--
lør, 2002-09-07 kl. 10:21 skrev Dan Birchall:
> The Exim servers, of course, need to be visible,
> but they also have interfaces in RFC1918 land.
> However, being in the DMZ, they do not (and by
> the company's security policy, should not)
> have access to any nameserver capable of
> finding/resolving the Exchange box.
Hi Dan!
Quite independently from Shuresh's answer, which is good and minted on
Exim, I'd suggest, as DNS man and with a laptop that sometimes needs to
determine its own fate in this cruel, cruel world: Either:
1: Become the person in your company who determines the security policy
and adjust this to your needs;
or:
2: Run your own name server on one of the Exim machines, that has one
single Exim server address as root server and is authoritative for your
particular rfc1918 land. Use it as forwarder on the other Exim servers.
Do note that none of the proper internal DNS servers will take the
blindest bit of notice of this setup, it's your little secret.
> I'm sure *somebody* out there has encountered
> this, and solved it, before. :) Any pointers?
I've had it in the past at work (thank heavens no longer), but I'm
forced to do this for my laptop, which is sometimes standalone and
sometimes connected to different networks (something to do with TLS
recognizing signers of CA certificates) and it works very well.
May the Force be with you.
Tony
--
Tony Earnshaw
The usefulness of RTFM is vastly overrated.
e-post: tonni@???
www: http://www.billy.demon.nl
gpg public key: http://www.billy.demon.nl/tonni.armor
Telefoon: (+31) (0)172 530428
Mobiel: (+31) (0)6 51153356
GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981
--
Content-Description: Dette er en digitalt signert meldingsdel
[ signature.asc of type application/pgp-signature deleted ]
--