On a sunny day (Sun, 24 Jun 2018 10:38:02 +0000 (UTC)) it happened Martin
Gregorie  wrote in :

>On Sun, 24 Jun 2018 08:24:03 +0000, Jan Panteltje wrote:
>
>> Indeed,
>> before I hosted my website with godaddy,
>> I had the name server running here too (bind), and sendmail.
>>
>I think unbound may be a bit easier to set up than bind - there's an
>O'Reilly book about bind and I was very glad to have a copy.
>
>As for sendmail - personally I wouldn't touch it with a bargepole.
>Postfix is very stable and a lot easier to configure. It has a good
>website, a helpful mailing list and a sensible, though large set of
>configuration parameters that, unlike the sendmail configuration are easy
>to read and understand. I have Postfix running on all my computers except
>the RPi, with my one 24/7 system acting as master - the others only use
>Postfix to send logwatch reports, etc to the master, which also runs
>Dovecot as its local delivery agent.
>
>> That is a bit more difficult to configure.
>> I think the new nameservers use some encryption protocol?
>>
>You're thinking of DNSSEC, which is meant to prevent DNS MITM and
>spoofing attacks, but isn't needed on a private LAN. All that matters is
>that your local DNS is running in recursive mode and is configured to
>pass requests it can't answer to your ISP's nameservers, Google, etc.
>That's the recursive part.
>
>Don't configure it as a forwarding nameserver, especially if you're
>running anything like Spamassassin. It uses the DNS protocol to talk to
>DBSBL (blacklist) and DNSWL (whitelist) servers which have query limits.
>If you run your DNS as a forwarder your queries get aggregated with those
>from everybody else who forwards to the same nameserver and are probably
>blocked as a result. DNSBLs and DNSWLs usually have a query limit
>suitable for personal and small business use and require a subscription
>if your use exceeds the free limit.
>
>> It is on the todo list, if US imposes more trade tariffs towards Europe,
>> then I will sanction back by moving the domain registration to for
>> example Panama and run the whole thing including nameserver here again,
>> on raspberries.
>>
>Don't forget that your domain name host can be totally separate from your
>mail and webhosts. Mine is: I configure my domain name account so it
>redirects both mail and web requests to whoever is providing my mail
>delivery and webhosting services - usually my ISP. This means that I can
>switch ISP and webhost with minimal effort and without needing to tell
>anybody else about the switch.

Thank you, lots of good info.
I will have a look at postfix,
and see if I can use my old nameserver config files with bind.
I think I had bind configured as 'authorative',
still have a lot of files in /etc/bind/zone/.
Will have to read up on bind.

--- SoupGate-Win32 v1.05