[CentOS] Split dns issues
Les Mikesell
lesmikesell at gmail.com
Mon Aug 3 15:48:48 UTC 2009
Filipe Brandenburger wrote:
>
> On Mon, Aug 3, 2009 at 10:27, Jason Pyeron<jpyeron at pdinc.us> wrote:
>> My worry is the A record for the outsourced mail service is out of our control,
>> if it were to change it would be catastrophic.
>
> Well, if you *must* use a name like mx.google.com for your MX, you
> could also set up an mx.google.com domain as authoritative in your
> domain, and then add an "A" record with your internal mail server
> there... It's not beautiful, but it should work.
One other possibility is that some network equipment (e.g. Cisco PIX)
has the ability to apply some NAT rules to DNS responses as they go by.
You'd have to track the actual IP's to alias them, but since the
worst-case behavior of not translating would be to get a spam-scan it
might not be too bad. I don't think this will differentiate between mx
and other dns responses though, so it could cause trouble if the target
IPs are the same as ones used for some other type of access.
Personally, I don't like to rely on features that are vendor-specific
like that but it might be a quick fix for this problem. The real
solution would be to configure your sending sendmails to use a MAIL_HUB
setting - at least any that send enough local mail to matter and always
have direct access to the internal server.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list