Scribd Logo
Upload

Welcome to Scribd!

  • Split DNS - Zimbra

    Uploaded by

    ninovargas
    59 views6 pages
    Split DNS is a DNS installation where machines receive different IP address answers to queries depending on whether they are (commonly) inside or outside a firewall. This is because the Postfix mail system used by zimbra performs a DNS MX lookup for the Zimbra Server followed by a DNS A lookup when attempting to route email to the back-end message store. The DNS server frequently returns the external address of the mail host, not the internal address of the server.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Split DNS is a DNS installation where machines receive different IP address answers to queries depending on whether they are (commonly) inside or outside a firewall. This is because the Postfix mail system used by zimbra performs a DNS MX lookup for the Zimbra Server followed by a DNS A lookup when attempting to route email to the back-end message store. The DNS server frequently returns the external address of the mail host, not the internal address of the server.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    59 views6 pages

    Split DNS - Zimbra

    Uploaded by

    ninovargas
    Split DNS is a DNS installation where machines receive different IP address answers to queries depending on whether they are (commonly) inside or outside a firewall. This is because the Postfix mail system used by zimbra performs a DNS MX lookup for the Zimbra Server followed by a DNS A lookup when attempting to route email to the back-end message store. The DNS server frequently returns the external address of the mail host, not the internal address of the server.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Zimbra: Email and collaboration for the Post-PC era

    User Help | Forums | Blog | Contact Us | Buy Zimbra


    Learn
    Products
    Community
    Support
    Partners
    Downloads
    About
    Split DNS
    From Zimbra :: Wiki
    Contents
    1 Overview
    2 Configuring Bind on the Zimbra Server
    2.1 Install Bind on Red Hat Enterprise Linux
    2.2 Install bind9 on Ubuntu/Kubuntu Hardy Heron
    2.3 Edit the named.conf file
    2.4 Create a /var/named/db.server.example.com zone file
    2.5 Change /etc/resolv.conf
    2.6 Start named on the zimbra server
    2.7 Enable autostart of named on boot
    3 Configuring dnsmasq on the Zimbra Server
    3.1 Install dnsmasq on Debian GNU/Linux
    3.2 Edit the /etc/dnsmasq.conf file
    3.3 Edit the /etc/hosts file
    3.4 Edit the /etc/resolv.conf file
    3.5 Restart dnsmasq
    4 Verify that everything is working
    Overview
    Installations of Zimbra behind a firewall (or NAT Router) often require the creation of some form of split DNS, also called split-horizon or
    dual-horizon DNS. This is a DNS installation where machines receive different IP address answers to queries depending on whether they are
    (commonly) inside or outside a firewall and an IP address reply from the DNS server gives a Private Network IP address that is different than the
    Public IP of your internet connection. For further information on Private Network IP addresses see the following article: http://en.wikipedia.org
    /wiki/Private_network
    This is because the Postfix mail system used by Zimbra performs a DNS MX lookup for the Zimbra server followed by a DNS A lookup when
    attempting to route email to the back-end message store. Frequently, this is the same physical host as Postfix. The DNS server frequently returns the
    external address of the mail host, not the internal address. Depending on how the firewall and network are configured, the external address may not
    even be reachable from the mail host, and mail will not be delivered.
    Split DNS avoids this problem by providing an internal DNS server (this example uses bind or dnsmasq) that can be used to resolve the internal
    address of the server. This guide will detail how to set up a very specific, single-host DNS server (i.e. bind or dnsmasq) that can be installed on the
    Zimbra host itself so that it can resolve its own address. This should not be used for a multi-node Zimbra installation, and should not be used as the
    DNS server for any other hosts on your network.
    It is possible to use a generalized split-horizon DNS server to perform this function, but it will need to be set up differently, and many people
    recommend against it because even a couple ms of delay can be too much on a heavily loaded system. If you decide to use another DNS server on
    Split DNS - Zimbra :: Wiki https://wiki.zimbra.com/wiki/Split_DNS
    1 de 6 07/01/2014 17:31
    your LAN then any functioning DNS server that provides a LAN IP response for the DNS MX lookup of the Zimbra server will do (BIND, Active
    Directory, PowerDNS etc.), check the 'Verify...' section in this article for details on how to check that your DNS server is configured correctly.
    Attention! the use of Bind or dnsmasq are mutually exclusive, you have to setup one OR the other!
    Configuring Bind on the Zimbra Server
    Install Bind on Red Hat Enterprise Linux
    Use up2date to download bind from Red Hat Network.
    Install bind9 on Ubuntu/Kubuntu Hardy Heron
    apt-get install bind9
    You could also make sure it is installed from Synpatic Package Manager or Adept.
    Edit the named.conf file
    Substitute your fully-qualified server name for server.example.com
    If named runs in a chroot'ed directory (i.e. /var/named/chroot), named.conf should be placed in
    /etc/named/chroot/etc/named.conf and you should create a symbolic link to /etc/named.conf,
    i.e. ln -s /etc/named.conf /etc/named/chroot/etc/named.conf 1.
    or ln -s /etc/bind/named.conf /etc/bind/named/chroot/etc/named.conf 2.
    For Red Hat, edit: /etc/named.conf
    For Ubuntu/Kubuntu, edit: /etc/bind/named.conf.options
    // Default named.conf generated by install of bind-9.2.4-2
    options {
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    forwarders { <address of current DNS server> ; };
    };
    include "/etc/rndc.key";
    // We are the master server for server.example.com
    zone "server.example.com" {
    type master;
    file "db.server.example.com";
    };
    Make sure to set the forwarders to match the DNS servers currently in use on your system. The forwarders setting allows the server to query those
    DNS servers for any addresses for which it is not authoritative.
    Create a /var/named/db.server.example.com zone file
    If named runs in a chroot'ed directory /var/named/chroot, db.server.example.com should be placed in /etc/named/chroot/var/named
    /db.server.example.com and you should create a symbolic link to /var/named/db.server.example.com
    ;
    ; Addresses and other host information.
    ;
    @ IN SOA server.example.com. hostmaster.server.example.com. (
    10118 ; Serial
    43200 ; Refresh
    3600 ; Retry
    3600000 ; Expire
    2592000 ) ; Minimum
    ; Define the nameservers and the mail servers
    IN NS <internal address of server>
    yourdomain.com. IN MX 10 mail.yourdomain.com.
    mail.yourdomain.com. IN A <internal address of server>
    Split DNS - Zimbra :: Wiki https://wiki.zimbra.com/wiki/Split_DNS
    2 de 6 07/01/2014 17:31
    Change /etc/resolv.conf
    Change /etc/resolv.conf to use the Zimbra server as the primary DNS address.
    Also remember to change the search path to be the name of the Zimbra server.
    Start named on the zimbra server
    /etc/init.d/named start
    Enable autostart of named on boot
    chkconfig named on
    Configuring dnsmasq on the Zimbra Server
    dnsmasq is a very powerful tool that can provide basic dns services/caching, act as dhcp server and also as tftp server. It's also easy to setup. So you
    can use dnsmasq INSTEAD of bind following these instructions.
    Install dnsmasq on Debian GNU/Linux
    aptitude install dnsmasq
    Edit the /etc/dnsmasq.conf file
    Let's say that upstream dns are 8.8.8.8 and 208.67.222.222. Put only these lines in the config file:
    server=8.8.8.8
    server=208.67.222.222
    domain=yourdomain.com
    mx-host=yourdomain.com,mail.yourdomain.com,5
    listen-address=127.0.0.1
    Edit the /etc/hosts file
    The loopback line should look like this:
    127.0.0.1 localhost.localdomain localhost
    You need a line to resolve the IP of mail.yourdomain.com to the private IP of the zimbra server, so make sure you have:
    192.168.1.30 mail.yourdomain.com mail
    Edit the /etc/resolv.conf file
    To have the host resolv through dnsmasq, you have to set your localhost (127.0.0.1) as nameserver
    search yourdomain.com
    nameserver 127.0.0.1
    Restart dnsmasq
    To have the settings take effect, you have to restart dnsmasq
    /etc/init.d/dnsmasq erstart
    Split DNS - Zimbra :: Wiki https://wiki.zimbra.com/wiki/Split_DNS
    3 de 6 07/01/2014 17:31
    Verify that everything is working
    To verify that your configuration of DNS is correct you should run the following commands on the Zimbra server itself (the expected output is in the
    boxes below the commands).: This is true whatever DNS program you use for this kind of configuration (i.e. dnsmasq instead of bind9).
    dig yourdomain.com mx
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> yourdomain.com mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20907
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
    ;; QUESTION SECTION:
    ;yourdomain.com. IN MX
    ;; ANSWER SECTION:
    yourdomain.com. 7200 IN MX 30 mail.yourdomain.com.
    ;; ADDITIONAL SECTION:
    mail.yourdomain.com. 7200 IN A 192.168.1.30
    ;; Query time: 4 msec
    ;; SERVER: 192.168.1.10#53(192.168.1.10)
    ;; WHEN: Thu Jul 15 14:38:48 2010
    ;; MSG SIZE rcvd: 140
    dig yourdomain.com any
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> yourdomain.com any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36845
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 4
    ;; QUESTION SECTION:
    ;yourdomain.com. IN ANY
    ;; ANSWER SECTION:
    yourdomain.com. 7200 IN NS ns1.yourdomain.com.
    yourdomain.com. 7200 IN A 192.168.1.30
    yourdomain.com. 7200 IN SOA yourdomain.com. admin. 2010051304 10800 3600 1814400 7200
    yourdomain.com. 7200 IN MX 10 mail.yourdomain.com.
    yourdomain.com. 7200 IN NS ns2.yourdomain.com.
    ;; ADDITIONAL SECTION:
    mail.yourdomain.com. 7200 IN A 192.168.1.30
    ns2.yourdomain.com. 7200 IN A 192.168.1.11
    ns1.yourdomain.com. 7200 IN A 192.168.1.10
    ;; Query time: 11 msec
    ;; SERVER: 192.168.1.10#53(192.168.1.10)
    ;; WHEN: Thu Jul 15 14:38:52 2010
    ;; MSG SIZE rcvd: 367
    host $(hostname)
    mail.yourdomain.com has address 192.168.1.30
    NOTE: The host $(hostname) command should be typed exactly as you see, don't change the word "hostname" to anything else.
    You should also note that the output on your system may be slightly different than above examples but there should be an A record that points to the
    LAN IP address of your Zimbra server and an MX record that contains the FQDN (Fully Qualified Domain Name - that's the hostname plus the
    domain name and it's mail.yourdomain.com in the examples) of your Zimbra server.
    You should also make sure that the DNS server that is responding to your dig commands is the one you have configured on your LAN and it's the one
    that has your Zimbra server DNS records. If you see any IP that is not the correct LAN IP or the correct DNS server then you have entered the wrong
    information in your DNS configuration files.
    If you're asked in the forums to provide the information to confirm your DNS is correct then, in addition to the above information, you should also
    supply the output of the following commands (run on your Zimbra server):
    cat /etc/resolv.conf
    cat /etc/hosts
    In this article it's assumed that you're installing the DNS server on your Zimbra server so your resolv.conf should look like this:
    Split DNS - Zimbra :: Wiki https://wiki.zimbra.com/wiki/Split_DNS
    4 de 6 07/01/2014 17:31
    search yourdomain.com
    nameserver 127.0.0.1
    Although it's mentioned in other articles it bears repeating that your hosts file should look like this:
    127.0.0.1 localhost.localdomain localhost
    192.168.1.30 mail.yourdomain.com mail
    The line for the loopback adapter (127.0.0.1) should be formatted as shown. The hosts file should also be formatted as shown and have the LAN IP of
    your Zimbra server (as shown in the DNS records) and contain the hostname (mail) and your domain name (yourdomain.com) which gives you the
    Fully Qualified Domain Name (FQDN) of your server 'mail.yourdomain.com'.
    If you have a number of servers inside the firewall that need to use internal addresses to communicate to each other, you should consider setting up a
    full internal DNS server that can be authoritative for the whole domain. This example is not suitable for this task.
    For information on performing the same task w/ TinyDNS / DJBDNS: http://www.fefe.de/djbdns/#splithorizon
    Additional Information: Zimbra Power Tip: http://www.zimbra.com/blog/archives/2007/06/making_zimbra_bind_work_together_1.html
    Verified Against: unknown Date Created: 10/5/2006
    Article ID: http://wiki.zimbra.com/index.php?title=Split_DNS Date Modified: 02/28/2012
    Retrieved from "http://wiki.zimbra.com/index.php?title=Split_DNS&oldid=37721"
    Category: Troubleshooting Server
    Zimbra.com
    |
    Popular Searches
    |
    About Zimbra
    Learn
    What is Zimbra?
    Benefits
    Demos and Videos
    Industry Solutions
    Customers
    Case Studies
    Awards
    Products
    Zimbra Collaboration Server
    Zimbra Cloud and Virtualization
    Zimbra Open Source
    Zimbra Desktop
    Compare Products
    Pricing
    Whats New
    Downloads
    Community
    Forums
    Documentation
    Wiki
    Blog
    Gallery
    Submit Bug
    Release Status
    Developer Zone
    Contribute
    Split DNS - Zimbra :: Wiki https://wiki.zimbra.com/wiki/Split_DNS
    5 de 6 07/01/2014 17:31
    Support
    Zimbra Support Program Overview
    User Help
    Zimbra Customer Support Portal
    Partners
    Zimbra Hosting Providers
    Zimbra VARs
    Zimbra Training Providers
    Resources For Partners
    About
    Careers
    News
    Events
    Webinars
    Media
    Contact Us
    Twitter
    LinkedIn
    Facebook
    Email Software
    Email Hosting
    Zimbra Mail Server
    Email Archiving and Compliance Software
    Calendar and Collaboration
    Microsoft Outlook Alternative
    Zimbra for BlackBerry & iPhone
    Secure Email & Anti Spam
    Unified Messaging
    Zimbra is open source server software for email and collaboration - email, group calendar, contacts, instant messaging, file storage and web
    document management. The Zimbra email and calendar server is available for Linux, Mac OS X and virtualization platforms. Zimbra syncs to
    smartphones (iPhone, BlackBerry) and desktop clients like Outlook and Thunderbird. Zimbra also features archiving and discovery for compliance.
    Zimbra can be deployed on-premises or as a hosted email solution.
    Zimbra Desktop is a free email and calendar client which runs on any Windows, Apple or Linux desktop computer. It works online and offline and
    works with any POP or IMAP email account as well as Yahoo! Mail.
    Split DNS - Zimbra :: Wiki https://wiki.zimbra.com/wiki/Split_DNS
    6 de 6 07/01/2014 17:31

    You might also like