[CentOS] Split dns issues
Jason Pyeron
jpyeron at pdinc.us
Sun Aug 2 23:23:42 UTC 2009
> -----Original Message-----
> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of Les Mikesell
> Sent: Sunday, August 02, 2009 18:20
> To: CentOS mailing list
> Subject: Re: [CentOS] Split dns issues
>
> Jason Pyeron wrote:
> >>>>
> >> You could just firewall port 25 on the spam-checking MX
> >
> > They are outsourced to google, we cannot control that.
>
> You must have a firewall that you control on your side where
> these connections have to pass.
>
> >> relays from the trusted networks and add a high-numbered
> MX record
> >> for the target you want them to hit instead. As long
> >
> > Adding mail.pdinc.us to the list would beg spammers to skip
> our spam
> > gateway service.
>
> That's fine, as they would be unable to connect if you leave
> it a private address.
Just feels dirty.
>
> > And I think adding the non routable Ips assigned to the intranet
> > mail.pdinc.us server to public MX records might be a bit of
> bad form
> > and add a point of failure when the ip address changes.
>
> It's a bit of bad form to use NAT and private addresses at
> all because the internet really wasn't designed to be
> segmented, but everyone does it. Or you could use a public
> address in a DMZ where it is firewalled from everything but
We are working towards that, but our provider does not want to allocate any more
IPs beyond our two current class C blocks. Hoping to migrate to IPv6 soon.
> internal connections and perhaps things relayed by the
> external spam service.
> The point of being able to provide multiple MX records is
> that things keep working even if some of them aren't reachable.
>
I think for now we are going to leave it as status quo.
We have been tossing using a sql backend to generate our zone files, now I see
that pdns supports oracle and mysql we might do up a whole new thing.
I am going to start a new thread on pdns
Thanks everyone for your patience and help.
-Jason
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
More information about the CentOS
mailing list