* DNS Problem
@ 2006-01-26 19:52 gerardo juarez-mondragon
[not found] ` <189847C2744EDE44B939F4DD231B356A@gjuarezmondragon.metacraw ler.com>
2006-01-27 20:45 ` Glynn Clements
0 siblings, 2 replies; 6+ messages in thread
From: gerardo juarez-mondragon @ 2006-01-26 19:52 UTC (permalink / raw)
To: linux-admin
I have the following situation
internet internet
| |
| |
mail server ----------- firewall
(10.21.23.20) (10.21.23.21)
|
|
intranet
(192.168.x.x)
The firewall is also a caching DNS, to speed up
lookups and overcome DNS server downtime. My
problem is that when I lookup the mail server
the address I receive from 10.21.23.21 is the
external address, as seen from outside.
I would like the address to be solved for
internal machines as the shortcut 10.21.23.20.
The routes are correct according to traceroute.
I thought that if I modified the firewall's
/etc/hosts including the address of the mail
server as 10.21.23.20 and setting nsswitch.conf
to hosts: files dns
would make it work, but they cached address seems
to have priority.
I also restarted named, but the situation remains.
What should be the correct configuration?
Thank you,
Gerardo
Searching for the best free email? Try MetaCrawler Mail, from the #1 metasearch service on the Web, http://www.metacrawler.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: DNS Problem
[not found] ` <189847C2744EDE44B939F4DD231B356A@gjuarezmondragon.metacraw ler.com>
@ 2006-01-26 20:33 ` urgrue
0 siblings, 0 replies; 6+ messages in thread
From: urgrue @ 2006-01-26 20:33 UTC (permalink / raw)
To: gerardo juarez-mondragon, linux-admin
At 21:52 26-01-06, gerardo juarez-mondragon wrote:
>I have the following situation
>
> internet internet
> | |
> | |
> mail server ----------- firewall
> (10.21.23.20) (10.21.23.21)
> |
> |
> intranet
>
> (192.168.x.x)
>
>The firewall is also a caching DNS, to speed up
>lookups and overcome DNS server downtime. My
>problem is that when I lookup the mail server
>the address I receive from 10.21.23.21 is the
>external address, as seen from outside.
>I would like the address to be solved for
>internal machines as the shortcut 10.21.23.20.
>The routes are correct according to traceroute.
>
>I thought that if I modified the firewall's
>/etc/hosts including the address of the mail
>server as 10.21.23.20 and setting nsswitch.conf
>to hosts: files dns
>would make it work, but they cached address seems
>to have priority.
>
>I also restarted named, but the situation remains.
>
>What should be the correct configuration?
From your description I'm assuming that your
mail server DNS points to 10.21.23.20 and that you forward port 25 from there to 10.21.23.21? If
so, and since your intranet anyway travels through your firewall to reach your mail server, why
not just let them use the 10.21.23.20 address?
If you must do it for some reason, what about having internal hosts configured to use for example smtp-internal.domain.com which points to 10.21.23.21 while the internet and your MXs use smtp.domain.com, which would be the .20 address.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: DNS Problem
2006-01-26 19:52 DNS Problem gerardo juarez-mondragon
[not found] ` <189847C2744EDE44B939F4DD231B356A@gjuarezmondragon.metacraw ler.com>
@ 2006-01-27 20:45 ` Glynn Clements
2006-01-27 22:09 ` Adrian C.
1 sibling, 1 reply; 6+ messages in thread
From: Glynn Clements @ 2006-01-27 20:45 UTC (permalink / raw)
To: gerardo juarez-mondragon; +Cc: linux-admin
gerardo juarez-mondragon wrote:
> I have the following situation
>
> internet internet
> | |
> | |
> mail server ----------- firewall
> (10.21.23.20) (10.21.23.21)
> |
> |
> intranet
>
> (192.168.x.x)
>
> The firewall is also a caching DNS, to speed up
> lookups and overcome DNS server downtime. My
> problem is that when I lookup the mail server
> the address I receive from 10.21.23.21 is the
> external address, as seen from outside.
> I would like the address to be solved for
> internal machines as the shortcut 10.21.23.20.
> The routes are correct according to traceroute.
>
> I thought that if I modified the firewall's
> /etc/hosts including the address of the mail
> server as 10.21.23.20 and setting nsswitch.conf
> to hosts: files dns
> would make it work, but they cached address seems
> to have priority.
A DNS server is exactly that: a DNS server. Local name-service
mechanisms (/etc/hosts, /etc/host.conf, /etc/nsswitch.conf etc) only
affect the results of gethostbyname() and similar functions, and won't
have any effect upon the behaviour of named or other DNS daemons, or
any programs which perform DNS queries directly (e.g. most MTAs).
If the DNS server is running BIND 9.x, you can use the "view"
statement to provide different information for a domain depending upon
who is asking. The view statement is described in sections 6.2.19 and
6.2.20 of the BIND Administrator Reference Manual.
--
Glynn Clements <glynn@gclements.plus.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: DNS Problem
2006-01-27 20:45 ` Glynn Clements
@ 2006-01-27 22:09 ` Adrian C.
2006-01-28 3:57 ` Stephen Samuel
0 siblings, 1 reply; 6+ messages in thread
From: Adrian C. @ 2006-01-27 22:09 UTC (permalink / raw)
To: linux-admin
Or you could just set an entry like
10.21.23.20 mail.yourdomain.org
on every client machine (/etc/hosts or
%windir%\system32\drivers\etc\hosts (could be different for win2k)).
You could set that up using a logon script (active directory or
samba, doesn't matter), or by tricking users with candy to run the
script manually :)
--Adrian.
At 10:45 PM 1/27/2006, Glynn Clements wrote:
>gerardo juarez-mondragon wrote:
>
> > I have the following situation
> >
> > internet internet
> > | |
> > | |
> > mail server ----------- firewall
> > (10.21.23.20) (10.21.23.21)
> > |
> > |
> > intranet
> >
> > (192.168.x.x)
> >
> > The firewall is also a caching DNS, to speed up
> > lookups and overcome DNS server downtime. My
> > problem is that when I lookup the mail server
> > the address I receive from 10.21.23.21 is the
> > external address, as seen from outside.
> > I would like the address to be solved for
> > internal machines as the shortcut 10.21.23.20.
> > The routes are correct according to traceroute.
> >
> > I thought that if I modified the firewall's
> > /etc/hosts including the address of the mail
> > server as 10.21.23.20 and setting nsswitch.conf
> > to hosts: files dns
> > would make it work, but they cached address seems
> > to have priority.
>
>A DNS server is exactly that: a DNS server. Local name-service
>mechanisms (/etc/hosts, /etc/host.conf, /etc/nsswitch.conf etc) only
>affect the results of gethostbyname() and similar functions, and won't
>have any effect upon the behaviour of named or other DNS daemons, or
>any programs which perform DNS queries directly (e.g. most MTAs).
>
>If the DNS server is running BIND 9.x, you can use the "view"
>statement to provide different information for a domain depending upon
>who is asking. The view statement is described in sections 6.2.19 and
>6.2.20 of the BIND Administrator Reference Manual.
>
>--
>Glynn Clements <glynn@gclements.plus.com>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: DNS Problem
2006-01-27 22:09 ` Adrian C.
@ 2006-01-28 3:57 ` Stephen Samuel
0 siblings, 0 replies; 6+ messages in thread
From: Stephen Samuel @ 2006-01-28 3:57 UTC (permalink / raw)
To: Adrian C.; +Cc: linux-admin
If the caching nameserver doesn't provide any DNS services for
external machines, then you can simply add a 'domain' entry for
the mail server...
in named.conf :
zone "mail.server.mydomain.com" { type master; file "db.fakemail"; };
in db.fakemail:
; $TTL 9000
@ IN SOA firewall.mydomain.com.
myname.myhost.mydomain.com. (
2005090107
15000 ; Refresh slave check every 4 hours
720 ; slaves retry every 12 min
;; 1209600 ; expire: 2 weeks
864000 ; expire: 240 hours
4320 ; TTL external caches last 72 min
)
;
;Name Servers for Mail server
;
; not external, so geographically diverse rule is moot.
; if you have a redundant server on your net list it here.
IN NS firewall.mydomain.com.
; Record for the mail server... (that is the "domain" you claimed in
named.conf)
@ IN A 65.110.6.163
=======================================
That's about it. The '@' gets replaced by the domain name mentioned
in the named.conf Zone record.
This doesn't mess up your firewall's status as a 'caching nameserver'.
is a regular nameserver that doesn't happen to be authoratative
for any domains.... Nothing really special about them at all.
Adrian C. wrote:
>
> Or you could just set an entry like
>
> 10.21.23.20 mail.yourdomain.org
>
> on every client machine (/etc/hosts or
> %windir%\system32\drivers\etc\hosts (could be different for win2k)).
>
> You could set that up using a logon script (active directory or samba,
> doesn't matter), or by tricking users with candy to run the script
> manually :)
>
> --Adrian.
>
> At 10:45 PM 1/27/2006, Glynn Clements wrote:
>
>> gerardo juarez-mondragon wrote:
>>
>> > I have the following situation
>> >
>> > internet internet
>> > | |
>> > | |
>> > mail server ----------- firewall
>> > (10.21.23.20) (10.21.23.21)
>> > |
>> > |
>> > intranet
>> >
>> > (192.168.x.x)
>> >
>> > The firewall is also a caching DNS, to speed up
>> > lookups and overcome DNS server downtime. My
>> > problem is that when I lookup the mail server
>> > the address I receive from 10.21.23.21 is the
>> > external address, as seen from outside.
>> > I would like the address to be solved for
>> > internal machines as the shortcut 10.21.23.20.
>> > The routes are correct according to traceroute.
>> >
>> > I thought that if I modified the firewall's
>> > /etc/hosts including the address of the mail
>> > server as 10.21.23.20 and setting nsswitch.conf
>> > to hosts: files dns
>> > would make it work, but they cached address seems
>> > to have priority.
>>
--
Stephen Samuel +1(604)450-0066 samnospam@bcgreen.com
http://www.bcgreen.com/
Powerful committed communication. Transformation touching
the jewel within each person and bringing it to light.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: DNS Problem
@ 2006-02-16 2:10 gerardo juarez-mondragon
0 siblings, 0 replies; 6+ messages in thread
From: gerardo juarez-mondragon @ 2006-02-16 2:10 UTC (permalink / raw)
To: linux-admin
Sorry for the very late follow up, and thanks to
Adrian C., Glyn Clements and urgrue for their
answers. I solved it with the 'view' option.
Gerardo
Searching for the best free email? Try MetaCrawler Mail, from the #1 metasearch service on the Web, http://www.metacrawler.com
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-02-16 2:10 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-26 19:52 DNS Problem gerardo juarez-mondragon
[not found] ` <189847C2744EDE44B939F4DD231B356A@gjuarezmondragon.metacraw ler.com>
2006-01-26 20:33 ` urgrue
2006-01-27 20:45 ` Glynn Clements
2006-01-27 22:09 ` Adrian C.
2006-01-28 3:57 ` Stephen Samuel
-- strict thread matches above, loose matches on Subject: below --
2006-02-16 2:10 gerardo juarez-mondragon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).