On Fri, 2008-09-05 at 10:16 -0700, Hal Pomeranz wrote: > > I have lazy client that doesn't want to change 3 letters. > > > > The situation is they have laptop clients that need to check their email > > in the office and remotely. In the office the serve is mail.domain.loc. > > Outside the office it is mail.domain.com. The firewall (Cisco) doesn't > > allow the request to go out and back in. > > > > How do I change named so mail.domain.com works in the office too? I > > tried this line but no joy. > > mail.domain.com. IN A 192.168.1.10 > > > > I don't care if it's an A record or cname. > > Typically the way this is handled is via "split-horizon" (aka > "split-brain") DNS. You maintain one version of the domain.com zone > that you publish externally and a second version only for the > consumption of internal people. Usually this means running two > separate sets of name servers, though BIND on Unix does allow you to > use "views" so that a single name server can provide both versions of > the zone (though I actually don't recommend it in practice because of > the potential of accidentally leaking information due to > misconfiguration). > > I believe the O'Reilly DNS and BIND book has some words of wisdom > on setting up split-horizon, and you could probably Google and find > lots of hits, including the talk I gave for EUGLUG many moons ago: > > http://www.deer-run.com/~hal/EUGLUGBINDTalk.pdf > I found the answer. Groupwise uses a DNS entry called ngwnameserver. If you give the laptop guys the external address, mail.domain.com, the client falls back to ngwnameserver when it can't find the .com address.
I added that DNS record, the sun started shining. The birds are singing. The flowers are blooming ... Thanks guys. Bob C _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
