Date: Tue, 17 Nov 1998 21:56:01 From: Kurt Keller <Kurt@pinboard.com> To: john cooper <john@isi.co.jp> Cc: freebsd-net@FreeBSD.ORG Subject: Re: BIND/Mail/MX Question.. Message-ID: <3.0.5.16.19981117215601.483f79b8@pop.pbdhome.pinboard.com> In-Reply-To: <98Nov18.005806jst.21890@ns.isi.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
You should not expose the 192.168.* address to the outside. Hosts on the internet can not connect to it and might instead even try to connect to the internal 192.168.* hosts in their own intranet. The solution is to mention ws.isi.co.jp as the official mailhost and use sendmail rules to redirect mail for *.isi.co.jp to ms.isi.co.jp. ms.isi.co.jp itself needs some sendmail rule adjustments as well. If you are using BIND 8, it is possible to serve both, the internet and intranet from the same DNS server, provided you use a subdomain for the intranet. With BIND 8 it is easily possible to make info about certain domains only accessible to a certain IP range. Cheers, Kurt >For example, outside the firewall there are 202.214.* addresses >and inside 192.168.* addresses. Aside from the issue of exposing >... >The trouble I'm having is that if I use: > >isi.co.jp. IN MX 50 ms.isi.co.jp. ; local mail host > IN MX 100 ws.isi.co.jp. > >where ms.isi.co.jp's address is internal [192.168.*], mail >coming from outside our domain gets deflected to ws.isi.co.jp. >sitting on the external side of the FW [202.214.*]. > >As I understand, the MX record is required to relay mail from >the FW/DNS server to the internal mail server. However if >... >This seems to me to be a fairly normal thing to do. Would >someone kindly clue me in on the standard way this is solved? -- -------------------------------------------------------------------- ¦ Kurt@pinboard.com http://www.pinboard.com/ business ¦ ¦ http://www.pinboard.com/kurt/ private ¦ ¦--------------------------------------------------------------------¦ ¦ Unix and Internet Specialist ¦ -------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.16.19981117215601.483f79b8>