PHWinfo - Afficher un message - Problem with sendmail when using microsoft DNS forwarders

20/09/2006, 00h16

PoDd wrote:
> Hi all,
>
> Our LAN is on a private subnet, behind a NAT enabled firewall. the DNS
> servers on this subnet are MS Windows 2000 domain controllers, that are
> configured as forwarders to our public DNS servers (not on the local
> subnet). All servers on the LAN subnet use these servers without
> problem for name resolution.
>
> However, I have root's messages aliases to my email account, and when
> the FreeBSD servers try and send mail to it, i get a "host name lookup
> failure" error message. AFTER it lists all the correct mailservers
> listed in the MX records of the domain my account is on.

Try some digs to make sure you're getting the right hosts. Try dig -t mx
@server domain on the internal and external DNS servers and compare the
result.

> If i configure the boxes to query the public servers in resolv.conf and
> not the local ones, it works fine!
>
> The public dns servers are authorititive for the domain my email
> account is on.
>
> Microsoft domain = domain.local
> BSD servers hostnames = bsd1.domain.net
> My email address = me@doamin.net
>
> Any would be greatly appreciated, as the machines need to
> reference some of the other local boxes using their local DNS names, I
> dont want to maintain complicated hosts files on a large number of
> servers and it would be a security risk to add a secondary copy of the
> private dns domain to the publice servers.

If the results to the dig above are not as expected, add the external
domains to the Win2k servers as secondaries and see if that resolves it.
You can also try playing with the hosts file on BSD box.

This sort of problem occurs because people often configure the Active
Directory domain to be the same as their Internet domain, and then
wonder why they can't see hosts configured in the external DNS servers
but not in the internal version of the domain, but you stated that you
internal domain was domain.local, not domain.com, so you should be in
the clear.

20/09/2006, 00h16	#3
Chris Martin Messages: n/a Hébergeur:	Re: Problem with sendmail when using microsoft DNS forwarders PoDd wrote: > Hi all, > > Our LAN is on a private subnet, behind a NAT enabled firewall. the DNS > servers on this subnet are MS Windows 2000 domain controllers, that are > configured as forwarders to our public DNS servers (not on the local > subnet). All servers on the LAN subnet use these servers without > problem for name resolution. > > However, I have root's messages aliases to my email account, and when > the FreeBSD servers try and send mail to it, i get a "host name lookup > failure" error message. AFTER it lists all the correct mailservers > listed in the MX records of the domain my account is on. Try some digs to make sure you're getting the right hosts. Try dig -t mx @server domain on the internal and external DNS servers and compare the result. > If i configure the boxes to query the public servers in resolv.conf and > not the local ones, it works fine! > > The public dns servers are authorititive for the domain my email > account is on. > > Microsoft domain = domain.local > BSD servers hostnames = bsd1.domain.net > My email address = me@doamin.net > > Any would be greatly appreciated, as the machines need to > reference some of the other local boxes using their local DNS names, I > dont want to maintain complicated hosts files on a large number of > servers and it would be a security risk to add a secondary copy of the > private dns domain to the publice servers. If the results to the dig above are not as expected, add the external domains to the Win2k servers as secondaries and see if that resolves it. You can also try playing with the hosts file on BSD box. This sort of problem occurs because people often configure the Active Directory domain to be the same as their Internet domain, and then wonder why they can't see hosts configured in the external DNS servers but not in the internal version of the domain, but you stated that you internal domain was domain.local, not domain.com, so you should be in the clear.