[CentOS] Split dns issues
Jason Pyeron
jpyeron at pdinc.us
Mon Aug 3 16:09:21 UTC 2009
> -----Original Message-----
> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of Les Mikesell
> Sent: Monday, August 03, 2009 11:49
> To: CentOS mailing list
> Subject: Re: [CentOS] Split dns issues
>
> Filipe Brandenburger wrote:
> >
> > On Mon, Aug 3, 2009 at 10:27, Jason Pyeron<jpyeron at pdinc.us> wrote:
> >> My worry is the A record for the outsourced mail service is out of
> >> our control, if it were to change it would be catastrophic.
> >
> > Well, if you *must* use a name like mx.google.com for your MX, you
> > could also set up an mx.google.com domain as authoritative in your
> > domain, and then add an "A" record with your internal mail server
> > there... It's not beautiful, but it should work.
>
> One other possibility is that some network equipment (e.g.
> Cisco PIX) has the ability to apply some NAT rules to DNS
> responses as they go by.
> You'd have to track the actual IP's to alias them, but
> since the worst-case behavior of not translating would be to
> get a spam-scan it might not be too bad. I don't think this
> will differentiate between mx and other dns responses though,
> so it could cause trouble if the target IPs are the same as
> ones used for some other type of access.
I think adding more layers to the cake would be a bad idea for us. And way to
vendor specific.
>
> Personally, I don't like to rely on features that are
> vendor-specific like that but it might be a quick fix for
> this problem. The real solution would be to configure your
> sending sendmails to use a MAIL_HUB setting - at least any
Not all of the systems can be configured as such (policy and/or technology).
> that send enough local mail to matter and always have direct
> access to the internal server.
>
> --
> Les Mikesell
> lesmikesell at gmail.com
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
More information about the CentOS
mailing list