Confused dns/bind newbie

Kevin Darcy kcd at daimlerchrysler.com
Mon Jan 24 23:22:33 UTC 2000 

Stephen Eickhoff wrote:

> Mark.Andrews at nominum.com wrote:
>
> > > I am at my wits end, and I hope that some one can help me out.
> > >
> > > I am using bind-8.2-6 (from RedHat 6) and a program called Webmin
> > > (http://www.webmin.com/webmin) to add DNS information. I have added
> > > the following zone into my name server:
> > [snip]
> > > goatfest.com. IN      NS      ns1.moewes.com.
> > > www.goatfest.com.     IN      A       63.226.143.34
> >
> > > goatfest.com. IN      MX      10 mail.moewes.com
> >
> >         "mail.moewes.com" is missing the final period which says
> >         the name is absolute.  Without the final period the current
> >         origin (goatfest.com) is appended.
> >
> >         Mark
> >
>
> I have a somewhat similar problem. I'd like to be able to host my webpage as
> http://operagost.com, but my mail server is on another machine behind the firewall
> with a reserved IP, and the only way to get email is to address it to
> orff.operagost.com.(BIND 8.1.2) I have a NAT running on "liszt" which redirects
> SMTP to "orff".
>
> @ IN SOA orff.operagost.com. POSTMASTER.orff.operagost.com. (
>           19991213             ;           Serial number
>           3600                 ; 1 hour    Refresh
>           300                  ; 5 minutes Retry
>           172800               ; 2 days    Expire
>           43200 )              ; 12 hours  Minimum
>                                IN NS    orff.operagost.com.
> operagost.com.                 IN MX  5 orff.operagost.com.
> liszt.operagost.com.           IN A     151.197.22.14
> orff.operagost.com.            IN A     192.168.0.20
> operagost.com.                 IN A     151.197.22.14
> www                            IN CNAME liszt.operagost.com.
>
> So what did I mess up here?

What are you trying to accomplish here? 192.168/16 is a non-Internet-routable (RFC
1918) network. So why have your MX pointed at a machine that no Internet host can
reach? I assume there should be an MX record pointing to liszt, since from your
description, liszt is capable of getting the mail to orff.

If you're using the same DNS database for your internal clients, and they are using
MX routing, then perhaps replacing orff with liszt might break them. In this case,
either separate your DNS database into internal and external (this is better for
security reasons anyway), or have MX records pointing to *both* orff and liszt; you
can use the preference field to control the order in which the servers are tried.

By the way, you shouldn't be listing orff as a nameserver for operagost.com, for the
same (RFC 1918) reasons. Moreover, the delegation for operagost.com shows
orff.operagost.com with liszt's IP address (?); I'm surprised your registrar even
allows you to have a delegation with only 1 nameserver. Any way you look at it, you
are effectively down to 1 working nameserver; if it goes down, you're hosed. You
really should get someone to provide secondary service, if you care at all about
availability.


- Kevin

More information about the bind-users mailing list