I got 3 Linux email servers, and only these 3 devices, behind a PIX 506E and the outside interface is connected directly to the Internet. Sending email to and receiving email from Internet is working fine.
But if the email servers send email to each other, using their public domain name, there would be a significant delay, say over 10 mins. I used the alias command in PIX and the email servers can resolve their domain names to their private ip successfully. So I think that's not owing to DNS problem.
If they're sending mail to each other, why is the PIX getting involved at all? If your network is that complex, you should be running a split DNS so that the internal DNS resolves to your private IP addresses instead of the public ones. Then you won't need the alias command either. I realize this doesn't solve your problem, but it's something to think about.
Maybe some clarification is needed. Say 3 email server A,B and C. I am meaning that a user account on email server A is sending email to a user account on email server B. So when server A wants to deliver the email, it tries to resolve the domain name of server B.
But I got into another problem now. Server A and B are working fine now, including sending email to each other. When A and B send to C, C cannot receive. But A and B can receive email sending from C. If I put C out of the PIX, everything is perfect.
I'm suspecting it is owing to DNS problem, coz if I do a nslookup, domain name of A is not resolved to an ip that I suppose it to resolve. Domain name of B even doesn't return an ip. Only that of C is resolved correctly. However, A and B can send and receive email from Internet!!
I tried to fix this by making a host file on each email server with their internal private ip. However, I can find by sniffer that they still send out a DNS request when they want to resolve the domain name of the email address. Local hosts file has already been set to the highest priority. Does anyone have any idea?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :