wildcard mx & authority

[Kevin Darcy]

BIND 8 ignores data in zone files which is outside the zone. So you can't put
"bigcompany.com" data in the "joe.com" zonefile and have the nameserver accept
it.

The solution to the problem? If you have an internal root, you could add the
"bigcompany.com" wildcards there, although some people regard this practice as
Evil and Wrong (hi Jim! :-).

Or you could use something other than MX records to route the mail to
bigcompany.com, e.g. mailertables or whatever. In this case, you might want to
consider supplementing the architecture with a "smarthost" arrangement to
reduce the maintenance burden to a minimum (downside: more servers in the
processing pipeline of every mail message)...


- Kevin

Corris Randall wrote:

> I have a little problem that I'm hoping someone might be able to help me out
> with. we have a connection to the internet on one network, say, 12.13.64/24
> (joe.com) and we have a connection to a private network 205.19.134/25
> (joe.bigcompany.com) which isn't accessable from the Internet. our name
> server, 12.13.64.25 provides primary for joe.com, and in the past (with BIND
> 4.x) we had these mx records (authoritative for joe.com):
>
> joe.com.            in mx       2 mailer.joe.com.
> joe.com.            in a        12.13.64.128
>
> bigcompany.com.       in mx       5 bounce.joe.com.
> *.bigcompany.com.     in mx       5 bounce.joe.com.
> bigcompany.nl.        in mx       5 bounce.joe.com.
> *.bigcompany.nl.      in mx       5 bounce.joe.com.
>
> there is a hole in the firewall between the 12 and the 205 networks locally
> which allows port 25 from bounce to an MTA on the 205 net to deliver
> "bigcompany" email through our "bigcompany" connection, rather than out
> through the internet (so internal mail gets delivered securely). this setup
> was working with bind 4 but not with bind 8....
>
> any ideas?
>
> -corris
>
> ______________________________________________
> FREE Personalized Email at Mail.com
> Sign up at http://www.mail.com?sr=mc.mk.mcm.tag001