Currently, my firewall has an external DNS pointing to my ISP's DNS and the internal DNS pointing to my private network DNS. In addition, my gnatbox provides by domain DNS and cheats (blush) to satisfy the dual DNS requirement using an alias.
If my SMTP proxy is using the DNS for the RBL lookup, then is it using the DNS configured as the external DNS? If so, I wouldn't wan't to subscribe on behalf of all of my ISPs DNS clients. So that would mean, if I understand what you've said, that I should change my basic config DNS to reference the GNAT box DNS and have the GB DNS forward to the ISP DNS? Then my question remains, what IP is used for the queries outbound from my DNS? The DNS IP used to contact the DNS externally OR the primary address assigned to my EXT interface and hence used for NATed requests? Also, are you sure that the SMTP proxy uses a local DNS for the RBL query? My limited understanding of the RBL process would lead me to expect that the RBL DNS would be contacted directly as an alternate remote DNS by the SMTP proxy. The last time I dug into the DNS protocols, there was no provision for a piggyback lookup which is what would have to happen for a local DNS to forward to a named RBL server requesting information about a 3rd database item. Dave Morris On Fri, 11 Oct 2002, Chris Green wrote: > Your DNS server will be the one querying it. So if you are pointing the > firewall at itself for DNS, you will use your firewall IP. If you are > pointing it to your internal DNS server, you use the IP that the DNS > server will hit the net with, etc. > > Chris Green > > > -----Original Message----- > From: David Morris [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 11, 2002 7:02 PM > To: GnatBox Users Group > Subject: [gb-users] What IP does SMTP proxy use for RBL queries > > I'm strongly considering subscribing to one of the blacklists. For the > rationally priced services, I need to provide a single IP address from > which my proxy will query the service. > > Since I have multiple aliases, I'm not sure which will be used for the > query. Will it be the address associated with the email server or the > NAT > outbound address, or ??? > > Thanks, > Dave Morris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
