From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Samuel Subject: Re: DNS Problem Date: Fri, 27 Jan 2006 19:57:48 -0800 Message-ID: <43DAEBBC.6040804@bcgreen.com> References: <189847C2744EDE44B939F4DD231B356A@gjuarezmondragon.metacrawler.com> <17370.34385.483757.298519@cerise.gclements.plus.com> <7.0.0.16.0.20060128000021.01ccad78@foo.teinet.ro> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-reply-to: <7.0.0.16.0.20060128000021.01ccad78@foo.teinet.ro> Sender: linux-admin-owner@vger.kernel.org List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: "Adrian C." Cc: linux-admin@vger.kernel.org If the caching nameserver doesn't provide any DNS services for external machines, then you can simply add a 'domain' entry for the mail server... in named.conf : zone "mail.server.mydomain.com" { type master; file "db.fakemail"; }; in db.fakemail: ; $TTL 9000 @ IN SOA firewall.mydomain.com. myname.myhost.mydomain.com. ( 2005090107 15000 ; Refresh slave check every 4 hours 720 ; slaves retry every 12 min ;; 1209600 ; expire: 2 weeks 864000 ; expire: 240 hours 4320 ; TTL external caches last 72 min ) ; ;Name Servers for Mail server ; ; not external, so geographically diverse rule is moot. ; if you have a redundant server on your net list it here. IN NS firewall.mydomain.com. ; Record for the mail server... (that is the "domain" you claimed in named.conf) @ IN A 65.110.6.163 ======================================= That's about it. The '@' gets replaced by the domain name mentioned in the named.conf Zone record. This doesn't mess up your firewall's status as a 'caching nameserver'. is a regular nameserver that doesn't happen to be authoratative for any domains.... Nothing really special about them at all. Adrian C. wrote: > > Or you could just set an entry like > > 10.21.23.20 mail.yourdomain.org > > on every client machine (/etc/hosts or > %windir%\system32\drivers\etc\hosts (could be different for win2k)). > > You could set that up using a logon script (active directory or samba, > doesn't matter), or by tricking users with candy to run the script > manually :) > > --Adrian. > > At 10:45 PM 1/27/2006, Glynn Clements wrote: > >> gerardo juarez-mondragon wrote: >> >> > I have the following situation >> > >> > internet internet >> > | | >> > | | >> > mail server ----------- firewall >> > (10.21.23.20) (10.21.23.21) >> > | >> > | >> > intranet >> > >> > (192.168.x.x) >> > >> > The firewall is also a caching DNS, to speed up >> > lookups and overcome DNS server downtime. My >> > problem is that when I lookup the mail server >> > the address I receive from 10.21.23.21 is the >> > external address, as seen from outside. >> > I would like the address to be solved for >> > internal machines as the shortcut 10.21.23.20. >> > The routes are correct according to traceroute. >> > >> > I thought that if I modified the firewall's >> > /etc/hosts including the address of the mail >> > server as 10.21.23.20 and setting nsswitch.conf >> > to hosts: files dns >> > would make it work, but they cached address seems >> > to have priority. >> -- Stephen Samuel +1(604)450-0066 samnospam@bcgreen.com http://www.bcgreen.com/ Powerful committed communication. Transformation touching the jewel within each person and bringing it to light.