On Wed, 15 Sep 1999, Greg Owen wrote:
> Xerox, and some other sites I've seen, use MX records to make mail
> routing administration easier. The mail store machine is the top priority,
> but only Xerox machines can reach it.
Well, then they've screwed up or they're lazy. If only Xerox machines can
reach it, only Xerox machines should see the MX -- certainly only Xerox
machines should see a TCP connect complete. They need a split DNS. Xerox
is a tech company. I work for a media/entertainment company which has had
split DNS for about 8 years. You'd think Xerox could figure it out.
> All internet hosts fail to reach it and must back off to the
> Internet-accessible corporate mail relays. By controlling this via DNS,
> control over mail delivery is in the hands of the individual
> organization rather than having a central mail authority need to know
> about every server in the company.
Cough. *BALONEY* Cough.
You can delegate subdomains, have multiple top domains, and delegate
portions of the internal DNS to other internal DNS authorities.
> It's arguably unfriendly and arguably stupid, but I've never seen an
> argument that claimed it wasn't legal. Two other sites which seem to be
> doing it are snet.net and viewlogic.com.
Hmm. What's more interesting is that a lot of the problem is Raptor (and
not proxy) specific. Gauntlet will refuse the connection, period, if the
connecting host is not allowed. Raptor, which seems to want to run its
proxies on *all* interfaces, has to use post-connect rules; that or the
admin has to use packet filtering to avoid the connect-and-drop behavior
(and most don't bother, more's the shame).
-M
Michael Brian Scher (MS683/MS3213) Anthropologist, Attorney, Policy Analyst
Mainlining Internet Connectivity for Fun and Profit
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Give me a compiler and a box to run it, and I can move the mail.
