On Fri, 10 Feb 1995, Greg Woods wrote:
> But we have users that send mail out with return addresses that are of
> the form user @
host .
subdomain .
ucar .
edu .
I want people on the net to be
> able to reply to those messages, but I don't want to leave our internal
> hosts' SMTP ports open to connections initiated from the outside. So, I
> want to send out a wildcard MX record for *.ucar.edu which would direct
> all inbound mail to our relay host (which would run "smap", be secured
> in a manner as close as possible to a "bastion host", etc.). This host
> then needs to be able to resolve the *real* MX/A information in order
> to deliver the mail. This is another reason for going to a "split DNS"
> configuration.
But wouldn't it also be possible to build a heirarchy of MX records like
this:
host.domain.ucar.edu MX 100 bastion.ucar.edu
MX 1 host.domain.ucar.edu
and avoid the split DNS altogether? Hosts that can't get to
"host.domain.ucar.edu" would send mail to "bastion.ucar.edu", while the
bastion would send the mail to "host.domain.ucar.edu".
Frank
--
"Outside of a dog, a book is a man's best friend;
inside of a dog, it's too dark to read." -- Groucho Marx
Follow-Ups:
References:
|
|
