Overriding MX records to internal gateways
Barry Margolin
barmar at alum.mit.edu
Tue May 6 01:22:26 UTC 2008
In article <fvn7a4$1ire$1 at sf1.isc.org>,
"Pedro Espinoza" <raindoctor at gmail.com> wrote:
> On Sat, May 3, 2008 at 11:47 AM, Josh Smith <juicewvu at gmail.com> wrote:
> > Why not just configure your MTA to use your internal gateway(s) as smart
> > hosts?
>
> I asked this question, because my shop has this setup; and I am trying
> to understand how they set up. Here is the sample dig results, for
> google.com A, MX, NS
Are they running BIND?
It's curious that the A response has the AA flag set, even though it's
returning a response that's apparently cached, while the MX response
does NOT have the AA flag set, even though it's returning the local
override.
>
> # dig @a.b.example.com google.com ns
>
> ; <<>> DiG 9.3.2 <<>> @a.b.example.com google.com ns
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3595
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;google.com. IN NS
>
> ;; AUTHORITY SECTION:
> com. 1800 IN NS abc200.a.example.com.
> com. 1800 IN NS abc201.a.example.com.
>
>
>
> # dig @a.b.example.com google.com a
>
> ; <<>> DiG 9.3.2 <<>> @a.b.example.com google.com a
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3193
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;google.com. IN A
>
> ;; ANSWER SECTION:
> google.com. 19 IN A 72.14.207.99
> google.com. 19 IN A 64.233.187.99
> google.com. 19 IN A 64.233.167.99
>
>
>
> # dig @a.b.example.com google.com mx
>
> ; <<>> DiG 9.3.2 <<>> @a.b.example.com google.com mx
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18239
> ;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 6
>
> ;; QUESTION SECTION:
> ;google.com. IN MX
>
> ;; ANSWER SECTION:
> google.com. 1800 IN MX 6 relay1.example.com.
> google.com. 1800 IN MX 6 relay2.example.com.
>
>
>
>
>
>
>
> > Thanks,
> > Josh
> >
> >
> >
> > On Fri, May 2, 2008 at 3:56 PM, Kevin Darcy <kcd at chrysler.com> wrote:
> > >
> > > Pedro Espinoza wrote:
> > > > Gurus:
> > > >
> > > > is it possible with BIND to replace authoritative MX records with
> > > > internal gateways, so that the MTA can route the email to internal
> > > > gateways? Of course, sendmail/postfix provides a solution to do that.
> > > > But I am looking at DNS level, as follows:
> > > >
> > > >
> > > >
> > > > ;; QUESTION SECTION:
> > > > ;gmail.com. IN MX
> > > >
> > > > ;; ANSWER SECTION:
> > > > gmail.com. 870 IN MX 10
> > > > localrelay1.example.com.
> > > > gmail.com. 870 IN MX 50
> > > > localrelay2.example.com
> > > >
> > > >
> > > You'd have to have a "private" version of the whole gmail.com zone.
> > >
> > >
> > > -Kevin
> > >
> > >
> > >
> >
> >
> >
> > --
> > Josh Smith
> > email/jabber: juicewvu at gmail.com
> > phone: 304.237.9369(c)
> >
> > () ascii ribbon campaign - against html e-mail
> > /\ www.asciiribbon.org - against proprietary attachments
> >
> >
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list