difficult problem with DNS and Mail

Auteria Wally Winzer Jr. wally.winzer at ChampUSA.COM
Sat Jul 21 05:13:52 UTC 2001 

You can actually bypass the mailertable and access.db entries if
your domain has the proper MX entries.  On a secondary mail svr
it's wise to use the mailertable function to relay all mail for the
thought.org domain, but you shouldn't have it on the primary
mail server.  This ensures mail will be queued and ready to transport
once the primary mail svr is back on line.

Our mailertable looks something like this on our relay smtp svr:

foo.bar        relay:[mailhub.foo.bar]
.foo.bar        relay:[mailhub.foo.bar]

In your case, your mailertable could look like this (your 2nd mail svr):

thought.org        relay:[ns1.thought.org]
.thought.org        relay:[ns1.thought.org]

This is from your MX RR's for the thought.org domain:

1010 wwinzer at Sun-E3000:/export/home0/var/log/local ==> dig thought.org mx

; <<>> DiG 8.3 <<>> thought.org mx
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 5, ADDITIONAL: 1
;; QUERY SECTION:
;;      thought.org, type = MX, class = IN

;; ANSWER SECTION:
thought.org.            10M IN MX       10 ns1.thought.org.
thought.org.            10M IN MX       20 mail1.cray.com.
thought.org.            10M IN MX       50 mail.oz.net.
thought.org.            10M IN MX       100 relay1.exodus.net.
thought.org.            10M IN MX       150 relay2.exodus.net.

;; AUTHORITY SECTION:
thought.org.            10M IN NS       ns2.tera.com.
thought.org.            10M IN NS       ns2.granitecanyon.com.
thought.org.            10M IN NS       ns1.thought.org.
thought.org.            10M IN NS       ns1.granitecanyon.com.
thought.org.            10M IN NS       ns2.oz.net.

;; ADDITIONAL SECTION:
ns1.thought.org.        10M IN A        216.39.168.248

;; Total query time: 4061 msec
;; FROM: Sun-E3000 to SERVER: default -- 207.21.123.3
;; WHEN: Fri Jul 20 22:03:38 2001
;; MSG SIZE  sent: 29  rcvd: 280

It looks as if the GTLD servers has the proper zone info as well:

1011 wwinzer at Sun-E3000:/export/home0/var/log/local ==> dig @a-gtld.servers.net
thought.org mx

; <<>> DiG 8.3 <<>> @a-gtld.servers.net thought.org mx
; Bad server: a-gtld.servers.net -- using default server and timer opts
; (3 servers found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 5, ADDITIONAL: 4
;; QUERY SECTION:
;;      thought.org, type = MX, class = IN

;; ANSWER SECTION:
thought.org.            7m24s IN MX     20 mail1.cray.com.
thought.org.            7m24s IN MX     50 mail.oz.net.
thought.org.            7m24s IN MX     100 relay1.exodus.net.
thought.org.            7m24s IN MX     150 relay2.exodus.net.
thought.org.            7m24s IN MX     10 ns1.thought.org.

;; AUTHORITY SECTION:
thought.org.            1d17h43m30s IN NS  NS1.GRANITECANYON.com.
thought.org.            1d17h43m30s IN NS  NS2.GRANITECANYON.com.
thought.org.            1d17h43m30s IN NS  NS2.TERA.com.
thought.org.            1d17h43m30s IN NS  NS2.oz.net.
thought.org.            1d17h43m30s IN NS  ns1.thought.org.

;; ADDITIONAL SECTION:
ns1.thought.org.        1d17h43m30s IN A  216.39.168.248
NS1.GRANITECANYON.com.  1d14h16m6s IN A  205.166.226.38
NS2.TERA.com.           1d20h38m29s IN A  207.224.243.51
NS2.oz.net.             1d20h38m29s IN A  205.216.137.33

;; Total query time: 5 msec
;; FROM: Sun-E3000 to SERVER: default -- 207.21.123.3
;; WHEN: Fri Jul 20 22:06:14 2001
;; MSG SIZE  sent: 29  rcvd: 328

Now mail that comes to your 2nd mail server that you have control
over will relay all mail to ns1.thought.org for processing.

Make sure thought.org is in your /etc/mail/local-host-names file.
Restart sendmail.  You can test by running sendmail in test mode:

1012 wwinzer at Sun-E3000:/export/home0/var/log/local ==> cd
1013 wwinzer at Sun-E3000:~ ==> sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> $=w
.....
.....
.....
> /quit

The "....." will show the domain names/canonical names for which
sendmail receives mail.

Hope this helps.  BTW there's a sendmail address where you can
mail questions on the subject:

sendmail-questions at sendmail.org

- Wally Winzer Jr.

"Chad M. Stewart" wrote:

> At 10:26 PM 07/20/2001, Kevin Darcy wrote:
>
> Kevin - thanks for your response to my ealier post.
>
> >You can call the nameserver anything you want. Just make sure you keep the
> >nameserver
> >name(s) and address(s) in synch between what you publish from the zone and
> >what your
> >registrar provides to the TLD servers. Otherwise you're asking for trouble
> >-- you too
> >could join the ranks of the loathed and despised delegation-botchers :-).
>
> I was one of those for about a week, that won't happen again!  Most times I
> only have to be told once. :)
>
> >As for "mailhub" (or, more accurately, MAIL_HUB), see the cf/README file
> >in the
> >sendmail distribution for the basic rundown of how it works and how to
> >configure it.
> >If you have more complex requirements, you may want to go to something like
> >mailertables, virtusertable or LDAP-based routing instead. But it sounds
> >like all you
> >need is a "punt" for inbound mail.
>
> Gary -- Try this
>
> On the Internet system see if you have mailertables enabled in your
> sendmail.cf file.  In that file put something like
>
> thought.org     smtp:inside.host.here
>
> Also in the access.db put
>
> thought.org     RELAY
>
> Then make the internal system know that user at thought.org is local and I
> think you'll have what you want.
>
> Regards,
> Chad
>
> >- Kevin
> >
> >Gary Kline wrote:
> >
> > > On Fri, Jul 20, 2001 at 07:33:45PM -0400, Kevin Darcy wrote:
> > > >
> > > > This is really more of a mail server question than a DNS question. In
> > DNS terms,
> > > > your mail (MX record) would be pointed to fubar. Then fubar would
> > forward the
> > > > mail to tao through the firewall. If fubar is also being used for
> > outbound mail,
> > > > then you'd probably want to go with a "mailhub" type of sendmail
> > configuration,
> > > > i.e. where all "local" addresses are forwarded to some other box. I'm
> > not really
> > > > up-to-date on how to do that, since we've had separate servers for
> > inbound and
> > > > outbound mail for a number of years, and that's a somewhat different
> > > > configuration...
> > > >
> > > >
> > >
> > >         Hm...  One thing I'm wondering about is: wwould I have to
> > >         bother switching my interNIC  registery?   It might be
> > >         vastly simpler to make *this* (TAO) 249 and FUBAR 248;
> > >         then FUBAR  could be my new NS1.THOUGHT.ORG as it is
> > >         currently in Network Services' records.
> > >
> > >         Any pointers to the `mailhub' config would be welcome.
> > >         DNS AND BIND reads like a novel ;  the big blue sendmail
> > >         tome gives me the shivers :-)/2.


-- Binary/unsupported file stripped by Listar --
-- Type: application/x-pkcs7-signature
-- File: smime.p7s
-- Desc: S/MIME Cryptographic Signature

More information about the bind-users mailing list