1

The setup:

The business runs an internal DNS server not accessible to the public internet. The business's domain is registered with a registrar and the authoritative name servers outside the local network. The local DNS server does not have MX entries. The authoritative name server do. When an email is sent from one host on the local network running an email server to another the MX records being resolved are that of an external IP. In this case an email filtering service. The path of the email then exits the local network where both hosts are and travels to the email filtering service. Its inspected as one would expect then routed back to the local network to be received by the intended host.

The question:

Is it inappropriate or problematic to add MX records to the local DNS server that differ from the MX records of the authoritative name server's records? If making that change is a viable option does it in fact keep the email contained in the local network if the local DNS server has MX records that point to a host on the local subnet?

Digital ink
  • 490
  • 10
  • 22
  • If this internal DNS server is merely a recursor this scheme is not going to work. – Mark Wagner Jul 15 '15 at 23:55
  • Good point Mark. I should clarify. The exterinal DNS server is responsible for foo.com. The internal DNS server is responsible for a.foo.com. The external DNS server has no delegation to a.foo.com. – Digital ink Jul 15 '15 at 23:59
  • 1
    This is called "split horizon" DNS and you are going to have to make the internal DNS server authoritative for foo.com and include all the records for foo.com, not just the MXes. (Typically: I'm only familiar with BIND and PowerDNS.) – Mark Wagner Jul 16 '15 at 00:06

1 Answers1

3

Q: Is it inappropriate or problematic to add MX records to the local DNS server that differ from the MX records of the authoritative name server's records?

A: No.

Q: If making that change is a viable option does it in fact keep the email contained in the local network if the local DNS server has MX records that point to a host on the local subnet?

A: Yes.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171