Placement of MX records
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Tue Jan 29 20:07:35 UTC 2002
Al Licause <al.licause at compaq.com> wrote:
> I have noticed that if a A record immediately preceeds an MX record in
> our v8.2.2-P5 bind servers, that MX record will be associated with the
First : replace this bind, it has known security risks and
might compromize your security.
> A record and not the domain....for example:
> node1 IN A 10.10.8.34
> IN MX 10 mailhub.mydomain.com.
This is the way it's supposed to work.
The first record "node1 .." is interpreted at loading time as "node1.<domain>.<tld>
The second line in your example lacks LHS, then the closes preceeding LHS is used.
> #nslookup
>> set type=mx
>> mydomain.com
> We don't see the MX record. The only way to see this MX record is to
> specify node1.mydomain.com to nslookup. But if I either move the MX
> record above all A records or preface the MX record with either an "@"
> sign or the
> domainname as such:
> mydomain.com. IN MX 10 mailhub.mydomain.com.
> ....we then see the MX record in the nslookup query for the domain and
> not
> the node.
> Now, it is my understanding of sendmail and all other related programs
> that
> the outgoing connection is first sent to resolve the MX record for the
> remote
> domain. The only way I can see this working to be able to resolve the
> MX
> records on the domain and not on a node.
> Have I misunderstood the intent of bind v8 in this case or is the
> database
> parsing in error ?
Yes, you have misunderstood. However the fix is quite easy, reorder the two lines.
And , do upgrade your bind !!
> Any help greatly appreciated.
> Al Licause
--
Peter Håkanson
IPSec Sverige (At the Riverside of Gothenburg, home of Volvo)
Sorry about my e-mail address, but i'm trying to keep spam out.
Remove "icke-reklam" and it works.
More information about the bind-users
mailing list