Adding the secure mail server to the firewall domain name server

Note:You need to complete this step only if you DO NOT have an internal DNS.

If your secure network does not have a DNS server, you must update the firewall DNS server configuration. You must add records to the DNS server configuration so that it can resolve the secure mail server name to its IP address. You must add a mail exchanger (MX) record and an address (A) record to the DNS server that runs on the firewall. The MX and A records point to the secure mail server on your internal network. In this scenario, these records point to the firewall home AS/400 system. If the secure mail server is on another system, the records should point to that system's IP address.

To add the required records, follow these steps:

  1. In your browser, go to the following Web address: 
    http://firewall.private.mycompany.com:2001/cgi-bin/db2www/fsdns.mac/main

    to display the Advanced Domain Name Settings page.

  2. Click the Domain button to display the Resource Settings page.
  3. Select the MX record (for example, mycompany.com. IN MX 0 FIREWALL.mycompany.com.) in the list box and click the Insert button. This allows you to insert another MX record for the secure mail server after the selected record. The Change Advanced DNS Settings Page (Part 1 of 2) displays.
  4. Select MX as the Record type and click the OK button to view the Change Advanced DNS Settings (Page 2 of 2) page. Do not enter any other information on the first page.
  5. Type information that is appropriate for your scenario into the following fields and click the OK button to add the record.
    Important:Do not forget the trailing dot (.) at the end of the domain name.
  6. Click the OK button to display the Update DNS Settings page.
  7. Click No so that no changes are made at this point. You must add another record first.
  8. Select an A type record (for example, WWW IN A 108.222.150.2) from the list box and click the Insert button. This allows you to insert an A (address) record for the secure mail server. The Change Advanced DNS Settings Page (Part 1 of 2) displays.
  9. Select A for the Record type and click the OK button to view the second Change Advanced DNS Settings Page (Part 2 of 2).
  10. Type the information that is appropriate for your scenario into the following fields and click the OK button to add the A record.
    Important:Do not forget the trailing dot (.) at the end of the domain name.
  11. Click the OK button to display the Update DNS Settings page.
  12. Click Yes to update the firewall DNS settings.
Note:If the internal mail server is the firewall home AS/400 system, the firewall must send mail to AS/400 over the internal LAN connection. Use the AS/400 IP address that you assigned to the *INTERNAL port in the address (A) record. If the internal mail server is not the firewall home AS/400 system, use the corresponding IP address for that host.

To ensure that you have entered the new records correctly, review the named.dom file. This file contains all the records that the firewall DNS server uses. Ensure that all the records that require trailing dots (.) have them. You can do this by using the browser interface or by using an AS/400 command.

To review the named.dom file from the AS/400 system, type: 

SBMNWSCMD CMD('type e:\mptn\etc\namedb\named.dom')SERVER(FIREWALL)

Where FIREWALL appears in the command, type the name that you assigned to your firewall. The AS/400 sends the results of the command to the job log. You may want to print the job log and keep it as documentation. The results in your job log should look similar to the ones in the example below: 

; Last Update: 19971209 18:44:19 adan                                       
; Created by IBM Firewall for AS/400 0973370719                             
@ IN SOA FIREWALL.mycompany.com. postmaster.mycompany.com. (0973370719      
  3600 600 360000 86400)                                                    
 IN NS FIREWALL.mycompany.com.                                              
mycompany.com. IN MX  0 FIREWALL.mycompany.com.                             
home400.private.mycompany.com.   IN MX 0 home400.private.mycompany.com.     
FIREWALL.mycompany.com. IN A 208.222.150.11                                 
www IN A 208.222.150.2                                                      
home400.private.mycompany.com.  IN A 192.168.12.1                           
Command submitted to server FIREWALL.
Note:
  • If you use the DNS configuration option, you lose any entries that you make through the Advanced Domain Name Server Settings. You should record any changes that you make through Advanced Domain Name Server Settings so that you can reapply them if you use the DNS configuration option.
  • Hosts in the Internet can query the IP address of the internal mail server because the firewall combines internal and external DNS functions. However, the filter rules that you create during Basic configuration prevent Internet users from accessing your internal mail server.

When you finish configuring your firewall, you must configure clients on the secure network to use it to access Internet services.

[ Information Center Home Page | Feedback ] [ Legal | AS/400 Glossary ]