# what type of dns server for seting mx record



## pit (Nov 11, 2016)

Can I use unbound  to set  valid MX record  for sendmail or  must by authoritative


----------



## SirDice (Nov 11, 2016)

Unbound is not meant to host domains, it's used for caching/forwarding recursive queries.


----------



## pit (Nov 11, 2016)

So  I must have for example Bind. And second question could be this "Bind" with mail server on one machine?


----------



## obsigna (Nov 11, 2016)

If you use this as a local resolver only, e.g. the primary domain name server for your domain is hosted elsewhere, than yes:

For this you would put something like the following into unbound.conf(5):

```
...
local-zone: "example.com" transparent
local-data: "example.com  NS example.com"
local-data: "example.com  MX 5 smtp.example.com"
local-data: "example.com  IN A 192.168.0.1"
...
```
The transparent directive tells Unbound to either forward or resolve all requests, that are not locally defined. A local MX request would be resolved with smtp.example.com which in turn would point outside of your server, because it is not part of any other local-data directive.

If this should serve as a primary name server, then Unbound is not suitable.


----------



## pit (Nov 11, 2016)

Do J *I* need reverse lookup for the MX record.


----------



## SirDice (Nov 11, 2016)

A properly set up DNS has reverse records for everything. Note however that you do NOT need an MX record for _outgoing_ mailservers. The MX records are for _incoming_ mailservers only.


----------



## pit (Nov 11, 2016)

Thanks I want just sending and receive mail in local network with sendmail on FreeBSD I don't use smarthost or relay. What is the scenario, for this rest I will find in books.
Sorry for my en


----------



## SirDice (Nov 11, 2016)

In that case you don't need an MX record at all. Just point the application directly to the SMTP server and configure sendmail to allow it.


----------



## Oko (Nov 11, 2016)

pit said:


> So  I must have for example Bind. And second question could be this "Bind" with mail server on one machine?


Why Bind. You can use dns/nsd which is written by the same crew who wrote unbound? Bind suffers from bi-polar disease. It is confused if it is authoritative or cashing server
as firstly observed by Dr. (of mathematics of course) Daniel Bernstein.


----------



## pit (Nov 11, 2016)

I heard about master ,slave ... i even dont now it could be one the same machine mail and dns server


----------



## Oko (Nov 12, 2016)

pit said:


> I heard about master ,slave ... i even now it could be one the same machine mail and dns server


Master and slave has nothing to do with authoritative vs cashing only resolver DNS. I run cashing only resolver both at home and at work (Unbound). At work I have multiple instances of Unbound for redundancy but they are returning queries on the first come first serve basis. NSD is a different beast. It is authoritative DNS. As such if it is going down your domain will become inaccessible. Therefore you need redundancy. The basic authoritative DNS redundancy is achieved by bringing the second   NSD server on-line which is called slave (the first one is master). When the master slave goes down slave takes over in the fashion not noticeable to people who are trying to reach your domain.

I don't run authoritative DNS at work as it is tricky business from multiple angles (global availability, redundancy, security...) We use EasyDNS managed DNS as our authoritative DNS and we are happy with them. EasyDNS still didn't completely switched from BIND to NSD. If you need high security NSD based authoritative DNS provider Henning Brauer who rewrote PF himself has a Germany based company which provides managed DNS. His prices are very reasonable.


----------



## pit (Nov 12, 2016)

It is all about sending mail by smtp only .I read that i must have dns serevr for sending mail directly with smtp so i try to find out how do this.
With postfix i set sending with google and ssl that is like smart host ?.


----------



## scottro (Nov 13, 2016)

Do you mean you set postfix to use google as your relay host? If so, yes, that's similar to smart host.


----------



## Oko (Nov 13, 2016)

scottro said:


> Do you mean you set postfix to use google as your relay host? If so, yes, that's similar to smart host.


I use Postfix for such things on the Red Hat Linux machines, OpenSMTPD on OpenBSD and mail/dma on FreeBSD hosts. Out of three I like the best mail/dma in terms of simplicity for that particular setup.  As long as relaying host allows mail forwarding with an account and TLS password (as Gmail) he will not need FQDN nor Authoritative DNS. He will still need DNS resolver but that he already has from his ISP as otherwise he will not be able to post things on this forum.


----------



## scottro (Nov 13, 2016)

Ah, I didn't know about dma.    Here's a quick link if anyone else is curious, untested by me though. 
https://www.dragonflybsd.org/docs/howtos/HowTo_dma_gmail/


----------



## kpa (Nov 13, 2016)

A "smart host" set up is when you have set an explicit relay host set for outgoing emails. Whether or not there is authentication or TLS/SSL involved doesn't matter, it's still a smart host set up.


----------



## Oko (Nov 13, 2016)

scottro said:


> Ah, I didn't know about dma.    Here's a quick link if anyone else is curious, untested by me though.
> https://www.dragonflybsd.org/docs/howtos/HowTo_dma_gmail/


I disabled sendmail on all my FreeBSD hosts and replaced it with dma. There was some talk of dma being default MTA on FreeBSD 11.0. I have just checked my test installation of FreeBSD 11.0 and sure enough sendmail is still default even thought dma is installed. I did `pkg install dma` and got the newer version. This is very depressing. I can just hope that system version is not messed up like system version of unbound (I just learned about it now).
Look for my post "dma makes sense" to see even small how to replace sandmail with dma.


----------

