Re: Mx lookup

>> Just log into your OpenDNS account and disable 'Typo Corrections' and
>> you're good to go...

> Thanks, I certainly didn't realize that option existed, but
> how does that deal with malicious conflicting IP entries?
> 
> i.e.
> user A declares they do queries from IP A and turn off typo correction
> user B declares they do queries from IP A *as well* and turn *on* typo
> correction.

? What do users have to do with it? This is on a server. If you have
your mail server DNS pointed at OpenDNS, it simply uses OpenDNS. You
need to have an account with them (free), which is associated with your
IP address(es) in the 'Networks' section.

> They do appear to go to some effort to confirm you're an actual user of
> that IP address, but for multiple machines on a NAT, they can't distinguish
> those cases. The case where you might get two conflicting users at the
> same IP address is small, but not vanishingly so.

? I'm not sure why you are talking about clients/users.

Set up your local caching server / DNS server to use OpenDNS as a
forwarder... tell your Clients to use your DNS server... done.

> In any case, the general point is that openDNS is aimed primarily at
> web clients and so they'll always do a better job for that case
> rather than mx lookups.

True on the first point, but I disagree with the second... DNS is DNS,
whether you're looking up a FQDN through a web browser, or an MX record
through an smtp server.

> A local caching resolver is preferred, but opendns is more suitable than
> I originally realized.

Very true... but a combination is the best of both worlds... use a local
caching server, with opendns as the backup...

Of course, nothing wrong with running your own real DNS server, but this
is the easiest way, at least for me... :)

But this has gone way beyond postfix related...

--

-- 

Best regards,

Charles