> In setting up our DNS split across a firewall, we've run into a
> problem that we didn't anticipate or solve in our first design. Frankly,
> we're stumped about how to do this right. Here's our setup:
> We have an external DNS server that has MX's for our domain to our email
> proxy on the firewall. The resolver on the proxy (bastion) host delivers
> mail according to the internal DNS server (and it's "true" MX records for
> our local domain). This works fine for incoming mail.
> The rub comes when a local host tries to send mail to an external host.
> The local host looks up the external host in the internal DNS server,
> who forwards the request to the external DNS server, and gets back the
> "A" and "MX" records for the external host. Neither of the addresses
Normally, this is handled by a shortcircuit rule for sendmail (or
smail, etc.) rule that sends mail to the gateway instead of trying to
deliver directly, except for local email.
This is pretty normal. Often it is done fairly statically by sending
anything with a foreign domain name to a host alias named "mailhost".
This is a one line addition to sendmail clients.
You can also use this to connect a network of DNS unaware
(/etc/hosts...) systems to an Internet Gateway. Sometimes some fancy
address manipulation has to be done on the local gateway, however.
And X.400, which I also added to a gateway, is even worse.
Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales Internet: sdw @
net sdw @
OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together