-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Les Mikesell Sent: Sunday, August 02, 2009 18:20 To: CentOS mailing list Subject: Re: [CentOS] Split dns issues
Jason Pyeron wrote:
You could just firewall port 25 on the spam-checking MX
They are outsourced to google, we cannot control that.
You must have a firewall that you control on your side where these connections have to pass.
relays from the trusted networks and add a high-numbered
MX record
for the target you want them to hit instead. As long
Adding mail.pdinc.us to the list would beg spammers to skip
our spam
gateway service.
That's fine, as they would be unable to connect if you leave it a private address.
Just feels dirty.
And I think adding the non routable Ips assigned to the intranet mail.pdinc.us server to public MX records might be a bit of
bad form
and add a point of failure when the ip address changes.
It's a bit of bad form to use NAT and private addresses at all because the internet really wasn't designed to be segmented, but everyone does it. Or you could use a public address in a DMZ where it is firewalled from everything but
We are working towards that, but our provider does not want to allocate any more IPs beyond our two current class C blocks. Hoping to migrate to IPv6 soon.
internal connections and perhaps things relayed by the external spam service. The point of being able to provide multiple MX records is that things keep working even if some of them aren't reachable.
I think for now we are going to leave it as status quo.
We have been tossing using a sql backend to generate our zone files, now I see that pdns supports oracle and mysql we might do up a whole new thing.
I am going to start a new thread on pdns
Thanks everyone for your patience and help.
-Jason
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.