I understand much better now. I will try your suggestions tomorrow and report back.
So the DMZ domain should NOT match the internet domain since the name itself ti
registered at dnsexit.
I take it then that the domain on the dmz could be kroffts.dmz as well as anything
else I could choose to call it. But since the subnets are different, it should not be
the same as the private lan?
Kory
On Mon, 22 Dec 2003 21:47:33 -0600, Michael D Schleif wrote:
>Kory Krofft <[EMAIL PROTECTED]>�[2003:12:22:20:24:44-0500] scribed:
><snip />
>
>>I believe as Ray has mentioned that the major issue may be �a
>>reverse
>>lookup that qmail is doing which causes the timeout error on the
>>mail
>>client. I am still looking into what dns settings I need to change
>>to
>>fix that possibility.
>
>Indeed, that is a very serious problem -- not so much because qmail
>requires a dns server (it does not); but, from tcpdump it is clear
>that
>it cannot find PTR for 1.1.168.192.in-addr.arpa.
>
>In a previous message, you asked for comments on your
>/etc/tinydns-private/root/data -- I strongly suggest that you try the
>following, and forget about your DMZ for now:
>
>=localhost:127.0.0.1
>.localhost:127.0.0.1:a
>.1.0.0.127.in-addr.arpa:127.0.0.1:a
>.kroffts.home:127.0.0.1:a
>.1.168.192.in-addr.arpa:127.0.0.1:a
>
>=markii.kroffts.home:192.168.1.254
>
>=coventry.kroffts.home:192.168.1.1
>
>[EMAIL PROTECTED]:192.168.10.1:mail.kroffts.com
>[EMAIL PROTECTED]::mail.kroffts.com
>
>The last two (2) lines are problematic. �With the `-' as first
>character, they will *not* be used now.
>
>Currently, you are *NOT* authoritative and *CANNOT* assume authority
>for
>the kroffts.com domain:
>
># dnsqr any kroffts.com
>255 kroffts.com:
>101 bytes, 1+4+0+0 records, response, noerror
>query: 255 kroffts.com
>answer: kroffts.com 170446 NS ns1.dnsexit.com
>answer: kroffts.com 170446 NS ns2.dnsexit.com
>answer: kroffts.com 170446 NS ns1.dnsexit.com
>answer: kroffts.com 170446 NS ns2.dnsexit.com
>
># dnsqr mx kroffts.com
>15 kroffts.com:
>45 bytes, 1+1+0+0 records, response, noerror
>query: 15 kroffts.com
>answer: kroffts.com 120 MX 5 kroffts.com
>
># dnsqr a kroffts.com
>1 kroffts.com:
>45 bytes, 1+1+0+0 records, response, noerror
>query: 1 kroffts.com
>answer: kroffts.com 109 A 24.210.193.152
>
># dnsqr soa kroffts.com
>6 kroffts.com:
>91 bytes, 1+1+0+0 records, response, noerror
>query: 6 kroffts.com
>answer: kroffts.com 120 SOA ns1.dnsexit.com jchen.netdorm.com
>2000060701 1200 1200 604800 1200
>
># dnsqr any mail.kroffts.com
>255 mail.kroffts.com:
>48 bytes, 1+1+0+0 records, response, noerror
>query: 255 mail.kroffts.com
>answer: mail.kroffts.com 120 CNAME kroffts.com
>
>You cannot assert that 192.168.10.1 is mail.kroffts.com with
>authority,
>unless you either:
>
>[a] Change DNS configuration at ns{1,2}.dnsexit.com; or
>
>[b] Replace DNS authority at ns{1,2}.dnsexit.com with your own DNS
>server for kroffts.com.
>
>I highly, highly, highly urge your to *NOT* configure your DMZ hosts
>in
>the kroffts.com domain -- especially, since your DMZ is running on an
>RFC 1918 network -- unless you get ns{1,2}.dnsexit.com to delegate a
>sub-domain to you. �And that is problematic, too, because of the
>private network.
>
>For now, try my suggested tinydns data changes, and see whether or
>not
>we get any closer.
>
>hth
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id�78&alloc_id371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
