DNS/SMTP/SmartHost problems

[Barry Margolin]

In article <Pine.GSO.4.05.9906081840290.20679-100000 at sam.nic.com>,
Dave Wreski  <dave at nic.com> wrote:
>
>Hi all.  I've set up a split-dns between my internal DNS server and
>external primary server in the DMZ, as described in the firewalls FAQ.
>
>Now it appears that my primary name server can't resolve smtp.mydomain.com
>when sending mail, despite the fact that using nslookup for both forward
>and reverse works properly.
>
>Using tcpdump on that interface while sending mail reports:
>
>apps.2175 > smtp.mydomain.com.domain: 36971+ (38)
>smtp.mydomain.com.domain > apps.2175: 36971 ServFail 0/0/0 (38)
>apps.2181 > smtp.mydomain.com.domain: 29353+ (38)
>smtp.mydomain.com.domain > apps.2181: 29353 ServFail 0/0/0 (38)
>apps.2181 > smtp.mydomain.com.domain: 29354+ (58)

I'm guessing apps is the internal mail server and smtp.mydomain.com is the
bastion host, right?  If so, this DNS traffic doesn't make sense.  The
proper way to configure split DNS is for the mail server to use your
internal DNS server in its resolver configuration.  The internal DNS server
should forward queries for outside domains to the BH.  But queries for
names in your own domain, like smtp.mydomain.com, should be answered by the
internal DNS server.  The above queries should never occur.

>Then the mail sits in the internal mail server's queue with the following:
>
>(Deferred: Name server: smtp.mydomain.com: host name looku)
>                                   dave at nic.com
>
>What could I be doing wrong?  In my zone files, I list smtp.mydomain.com
>as the first MX host:
>
>                IN      MX      10 smtp.mydomain.com.

MX records affect incoming mail, not outgoing mail.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.