At 21:52 26-01-06, gerardo juarez-mondragon wrote: >I have the following situation > > internet internet > | | > | | > mail server ----------- firewall > (10.21.23.20) (10.21.23.21) > | > | > intranet > > (192.168.x.x) > >The firewall is also a caching DNS, to speed up >lookups and overcome DNS server downtime. My >problem is that when I lookup the mail server >the address I receive from 10.21.23.21 is the >external address, as seen from outside. >I would like the address to be solved for >internal machines as the shortcut 10.21.23.20. >The routes are correct according to traceroute. > >I thought that if I modified the firewall's >/etc/hosts including the address of the mail >server as 10.21.23.20 and setting nsswitch.conf >to hosts: files dns >would make it work, but they cached address seems >to have priority. > >I also restarted named, but the situation remains. > >What should be the correct configuration? From your description I'm assuming that your mail server DNS points to 10.21.23.20 and that you forward port 25 from there to 10.21.23.21? If so, and since your intranet anyway travels through your firewall to reach your mail server, why not just let them use the 10.21.23.20 address? If you must do it for some reason, what about having internal hosts configured to use for example smtp-internal.domain.com which points to 10.21.23.21 while the internet and your MXs use smtp.domain.com, which would be the .20 address. - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
