Forwarding from Internal DNS server.

Kevin Darcy kcd at daimlerchrysler.com
Tue Feb 1 21:51:02 UTC 2000 

Jim Reid wrote:

> >>>>> "Kevin" == Kevin Darcy <kcd at daimlerchrysler.com> writes:
>
>     >  ... earlier discussion about mail routing on an intranet
>     > with its own root servers deleted ....
>     >
>     >> As for mail, you will probably have to configure your internal
>     >> mail systems to recognise non-local domain names in addresses
>     >> and forward those messages to a smart system which can deliver
>     >> to the outside them via the firewalls.
>
>     Kevin> I thought the point of the exercise was to try and send
>     Kevin> mail out a "nearby" Internet connection whenever possible;
>     Kevin> sending everything to a "smart" system would seem to mostly
>     Kevin> defeat that purpose, since by the time the "smart" system
>     Kevin> has figured out how best to send out the message, it's
>     Kevin> already travelled across the WAN, and might have to travel
>     Kevin> even further across it to get to the closest firewall.
>
> True, but that's an implementation detail as would be deciding to
> locate the smart mail hub(s) next to the firewall(s). There could be
> multiple "smart" mailhubs on the intranet. [Having just one would be a
> glaring SPoF.] There are a couple of ways that mail could be routed
> between them and the local mail servers. One entails doing Evil Things
> (IMHO) to the internal root zone. Another is to configure local mail
> systems with some intelligence about the location of these smart mail
> hubs and route mail to the "best" hub. Both approaches work. From an
> earlier discussion on this topic, readers of this list might recall
> that the two of us have opposing views about which of these
> apporoaches is best. :-)

I only prefer internal TLD MX wildcards when there is a common set of MX
targets, for any given TLD, for everyone in the enterprise. When the
target-set must differ depending on the location of the sender, however,
then the TLD MX wildcard approach can only work by creating multiple
internal roots. I think we both agree that multiple internal roots in the
same enterprise is a Bad Thing from a manageability standpoint.

Note that I said "common set of MX targets", though. If the
round-robin/sortlist approach can be made to work, in which case the
*targets* are universal, but the *addresses* would (in effect) vary
depending on the location of the client, then I'd still say maintaining
TLD MX wildcards in an internal root zone is preferable to trying to cram
the routing smarts into the mailer configurations.


- Kevin

More information about the bind-users mailing list