Filipe Brandenburger wrote: > > On Mon, Aug 3, 2009 at 10:27, Jason Pyeron<jpyeron at pdinc.us> wrote: >> My worry is the A record for the outsourced mail service is out of our control, >> if it were to change it would be catastrophic. > > Well, if you *must* use a name like mx.google.com for your MX, you > could also set up an mx.google.com domain as authoritative in your > domain, and then add an "A" record with your internal mail server > there... It's not beautiful, but it should work. One other possibility is that some network equipment (e.g. Cisco PIX) has the ability to apply some NAT rules to DNS responses as they go by. You'd have to track the actual IP's to alias them, but since the worst-case behavior of not translating would be to get a spam-scan it might not be too bad. I don't think this will differentiate between mx and other dns responses though, so it could cause trouble if the target IPs are the same as ones used for some other type of access. Personally, I don't like to rely on features that are vendor-specific like that but it might be a quick fix for this problem. The real solution would be to configure your sending sendmails to use a MAIL_HUB setting - at least any that send enough local mail to matter and always have direct access to the internal server. -- Les Mikesell lesmikesell at gmail.com