Dual NIC - /etc/hosts

[reza]

Hello,

What should the /etc/hosts include when the server has dual NIC? IP addresses of both of the NIC's aliased to the same machine? So if the mail server is mailhost.domain.com, should it be:

127.0.0.1 localhost.localdomain localhost
123.45.111 mailhost.domain.com # eth0
123.45.112 mailhost.domain.com # eth1

Thanks,
--
Reza

[uxbod]

What are you attempting to achieve with the two NICs ? Are they bonded together ? Primary and Standby ? Plugged into the same switch or different ones ? Need a bit more information please

[Bill Brock]

I run two NIC's, one on the internal LAN and one on the Internet. I have both IP in my hosts file.

The hosts file is checked before your system goes to it's designated DNS server(s). In reality, if your IP's are resolved through external DNS, they don't even need to be in the hosts file.

One way to do it would be to have your external NIC resolve via DNS and your internal via the hosts file.

[uxbod]

Quote:

Originally Posted by Bill Brock

The hosts file is checked before your system goes to it's designated DNS server(s).

only if your /etc/nsswitch.conf is at defaults. This can be overridden.

Why not just run a DNS with internal and external views ? That would sort it out then.

One further thing, if you mailserver is compromised having it dual connected that way creates a nice route into your internal network (unless the internal is also in a DMZ)

[Bill Brock]

In ten years, never had a mail server compromised. And all have run with internal and external NIC's and resolution handled as in my post. I would hope one would have a secure machine if he open's it to the Internet - secure passwords, tight firewall, etc. But everyone has their own preferred way to do it.

I hope when I post behind you you would not take it as a personal attack. I'm just trying to give back to the community. :-)

[uxbod]

Indeed we all are Bill

Though some people are at a different level of knowledge, and perhaps may just plug their cables straight into the outside world without locking everything down It was more of a re-iteration about security.

Both methods of resolution will work just fine, and it also depends on whether you are running a caching server aswell.

For us to fully answer we need more information about the setup as per my first post

Also, http://www.zimbra.com/forums/announc...r-profile.html please

[reza]

Thanks for the replies; we aren't attempting anything yet. The new box which will be the mail server is a dual core, dual NIC rack server so maybe a better question to ask is what would be the best use of the dual NICs? Machine is secure, it's a Debian behind a firewall, no extra services running etc. DNS is external, won't be having DNS running on the mail server.

We figured to maybe have one of the NIC's IP to be IMAP/POP and the other as SMTP? Is that possible? Any other better uses?

Thanks,
--
Reza

[uxbod]

If your switch can handle it why not just bond the two ? Dependant on how you are doing you backups you could have a seperate backup LAN. That way when you do backups to another system it will not effect the bandwidth of your mail stream.

[reza]

Switch can't handle bonding the two NICs.

Thanks,
--
Reza

[uxbod]

What speed are the NICs going to be connected to the switch ? If at a gig then you shall be hard pushed to max them out with email and web traffic IMHO. As Bill has said you could have one facing internal and the other external. Are the NICs onboard or seperate cards ?