prev in list] [next in list] [prev in thread] [next in thread]
List: bind-users
Subject: Independent DNS cache in mail servers
From: Alessandro Vesely <vesely () tana ! it>
Date: 2023-01-29 13:21:06
Message-ID: 532a80a0-8030-dbdd-3606-6d6423227445 () tana ! it
[Download RAW message or body]
Hi,
I forked libopendkim, an abandonware library implementing DKIM signatures for
email messages. It has a QUERY_CACHE compile-time option which enables usage
of a Berkeley DB to store DKIM keys. If the option is enabled, the local cache
is looked up before querying the DNS, and keys are cached after retrieving them
from DNS. TTLs are also cached and checked. That happens on each received
email message.
I never used that option. I think a mail server deserves a dedicated caching
resolver. However, a user of mine succeeded, with some difficulty, to enable
that option, although he says he doesn't know whether it's actually useful.
Hence I thought to ask here about opinions: Is QUERY_CACHE a totally useless
code bloat that I should remove? Or is it possibly useful and I should
integrate it better?
DKIM keys typically use RSA, resulting in fatty keys, but usually within UDP
sizes. Albeit someone generates a new key for every message, most domains use
the same key for months if not years. Nevertheless, TTLs range from a few
minutes to a few hours.
What you think?
Best
Ale
--
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact \
us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic