URGENT: Authoritative external and internal DNS
Craig Sharp
cashar at Roushind.com
Tue Sep 17 13:34:27 UTC 2002
I have a problem of a strange sort.
The domain anatrol.com is authoritative on our ISP's dns servers. The =
zone has the web and MX records. The web records point to the webservers =
external addresses and are NAT'ed at the firewall at our core.
The mx record points to the ISP's mail server. We do not maintain the =
mail server for this domain, only the webservers.
External users can hit the websites with no problem and also send mail to =
the domain with no problems.
The way our firewall is setup, no internal users are allowed to loop back =
to the webservers by using the external address. They must hit the =
webservers using the webservers internal address. In order to do this, we =
have an internal DNS server that is authoritative for the domain and =
points the internal users direct to the webserver.
As this internal DNS is seen as authoritative for the domain, no mail is =
working even if I put the mx record in the internal DNS zone for the ISP's =
mail server. The webserver works fine.
This is some odd setup at the ISP that requires them to be authoritative =
for vanity email addresses to work. What I mean by vanity is:
user at anatrol.com instead of user14 at qwest.net. I am not sure how they are =
doing this but ok. If I put the mx record in the internal DNS, the vanity =
names do not work.
Hence the problem. In order for the mail to work correctly, my internal =
users must resolve to the ISP DNS. If I have the zone in my system so =
that my internal users point to the webserver as previously stated, that =
makes me authoritative for the zone and the mail does not work even with =
an MX record.
I need help.
Thanks,
Craig A. Sharp
Unix Systems Administrator
DNS Administrator
Security Administrator
Roush Industries
Office: 734-466-6286
Cell: 734-231-6769
Fax: 734-466-6939
cashar at roushind.com
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
I have not lost my mind, it's backed up on tape somewhere!
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
More information about the bind-users
mailing list