gerardo juarez-mondragon wrote: > I have the following situation > > internet internet > | | > | | > mail server ----------- firewall > (10.21.23.20) (10.21.23.21) > | > | > intranet > > (192.168.x.x) > > The firewall is also a caching DNS, to speed up > lookups and overcome DNS server downtime. My > problem is that when I lookup the mail server > the address I receive from 10.21.23.21 is the > external address, as seen from outside. > I would like the address to be solved for > internal machines as the shortcut 10.21.23.20. > The routes are correct according to traceroute. > > I thought that if I modified the firewall's > /etc/hosts including the address of the mail > server as 10.21.23.20 and setting nsswitch.conf > to hosts: files dns > would make it work, but they cached address seems > to have priority. A DNS server is exactly that: a DNS server. Local name-service mechanisms (/etc/hosts, /etc/host.conf, /etc/nsswitch.conf etc) only affect the results of gethostbyname() and similar functions, and won't have any effect upon the behaviour of named or other DNS daemons, or any programs which perform DNS queries directly (e.g. most MTAs). If the DNS server is running BIND 9.x, you can use the "view" statement to provide different information for a domain depending upon who is asking. The view statement is described in sections 6.2.19 and 6.2.20 of the BIND Administrator Reference Manual. -- Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx> - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
