split dns, MX records, and sending mail from a Win2K server

Fri Oct 22 14:54:39 UTC 2004

On Thu, 21 Oct 2004 20:56:27 -0400, Barry Margolin
<barmar at alum.mit.edu> wrote:

>In article <cl999c$djd$1 at sf1.isc.org>, vze78se7 at verizon.net wrote:
>
>> Hi: I'm a little confused about split DNS.
>> 
>> I have a webserver (Win2K), DNS (Linux/BIND 9.2.3)  and a separate
>> mailserver on a 192.168.1.x subnet.
>> 
>> I've set up a "local.domain.com" zone and added it to my named.conf
>> file under the local view for that subnet.
>> 
>> I have the primary DNS for the webserver (Win2K server) as the BIND
>> server. If I perform an nslookup from the webserver, it correctly
>> returns the local IP addresses for various servers specified in the
>> "local" zone file.
>> 
>> Here's the problem. I send out emails from the webserver using CDO. If
>> I have a customer service form, when constructing an email I specify
>> the recipient to be something like "service at mydomain.com", where
>> "mydomain.com" is the site being hosted on the webserver.
>> 
>> When CDO drops the email in the outgoing mail folder, it never gets
>> delivered. The event log says something like:
>> 
>> "Message delivery to the remote domain 'mydomain.com' failed for the
>> following reason: The connection was dropped by the remote host."
>
>That suggests that CDO successfully looked up the MX record for 
>mydomain.com, and encountered a problem when talking to that server.
>
>> 
>> My local.mydomain.com zone file looks like:
>
>I thought you said the zone you added to your server was 
>local.domain.com, not local.mydomain.com.  In either case, this zone 
>should have no impact at all on mail to user at mydomain.com.

OK, I'm sorry for the confusion...I was trying to keep the post as
short as possible.

Let me start over. I have a "primary" domain that my mailserver's in
(that's what I'm referring to in the example as "myhostsdomain.com").

I have about 100 other domains that use that mailserver as their MX
record. So in the zone file for any of those secondary domains, the MX
record points to the name of the primary domain's mailserver.

For the secondary domain in question, I have created the split DNS,
with a zone file in the public view referencing the public IPs (I'll
call it "db.mydomain.com"), and a 2nd zone file for the local view,
referencing the local IPs ("local.mydomain.com").

That "local" zone file is the example below. I originally referenced
the MX as stated above, but that didn't work, so I tried creating a
dedicated MX and A record as seen below...that didn't work either.

>
>> 
>> 	IN NS ns.myhostsdomain.com
>> 
>> 	IN MX 10	mail
>> 
>> 	IN A	192.168.1.213	//the webserver
>> mail	IN A	192.168.1.230	//the mailserver
>> www	IN A	192.168.1.213	//the webserver
>> 
>> 
>> But I think what's happening is mail addressed to "mydomain.com" is
>> never being sent to the mailserver...like the MX record's being
>> ignored and it's trying to send mail back to itself.
>
>The MX record would only be used if you sent mail to 
>user at local.mydomain.com, not user at mydomain.com.

hmmm...that occurred to me...but that's where I'm confused...in my
named.conf file, I have something like:

acl "mysubnet" {192.168.1./24; 127/8;};

view "internal" {
	match-clients { "mysubnet"; };

	zone "mydomain.com" in {
		type master;
		file "local.mydomain.com"; };
	};

view "external" {
	match-clients { any; };

	zone "mydomain.com" in {
		type master;
		file "db.mydomain.com"; };
	};

So, I'm referencing the domain the same way in both views, I'm just
specifying a different zone data file depending on which side of the
firewall I'm on. The "local" file is still referenced as
"mydomain.com".

So what I would expect is that the Win2K server will see 192.168.1.x
addresses because it's sees the "internal" view data...and indeed it
does...if I do an nslookup on the Windoze box for "www.mydomain.com"
it returns 192.168.1.213.And if I do an nslookup on the Windoze box
for "mail.mydomain.com" it returns 192.168.1.230.

But when I address mail from that server in CDO to
"<someone>@mydomain.com" the SMTP service can't deliver the message.

[This is after having flushed the DNS cache and restarted Internet
Services]

The only time it did work was when I preempted the dns by adding the
mailserver's IP to the hosts file on the Windoze server.

192.168.1.230	mydomain.com	#the IP of the mailserver

THAT worked...but I don't understand why the DNS didn't.

Unless the Windoze box was mysteriously caching some incorrect IP
info? 

>
>> 
>> I ended up getting things to work by adding an entry in the hosts file
>> on the webserver like:
>> 
>> 192.168.1.230	mydomain.com	#the IP of the mailserver
>> 
>> but the only reason this works, I believe, is because the hosts file
>> is queried before the NS.
>> 
>> I guess this is really a Win2K question, but I'm hoping someone may
>> have been through this before and can explain where I'm going wrong.
>
>If you want to control how mail is delivered for mydomain.com, you need 
>to add that zone to the nameserver.