URGENT: Authoritative external and internal DNS

Craig Sharp cashar at Roushind.com
Tue Sep 17 13:34:27 UTC 2002 

I have a problem of a strange sort.

The domain anatrol.com is authoritative on our ISP's dns servers.  The =
zone has the web and MX records.  The web records point to the webservers =
external addresses and are NAT'ed at the firewall at our core.
The mx record points to the ISP's mail server.  We do not maintain the =
mail server for this domain, only the webservers.

External users can hit the websites with no problem and also send mail to =
the domain with no problems.

The way our firewall is setup, no internal users are allowed to loop back =
to the webservers by using the external address.  They must hit the =
webservers using the webservers internal address.  In order to do this, we =
have an internal DNS server that is authoritative for the domain and =
points the internal users direct to the webserver.

As this internal DNS is seen as authoritative for the domain, no mail is =
working even if I put the mx record in the internal DNS zone for the ISP's =
mail server.  The webserver works fine.

This is some odd setup at the ISP that requires them to be authoritative =
for vanity email addresses to work.  What I mean by vanity is:

user at anatrol.com instead of user14 at qwest.net.  I am not sure how they are =
doing this but ok.  If I put the mx record in the internal DNS, the vanity =
names do not work.

Hence the problem.  In order for the mail to work correctly, my internal =
users must resolve to the ISP DNS.  If I have the zone in my system so =
that my internal users point to the webserver as previously stated, that =
makes me authoritative for the zone and the mail does not work even with =
an MX record.

I need help.

Thanks,

Craig A. Sharp
Unix Systems Administrator
DNS Administrator
Security Administrator
Roush Industries
Office: 734-466-6286
Cell: 734-231-6769
Fax: 734-466-6939
cashar at roushind.com
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
I have not lost my mind, it's backed up on tape somewhere!
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D

More information about the bind-users mailing list