Confused dns/bind newbie

Stephen Eickhoff eickhsr at jm-usa.com
Wed Jan 26 20:32:43 UTC 2000 


Kevin Darcy wrote:

> Stephen Eickhoff wrote:
>
>
> >
> > I have a somewhat similar problem. I'd like to be able to host my webpage as
> > http://operagost.com, but my mail server is on another machine behind the firewall
> > with a reserved IP, and the only way to get email is to address it to
> > orff.operagost.com.(BIND 8.1.2) I have a NAT running on "liszt" which redirects
> > SMTP to "orff".
> >
> > @ IN SOA orff.operagost.com. POSTMASTER.orff.operagost.com. (
> >           19991213             ;           Serial number
> >           3600                 ; 1 hour    Refresh
> >           300                  ; 5 minutes Retry
> >           172800               ; 2 days    Expire
> >           43200 )              ; 12 hours  Minimum
> >                                IN NS    orff.operagost.com.
> > operagost.com.                 IN MX  5 orff.operagost.com.
> > liszt.operagost.com.           IN A     151.197.22.14
> > orff.operagost.com.            IN A     192.168.0.20
> > operagost.com.                 IN A     151.197.22.14
> > www                            IN CNAME liszt.operagost.com.
> >
> > So what did I mess up here?
>
> What are you trying to accomplish here? 192.168/16 is a non-Internet-routable (RFC
> 1918) network. So why have your MX pointed at a machine that no Internet host can
> reach? I assume there should be an MX record pointing to liszt, since from your
> description, liszt is capable of getting the mail to orff.
>
> If you're using the same DNS database for your internal clients, and they are using
> MX routing, then perhaps replacing orff with liszt might break them. In this case,
> either separate your DNS database into internal and external (this is better for
> security reasons anyway), or have MX records pointing to *both* orff and liszt; you
> can use the preference field to control the order in which the servers are tried.
>
> By the way, you shouldn't be listing orff as a nameserver for operagost.com, for the
> same (RFC 1918) reasons. Moreover, the delegation for operagost.com shows
> orff.operagost.com with liszt's IP address (?); I'm surprised your registrar even
> allows you to have a delegation with only 1 nameserver. Any way you look at it, you
> are effectively down to 1 working nameserver; if it goes down, you're hosed. You
> really should get someone to provide secondary service, if you care at all about
> availability.
>
> - Kevin

It's a hack... this is a hobby network, and I have only one IP address on ADSL. I'll
look at it as a hack and live with it as it is. The reason why mail gets there at all is
because I have gateway software running on Liszt which portmaps SMTP to Orff. It also
redirects port 53 to Orff. That's why my domain record looks screwy.

Yup, Network Solutions let me designate only one nameserver. Since I am not running
anything mission critical, in fact I have no mission *grin*, I can live with it.

More information about the bind-users mailing list