An odd problem, and solution?

[zetetic]

one line summary: Trying to streamline access via dns and possibly some scripting, or .

Internal mailserver on a static local address (more info about this setup and why a couple paragraphs down!)

For desktop Macs, I can put in the local ip or private hostname and all works fine, obviously the latter gives me more flexibility, but that’s aside from the main point.

For laptop users, a local hostname will not resolve publicly, and although the public hostname resolves correctly (privately or publicly) via a dynamic dns service, I believe the connection is denied at the router since it looks like a spoofed packet. Unless the machine is truly outside the network, then it works. So far this is a routing and not a dns issue strictly, though I’m wondering/hoping for some fancy dns work to make this happen.

This is a small operation, really only 6-7 users and a couple with laptops. I’d like the laptop users to have the easiest experience possible. I’m afraid the only answer might be “do it the [b]right[/b] way, buddy.” I have a similar setup at home; I want the flexibility of my own server and with IMAP capabilities mixed in (plus unlimited space, yay!) but I don’t need and in fact via my cable modem agreement am restricted from running a full-fledged public email server (nevermind mx record “blah” in case my IP changes). This one downloads via pop3 and sorts into mailboxes from there. i.e. full network availability of a high-traffic server without the cost of co-hosting or paying per month for services.

Personally I think that’s a pretty nifty setup for the right kinda business and situation. The one big flaw is access. Two workarounds:
– Use network locations for “local” and “outside,” the local one pointing to a dns server resolving custom.dyndns.org to the private local address, and the “outside” location using a dns server with the public ip (and port mapping, easily done). The mail client won’t know the difference. But this is a manual change. I’m fine with this but I’d like to make it as transparent as possible!
– Setup two email accounts for every mailbox they have, one with the local and one with the public address. A bit clunky but technically it works. Not a huge fan of this.

After a bit o’ searching I found a batch file which pings a local address and if it’s up, modifies windows’ system32/drivers/etc/hosts file to resolve custom.dyndns.org to the private local address, and if there is no (quick?) response it changes the hosts file to reflect the public IP resolution. Buuut that’s a batch file and does me no good on tiger. And I’m no programmer.

[i]Is there another way to do this? Can anyone verify this would be possible?[/i] If I need to write some code I have a friend who might be able to (I’ve worked with him on projects in the past).

Thanks all!

[zetetic]

Thank you!! I will try this immediately.
Proper ways of doing things ftw. 😀

ps – I searched all over the forums for the best practices articles, wasn’t until you mentioned it this morning I thought to search the site in general (I found ’em). Maybe I’m just blind (possible!) but I wonder if a link in the forums to those articles would help? They’re mentioned all the time but no one links them.

[zetetic]

Update… not sure I really understand dns views.

I get the point of them, and in fact successfully setup a server which does respond with the local IP of the FQDN if queried locally, but the external ip if quered from any other subnet (i.e. externally). When thinking about actually implementing this, I realized I’m just running into the same problem again. Only this time with the dns query instead of imap service: packets intended for the source ip are discarded due to security concerns.

Secondary dns servers do respond after a delay, so technically I could just put the local dns server ip in first and the external second (with a tertiary for backup), but practically speaking the initial fail-over delay is too long for everyday use. I ended up making locations for an OS X user, which works okay but isn’t as seamless as I was hoping for.

Was I anticipating too much? What would a PC user do, with location support (afaik) not as good as OS X’s?

Thanks again for thoughts and suggestions, very much appreciated

[Author]

Posts