I’m on the way to migrate some web-projects from a managed vServer to “my own” vServer using virtualmin on debian 9.
Currently I have disabled BIND becaus I want to use the nameservers of my hoster in order to save resources on my vServer and to spare out other challanges like redundancy and so on.
Till now I was happy with this setup but now I have realized, that DKIM only works with enabled DNS feature out of the “virtualmin-box” (as described here: https://www.virtualmin.com/documentation/email/dkim).
So… would it be a good practice to enable BIND on my locale machine although I don’t use it just to get DKIM working? Or is there an other way to get DKIM signed mails without enabled BIND feature?
It also may be, that there are other advantages running a locale DNS server I don’t see with my rookie-eyes…?
I would be very pleased to get some practical hints from you professionals.
Afaik you just need to create two TXT records with your DNS provider, you’ll want to create the key locally or using a tool like(https://www.socketlabs.com/domainkey-dkim-generation-wizard/) and then roughly follow the DKIM portion of this guide(https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/#set-up-dkim) and tailor it to your particular virtualmin setup.
I’ve always run BIND on my Virtualmin web host and have never noticed it cause any resource problems at all. I’d never checked until now, but it currently seems to be 5 processes each taking 1.4% of memory (out of 2GB total) and CPU usage zero most of the time. It doesn’t have to do much; I think your fears of it being a resource problem are unfounded.
As for redundancy, I’m not quite sure what you are saying about that, but I have a second very cheap VPS on a different provider which I mainly use for daily offsite backups, and that server (which is otherwise idle most of the day) is also my secondary nameserver. Quite honestly, DNS is the least of my problems!
For DKIM virtualmin i use bind for the hostname/mailserver domain only.
No problems when using external DNS services for those. sofar.
For rest off the domains no emailserver i don’t use while mx records for those pointing to the real mailserver/ hostname.
Is the most easy lazy way i guess. ( working for us)
While didn’t got a reply / solution here in forum for having no bind and still using dkim all in virtualmin/ webmin GUI on my question about that.
Maybe Virtualmin future can have / do this with a script and then have it in the GUI according to generate DKIM and put this in the mail… without BIND?
If you need good dns services for commerciAL PROJECTS don’t try cheap having dns / nameservers yourself or even free dns…, more professional payed DNS services do a better job with GEO and DDOS and so more things.
Thank you very much for your feedbacks and sorry for my late response!
I was away from this topic for the last view weeks and will be back to it in the near future…
kind regards, thomas