Trepdation
Veteran X
OK so we have our company which we have primary zones for in DNS. Then we have our parent company in Japan that doesn't give us access to ANY of their shit. Not to mention the language barrier. They do have a handful of hosts that we connect to through a VPN tunnel device located onsite here and those IP's are not resolvable via internet DNS. The parent and ourselves are totally different forests and domain names so they can be considered just another company out there that certain sites we have privileged access through VPN.
The way it was set up before, was the previous guy set up a freaking zone for every host they gave us and it only contained one IP for that host.
I nuked all the secondary zones and created one with the name of the root zone: xxx.co.jp and made host records underneath that for everything we get to over VPN. This cleaned everything up a lot, but the problem is the mail servers are on that root domain and they are popping up subdomains named mfd.xxx.co.jp and haf.xxx.co.jp all of which use the MX records of xxx.co.jp.
So my mail gateways are all trying to query this castrated xxx.co.jp zone here on our dns servers, not finding the mx records (because its only stuff I entered) and email doesn't go out to them unless I specify the IP's for those domains directly on the gateways.
So how the hell do I set it up to look in that zone on our DNS and if it doesn't find what it's looking for look out on the net for it? I don't want to rely on me to have to change their mail gateway IP's every time the wind blows and I don't want to have all these floating one host zones replicating all over shit. I don't have any formal DNS training to figure out how to architect this any better, but I've been around this shit long enough to know there has got to be a better way without the ideal getting a zone copy directly from xxx.co.jp.
The way it was set up before, was the previous guy set up a freaking zone for every host they gave us and it only contained one IP for that host.
I nuked all the secondary zones and created one with the name of the root zone: xxx.co.jp and made host records underneath that for everything we get to over VPN. This cleaned everything up a lot, but the problem is the mail servers are on that root domain and they are popping up subdomains named mfd.xxx.co.jp and haf.xxx.co.jp all of which use the MX records of xxx.co.jp.
So my mail gateways are all trying to query this castrated xxx.co.jp zone here on our dns servers, not finding the mx records (because its only stuff I entered) and email doesn't go out to them unless I specify the IP's for those domains directly on the gateways.
So how the hell do I set it up to look in that zone on our DNS and if it doesn't find what it's looking for look out on the net for it? I don't want to rely on me to have to change their mail gateway IP's every time the wind blows and I don't want to have all these floating one host zones replicating all over shit. I don't have any formal DNS training to figure out how to architect this any better, but I've been around this shit long enough to know there has got to be a better way without the ideal getting a zone copy directly from xxx.co.jp.
Last edited:
