In SIMS Digest #1540, Bill Cole <[EMAIL PROTECTED]> wrote: >>[stuff deleted] >>BUT IT IS! The IP address in the packet (10.10.20.1) resolves correctly >>to that name. > >But whoever owns that domain says that its address is 216.17.75.210. > >(I am guessing that might be you...)
Yes, it is. Because I'm running a split DNS, for _you_ "lalonde" resolves to 216.17.75.210. From where I -- and SIMS -- sit (internally), "lalonde" resolves to 10.10.10.1. >SIMS doesn't do reverse lookups, because reverse lookup are generally >meaningless. SIMS already knows that you are using that IP address, so there's >a reasonably good chance that you can make the reverse lookup say whatever you >want it to say. The HELO argument check is a forward lookup to verify whether >you MIGHT be lying about your name: if it checks out then it is certain that >whoever controls the name agrees with the user of the IP address on that >mapping. Ah, of course! It is my current architecture that causes this...... Because I foresee a day when I will have more machines on "internal" network, I wanted to set up the IP addressing such that when I _do_ stick a router in place between my firewall and other "internal" network segments, I won't have to go around and re-do the TCP/IP settings on all my Macs. To accomplish this, the firewall itself (which is also my DNS server) is 10.10.10.1. I plan on having the interface of the (future) router on the side that "faces" the firewall be 10.10.10.2, and the interface on the side that "faces" the "internal" network be 10.10.20.1. So, in TCP/IP settings, the DNS server is 10.10.10.1, and the gateway is 10.10.20.1. Since I don't have that router yet, 10.10.20.1 is an alias IP address on the "internal" interface of the firewall. And that explains the why I'm getting the message; the internal DNS resolves "lalonde.michael-pasek.net" to 10.10.10.1 (its _native_ address), while the SIMS box sees 10.10.20.1 (the firewall TCP/IP software, if there are multiple IP addresses for an interface, will use the one most appropriate as the source -- since I'm sending to SIMS at 10.10.20.2, it will use the 10.10.20.1 address as the source, rather that its native 10.10.10.1). >[intervening stuff deleted] > >Given your protected situation, SIMS 1.7 is not broken (since the only changes >I can recall are meaningless to a protected machine) but the upgrade takes >about 20 seconds longer than the download time. And it won't change this >behavior. Actually, I've already downloaded it, just haven't upgraded it yet. Thanks for your on-the-mark response, Bill! Michael A. Pasek Pasek Consulting, Inc. 9741 Foley Boulevard NW Coon Rapids, MN 55433-5616 (612) 597-5977 [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
