Roy Boverhof wrote:
> On 12/21/05, Chris Buechler <cbuechler at gmail dot com> wrote:
>> and there is very good reason for this, the servers need to be in
>> different physical and topological locations.  See RFC2182.  If you
>> don't have the resources to set up two physical locations, you should
>> put a server in colocation in another facility for your secondary DNS,
>> and as a backup for your other services.
>>
>> If you must completely disregard this, you'll either need a bridging
>> setup, or another NIC in your m0n0wall for this additional network.
>> Only one subnet per interface is allowed (without a router on that
>> segment) unless you're running a bridge.
> 
> I understand the normal reason for this, but when the main mailserver
> is in the same network as the main nameserver and this network goes
> down it doesn't matter if you have a secondary nameserver in another
> network since the sites and mail won't arrive anyway ;)

Just to point out... if SMTP connections aren't being accepted, then 
most mail servers will queue and retry later... but if DNS isn't 
responding at all, often mail is flat rejected/bounced-to-sender.  So 
having secondary DNS on a different network can be a very good thing.

> What if I changed the netmask to accept 212.102.x.x for my network?
> Since there is another router/firewall in front of my firewall (that
> my ISP uses) this should be a problem? (Or am I completely missing
> something here...hehe...)
> 
> Kind regards,
> 
> Roy
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 


-- 
Shaun Sutterfield
Pro Integrations
P.O. Box 340568
Sacramento, CA 95834-0568
(916) 564-6282
shaun at prointegrations dot com