From Halon Security

Lookup MX by appending a zone

As described in the Mail Gateway#Lookup MX] section, you may use alternative DNS servers for a mail transport to lookup MX records. This guide described how to create custom zones in [BIND].

Example Bind Configuration

This configuration is for [BIND], even if it may serve as a working configuration but you should still know what every parameter do.

/etc/named/named.conf

You should change the IP (1.1.1.1) to the IP of the SPG (as the nameserver sees it) to restrict access only to allow the SPG do to queries against "halonsecurity.com.customer.example.org".

options { directory "/etc/namedb"; }
zone "halonsecurity.com.customer.example.org" {
        allow-query { 1.1.1.1; };
        type master;
        file "halonsecurity.com.customer.example.org.zone";
};

/etc/named/halonsecurity.com.customer.example.org.zone

You should change all host names to match your configuration and also the IP (1.2.3.4) on the last line to the IP of your customers mail server.

$ORIGIN halonsecurity.com.customer.example.org.
$TTL    86400
@       IN      SOA     ns1.example.org. info.example.org. (
                        2009012101       ; serial number YYMMDDNN
                        28800            ; Refresh
                        7200             ; Retry
                        864000           ; Expire
                        86400            ; Min TTL
			)

	IN	NS	                 ns1.example.org.
	IN	MX	10               mx
mx	IN	A	                 1.2.3.4