Re: Split dns issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



 

> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx 
> [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Les Mikesell
> Sent: Sunday, August 02, 2009 18:20
> To: CentOS mailing list
> Subject: Re:  Split dns issues
> 
> Jason Pyeron wrote:
> >>>>
> >> You could just firewall port 25 on the spam-checking MX
> > 
> > They are outsourced to google, we cannot control that.
> 
> You must have a firewall that you control on your side where 
> these connections have to pass.
> 
> >> relays from the trusted networks  and add a high-numbered 
> MX record 
> >> for the target you want them to hit instead.  As long
> > 
> > Adding mail.pdinc.us to the list would beg spammers to skip 
> our spam 
> > gateway service.
> 
> That's fine, as they would be unable to connect if you leave 
> it a private address.

Just feels dirty.

> 
> > And I think adding the non routable Ips assigned to the intranet 
> > mail.pdinc.us server to public MX records might be a bit of 
> bad form 
> > and add a point of failure when the ip address changes.
> 
> It's a bit of bad form to use NAT and private addresses at 
> all because the internet really wasn't designed to be 
> segmented, but everyone does it.  Or you could use a public 
> address in a DMZ where it is firewalled from everything but 

We are working towards that, but our provider does not want to allocate any more
IPs beyond our two current class C blocks. Hoping to migrate to IPv6 soon.

> internal connections and perhaps things relayed by the 
> external spam service. 
> The point of being able to provide multiple MX records is 
> that things keep working even if some of them aren't reachable.
> 

I think for now we are going to leave it as status quo. 

We have been tossing using a sql backend to generate our zone files, now I see
that pdns supports oracle and mysql we might do up a whole new thing.

I am going to start a new thread on pdns

Thanks everyone for your patience and help.

-Jason 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux