Re: Internal/External DNS

In news:BF69264F-2858-4080-9AB3-D02018DD954A@xxxxxxxxxxxxx,
Milton F. Lopez <MiltonFLopez@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Ace,
Thanks for the reply. I understand the internal servers should not
respond with the external address, but the Sophos people inisist they
must be doing this when the problem happens. It has only happened
twice in about a month, by the way. Before I can reply to them, I
need to eliminate the possibility of some kind of glitch or bug that
might cause the query for a name in the local zone to be forwarded
under some conditions. The only option I see is to get an expert
opinon to the effect that no such thing exists - period.

To answer your questions, the external DNS server's IP is not listed
under the Nameservers tab under the zone's properties on the internal
DNS servers - only the internal servers themselves are shown there.
The Forwarder is not it a Conditional Forwarder. Only 'All other DNS
domains' is visible under "DNS domain".

Thanks again.

I assure you, no such thing exists with MS DNS, which any of the MVPs and
Microsoft engineers monitoring these threads familiar with MS DNS will tell
you that. However in BIND, you can tell it to look elsewhere first instead
of itself, if so desired, then look to it's own zones, but MS DNS looks
elsewhere first only.

Here's BIND's forwarding settings:
http://www.akadia.com/services/howto_forward_dns.html

Here's MS DNS:
http://207.46.196.114/WindowsServer/en/library/a3cf0184-0594-4e78-8247-609f038434381033.mspx

Something else is going on. I assume there is absolutely no relationship
between the internal DNS and the external DNS, eg, stubs, secondaries, etc,
between th einternal to external and vice versa? Nothing in the Root hints
in the DMZ server?? I'm just asking these questions to uncover any possible
unturned stone.

Try testing it with using telnet to the Postfix box by using IP and name and
see what type of results are obtained.

If you desire additional expert opinion, you can log a call with MS PSS.
Please check http://support.microsoft.com for regional support phone
numbers. I believe it's approx $250.00 USD for the call.

On a personal note, I've seen issues with Postfix, well let me re-phrase
that, I've seen issues that we could not resolve and the only thing
different is Postfix was involved. Please keep in mind, I am not knocking
Postfix. I am just relating an experience. One of our clients (whom I'll
refer to as "us," "we" or "ours"), that does not use Postfix, is having
intermittent issues with a company that does use Postfix. We have a policy
in place that all email between this company and the other company using
Postfix must be encrypted using TLS. Every once in awhile, a TLS command is
sent, (how TLS normally works) to the other company using Postfix.
Intermittenly Postfix on their end drops it for no apparent reason. The
error stated by Postfix in the session response according to our logs, says
Postfix could not verify our certificate (it's a Verisign cert). Therefore
it drops the connection. Unfortunately the issue is NOT occuring with 12
other companies that we have the same exact policy with. We've never seen it
before. The only thing different with the 12 other companies is none of them
are using Postfix. So we really didn't have a point of reference or history
to help us resolve it other than what we saw in our logs. Of course that
company logged a call with Postfix, as well as we logged a call with our
vendor for our product. Guess what Postfix told the other company? They said
it was not their fault and something on our end. It never got resolved. The
problem still occurs intermittently and only with them. Quite unfortunate.
I'm not knocking it, just relating an experience.

I'm also not saying it is related to your issue. I am curious as to the root
of the problem. Maybe try a different forwarder than your own DMZ DNS? Try
4.2.2.2 for a spell and see if the same issue occurs.

Ace


.

Relevant Pages

  • Re: [SLE] Postfix question
    ... >>drop the mail because the DNS didn't give it one, ... Where and why couldn't Postfix find the DNS. ... The DNS for my ISP ... This DNS could not find the name postfix wanted to find, or the DNS server ...
    (SuSE)
  • Re: [SLE] Postfix question
    ... Will let the list know their response. ... >>drop the mail because the DNS didn't give it one, ... Where and why couldn't Postfix find the DNS. ... If one of the DNS server doesn't answer (usually the one responsible ...
    (SuSE)
  • [SLE] Slow Postfix
    ... Aprox: 150.000 virtual users. ... DNS, etc, but.. ... work just with postfix... ... and with 2 or 70 connections it is the same, ...
    (SuSE)
  • Re: [opensuse] 10.2 Postfix question
    ... rejected because of the postfix from=my user@my local domain. ... Invalid sender domain (in reply to MAIL FROM command) ... Remote-MTA: dns; smtp.postoffice.net ...
    (SuSE)
  • Re: Internal/External DNS
    ... local zone to be forwarded under some conditions. ... the external DNS server's IP is not listed under ... only the internal servers themselves are shown there. ... a Conditional Forwarder. ...
    (microsoft.public.windows.server.dns)