Wildcards in MX Record Domain Names

Kevin Darcy kcd at daimlerchrysler.com
Fri Dec 17 23:08:34 UTC 1999 

Joseph S D Yao wrote:

> On Wed, Dec 15, 1999 at 07:44:46PM -0500, Kevin Darcy wrote:
> > Joseph S D Yao wrote:
> >
> > > On Fri, Dec 10, 1999 at 11:16:40AM -0500, Robert Setterlund wrote:
> > > > Are the below MX records supported in Bind 8.X?
> > > >
> > > > *.org   IN   MX   10   firewallrelay.mayo.org
> > > > *.gov   IN   MX   10   firewallrelay.mayo.org
> > > > *.        IN   MX    10  firewallrelay.mayo.org
> > >
> > > Yes.  But this is probably not the right way of doing this.  You should
> > > really put a relay host into your sendmail.cf file, to send all
> > > non-local e-mail to your firewall.
> >
> > Why? Is it easier to custom-configure dozens or hundreds of sendmail.cf's
> > than it is one master file on an internal root server? ...
>
> This response assumes that in a network it is easier to configure DNS
> properly all over than it is to configure sendmail all over.  Mine
> assumed the opposite.  Different experiences.
>
> Both have the same goal: to get the internal mail servers to send
> "non-local" [for some definition of "non-local"] e-mail to the firewall
> for relaying to the Big Bad Internet.
>
> The "better" one would be whichever one better fits the "truth".  It's
> always easier to maintain a consistent story if you're telling the
> truth.  ;-)  And, "Say What You Mean" is Joe's First Law of Software
> Engineering.  My first impression was that the MX trick, above, violated
> this.  But within its domain, as Kevin has pointed out, it does NOT.  It
> is true.
>
> I will continue to use my sendmail configuration, since it suits my
> needs better.  [Everybody thinks they can meddle with DNS at their whim.
> Everybody is afraid to touch sendmail.cf.  ;-)]  I do note that one
> advantage to the MX solution is that one can specify failover firewalls
> with that, but not with the sendmail relay.

Another advantage, mentioned briefly in the _DNS_and_BIND_ book, and which we
may wish to implement, is that you can more easily route outbound mail to
different gateways, depending on domain name, e.g. all *.de mail goes out the
German gateway.


- Kevin

More information about the bind-users mailing list