Re: Update dns for local address space

From: jpd <read_the_sig@xxxxxxxxxxxxxxxxxxxxxx>
Date: 15 May 2006 09:33:54 GMT

Begin <1147635588.236184.38320@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
On 2006-05-14, Håvard Olerud Eriksen <hoeriksen@xxxxxxxxx> wrote:
[attribution missing]

Erm.. I think you answered my question but I'll specify just to make
sure. What I want for the bsd box to do is to be able to receive
traffic bound (actually emails) for server.companyname.com with the
address 10.0.0.3 and forward it to that.
The setup is like this:
<internet> <-> <breebsdbox with public address (217.x.x.x) and local
address (10.0.0.x)> <-> server.companyname.com (10.0.0.3).

This won't work.

The reason is simple: 10/8 (techspeak for the 10.x.x.x range) is a
private range. As such it is ``unroutable'', and that means that if you
list that as your mailserver, nobody on the internet will know how to
find your machine, unless they are also part of your private network.

You need to tell the rest of the world where your mailserver is[1], and
you tell them a public address. The simplest is if that public address
points directly to a receiving mailserver. That receiver can then be
just a spooler configured to forward all mails to an incoming server, if
you want that.

If that is not possible, you can fake it with PAT[2], that is, the
public machine ``forwards'' the mail connection itself to a private
machine. But then you're back at what probably is your problem:

Since I'm doing this for qmail I need to add it to the DNS of the
freebsd box and not just add it to /etc/hosts.

I don't know enough about qmail to know about the details of exactly
how it wants to see its own name. In the case of PAT above, this may
be the case. I'd avoid the entire situation, but then I'd also avoid
qmail as I dislike the software. I do know that by default it wants
reverse lookup on all connections. You need DNS service for that but not
necessairily on its own address, and even then it might be happy enough
with something like internalserver.local. IN A 10.0.0.3 and matching
reverse.

As I said, you can serve reverse locally. If you want your mailserver
to have a private address, and you want it to resolve both forward and
reverse to that, AND you want the rest of the world to be able to find
your mailserver under a public address, then it gets tricky.

But it can be done; one answer is the ``split horizon'' feature. It
means that you tell bind to give different answers depending on who
asks.

Also (newbie alert), how can I look up the local bind configuration?
I've never mocked about with DNS in any *nix og *bsd operating systems.

I can't tell you as I don't know what your local bind configuration is.
So I'll refer you to the handbook. You'll need to dig into that anyway
as you'll need to understand exactly what is happening and how you can
make that to pass. Find the handbook and find a DNS HOWTO, then spend
some time understanding just what trickery you've landed yourself into.

Hence, I'm leaving the list of steps to take as an excercise. :-)

[1] Consider the following DNS record:

example.com IN MX 10 server.example.com.

This means that email to whatever@xxxxxxxxxxx should be delivered to
server.example.com. The `10' tells the asker which to try first if
there are multiple such records

[2] Think NAT, but on individual port level.

--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law.
.

Follow-Ups:
- Re: Update dns for local address space
  - From: Håvard Olerud Eriksen

References:
- Update dns for local address space
  - From: Håvard Olerud Eriksen
- Re: Update dns for local address space
  - From: jpd
- Re: Update dns for local address space
  - From: Håvard Olerud Eriksen

Prev by Date: Re: resizing disk partition without formating
Next by Date: Re: Stats comp.unix.bsd.freebsd.misc (last 7 days)
Previous by thread: Re: Update dns for local address space
Next by thread: Re: Update dns for local address space
Index(es):
- Date
- Thread

Relevant Pages

Re: [opensuse] Reverse DNS of slave server (was : "Slow" postfix)
... the client ip and a forward lookup of the result of the reverse lookup. ... A mailserver relies heavily on DNS, correctly working DNS is a must. ... This seems unable to resolve reverse dns-queries. ...
(SuSE)
Re: Multihomed DNS server install problems
... > DNS server so that you'll handle the reverse directly from it; ... > be sure to delegate the reverse to both your local DNS ... > NIC should come first, before the private one, also, be sure that the ... Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP ...
(microsoft.public.win2000.dns)
Re: Multihomed DNS server install problems
... >> private onto a private DNS server and will take your advice. ... >> to my DNS if my reverse resolution is to work. ... DNS server so that you'll handle the reverse directly from it; ...
(microsoft.public.win2000.dns)
Re: Multihomed DNS server install problems
... private onto a private DNS server and will take your advice. ... DNS if my reverse resolution is to work. ...
(microsoft.public.win2000.dns)
Re: Multihomed DNS server install problems
... > public IP that will be recieving requests for DNS ... the reverse resolution through your DNS too ... As a final note I'd setup a "private only" ... domain for both your LAN and the internet things will ...
(microsoft.public.win2000.dns)