Re: [exim] check_srv anyone?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Edgar Lovecraft
Date:  
À: Exim users
Sujet: Re: [exim] check_srv anyone?
John Horne wrote:
>

..[snip]...
>
> In trying it out on one of our mailhubs I have already hit a problem
> with 2 sites. I'm not sure but it seems that MS Windows servers uses
> the, for example, '_tcp.plym.ac.uk' domain in dealing with ADS/accounts
> (maybe?). Access to the domain may well be restricted only to local
> users, i.e. no dns lookups allowed. As such check_srv gets a dns server
> failure and sends a 4xx code back (as far as I can tell). This seems to
> be the problem with the 2 sites we have, and I'm just wondering if using
> check_srv is worth the hassle (to put it bluntly!)?


That would be improper DNS setup for public internet hosts for the
Windows AD DNS structure. Not that this is by any means uncommon.

The DNS SRV records associated with Windows AD are there strictly for
the Windows AD clients and servers. They can of course be used for
other things, but in general that is all they are used for.

With Windows AD, the proper way to setup the DNS is so that the public
internet only sees information that it can use, pointed to servers that
it can see. In your case, it sounds to me that the server(s) in
question are pointing the DNS query to a server that is not publicly
accessable (at least for that information), and I would wager large sums
of money that even if you did get a response for the SRV record, in the
end, the data would try and point you to private IP space addresses,
and or networks and servers ;)

--

--EAL--

--