[CentOS] Split dns issues

Les Mikesell lesmikesell at gmail.com
Mon Aug 3 15:48:48 UTC 2009

Filipe Brandenburger wrote:
> On Mon, Aug 3, 2009 at 10:27, Jason Pyeron<jpyeron at pdinc.us> wrote:
>> My worry is the A record for the outsourced mail service is out of our control,
>> if it were to change it would be catastrophic.
> Well, if you *must* use a name like mx.google.com for your MX, you
> could also set up an mx.google.com domain as authoritative in your
> domain, and then add an "A" record with your internal mail server
> there... It's not beautiful, but it should work.

One other possibility is that some network equipment (e.g. Cisco PIX) 
has the ability to apply some NAT rules to DNS responses as they go by. 
  You'd have to track the actual IP's to alias them, but since the 
worst-case behavior of not translating would be to get a spam-scan it 
might not be too bad.  I don't think this will differentiate between mx 
and other dns responses though, so it could cause trouble if the target 
IPs are the same as ones used for some other type of access.

Personally, I don't like to rely on features that are vendor-specific 
like that but it might be a quick fix for this problem.  The real 
solution would be to configure your sending sendmails to use a MAIL_HUB 
setting - at least any that send enough local mail to matter and always 
have direct access  to the internal server.

   Les Mikesell
    lesmikesell at gmail.com

More information about the CentOS mailing list