From owner-freebsd-hackers  Mon Mar 18 03:28:42 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id DAA16744
          for hackers-outgoing; Mon, 18 Mar 1996 03:28:42 -0800 (PST)
Received: from gw.vil.ditec.de (gw.vil.ditec.de [192.109.176.3])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id DAA16657
          for <hackers@freebsd.org>; Mon, 18 Mar 1996 03:27:41 -0800 (PST)
Received: from tartufo.muc.ditec.de (tartufo.muc.ditec.de [134.98.18.2]) by gw.vil.ditec.de (8.6.11/8.6.9) with SMTP id MAA06183 for <hackers@freebsd.org>; Mon, 18 Mar 1996 12:06:57 +0100
Received: by tartufo.muc.ditec.de (/\=-/\ Smail3.1.16.1 #16.39)
	id <m0tyd6f-000Pa6C@tartufo.muc.ditec.de>; Mon, 18 Mar 96 12:28 MET
Message-Id: <m0tyd6f-000Pa6C@tartufo.muc.ditec.de>
Date: Mon, 18 Mar 96 12:28 MET
From: me@tartufo.muc.ditec.de (Michael Elbel)
To: peter@taronga.com
Cc: hackers@freebsd.org
Subject: Re: An ISP's Wishlist...
Newsgroups: lists.freebsd.hackers
References: <199602192116.WAA20624@keltia.freenix.fr> <199603140812.CAA03540@bonkers.taronga.com>
Reply-To: me@muc.DITEC.de
X-Newsreader: NN version 6.5.0 #1 (NOV)
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In lists.freebsd.hackers you write:

>Michael Elbel <me@tartufo.muc.ditec.de> wrote:
>>The bastion is special in that it needs to know about *both* the inside [...]
>>as well as the rest of the world, [...] You cannot use the external
>>server or you wouldn't know about the internal part [...]. Nor
>>can you use the internal server, because it knows zilch about the rest
>>of the world [...].

>I have no problem with this.

>I have the inside namesrver with all of named.ca/named.root commented out.

>I have the outside name server.

>I have resolv.conf on the firewall look at the inside nameserver then the
>outside nameserver.

>Is this not supposed to work?

>Because it does.

Of course it does work, the extra NS query probably doesn't cost much.
It only has one drawback - I can't put my beloved wildcard MX-records,
pointing to the mail gateway, on the internal server.

I'd again have to reconfigure every single inside mail installation to
forward mail not inside our internal domain to the mail gateway (how
do you do this under UCX anyways?), spending even more time on the
phone answering people's questions who have newly set up their machine
than I now :(

Michael
-- 
Michael Elbel, DITEC, Muenchen, Germany - me@muc.ditec.de
Fermentation fault (coors dumped)