> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Les Mikesell > Sent: Sunday, August 02, 2009 18:20 > To: CentOS mailing list > Subject: Re: [CentOS] Split dns issues > > Jason Pyeron wrote: > >>>> > >> You could just firewall port 25 on the spam-checking MX > > > > They are outsourced to google, we cannot control that. > > You must have a firewall that you control on your side where > these connections have to pass. > > >> relays from the trusted networks and add a high-numbered > MX record > >> for the target you want them to hit instead. As long > > > > Adding mail.pdinc.us to the list would beg spammers to skip > our spam > > gateway service. > > That's fine, as they would be unable to connect if you leave > it a private address. Just feels dirty. > > > And I think adding the non routable Ips assigned to the intranet > > mail.pdinc.us server to public MX records might be a bit of > bad form > > and add a point of failure when the ip address changes. > > It's a bit of bad form to use NAT and private addresses at > all because the internet really wasn't designed to be > segmented, but everyone does it. Or you could use a public > address in a DMZ where it is firewalled from everything but We are working towards that, but our provider does not want to allocate any more IPs beyond our two current class C blocks. Hoping to migrate to IPv6 soon. > internal connections and perhaps things relayed by the > external spam service. > The point of being able to provide multiple MX records is > that things keep working even if some of them aren't reachable. > I think for now we are going to leave it as status quo. We have been tossing using a sql backend to generate our zone files, now I see that pdns supports oracle and mysql we might do up a whole new thing. I am going to start a new thread on pdns Thanks everyone for your patience and help. -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.