dns  A record , MX record and linux mail server

D_wathi
D_wathi used Ask the Experts™
on
Dear Experts:

I have installed the zimbra mail server zcs network edition .

Ubuntu host name : orangesrv.mydomain.com after sucesssful installation of split dns and zimbra now it working fine, now i would like to make the webmail accessible like the below
 mail.mydomain.com  (From orangesrv.mydomain.com  to mail.mydomain.com)

Please suggest me how to do this , posted below the /etc/hosts/ and split dns config for your reference.
-------------sudo/etc/hosts------------------------------------
127.0.0.1       localhost.localdomain                   localhost

127.0.1.1       orangesrv.mydomain..com        orangesrv
192.168.1.230   orangesrv.mydomain.com        orangesrv

--------------------/etc/bind/db.mydomain.com---------------------
;

; BIND data file for mydomain.com

;

$TTL    604800

@       IN     SOA    orangesrv.mydomain.com. admin.mydomain.com. (

                         2011051700         ; Serial

                         604800         ; Refresh

                          86400         ; Retry

                        2419200         ; Expire

                         604800 )       ; Negative Cache TTL

;

@               IN      NS      orangesrv
                IN      MX      20 orangesrv
                IN      A       192.168.1.230

orangesrv      IN      A       192.168.1.230

Request you to please check the above config and correct me if anything wrong also please suggest me how to change from orangesrv.mydomain.com to mail.mydomain.com. Please help. Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Append a CNAME record, pointing the host name "mail" to "orangesrv", to the end of your BIND zone file:

mail       IN     CNAME  orangesrv

Now anyone using the URL http://mail.mydomain.com will actually connect to the IP address for orangesrv.
Also, in case you aren't aware of how to update a zone file, you must increment the serial number (e.g., from 2011051700 to 2011051701) and then restart DNS or trigger DNS to reload the zone.

 -mel

Author

Commented:
Sir, Thanks for the reply. is it like the below

;

@               IN      NS      orangesrv
                IN      MX      20 orangesrv
                IN      A       192.168.1.230

orangesrv      IN      A       192.168.1.230
mail             IN     CNAME  orangesrv

------------------------------------------------------
Please suggest me is the above correct

Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Sir, request to suggest me in the previous post also please suggest me is it required to add an entry of mail in the /etc/hosts
Kerem ERSOYPresident

Commented:
Hi,


First of all why do you need to add your hostname to the locaclhost IP. This is  one culprit which results in  messed up services. This is the first thing system administrators remove after the initial install. So I'll suggest you to remove this line immediately !!!


$TTL    604800

@       IN     SOA    orangesrv.mydomain.com. admin.mydomain.com. (

                         2011051700         ; Serial

                                604800         ; Refresh

                                  86400         ; Retry

                              2419200         ; Expire

                               604800 )       ; Negative Cache TTL


                IN      NS      orangesrv
                IN      MX      20 orangesrv
                IN      A       192.168.1.230

orangesrv      IN      A       192.168.1.230

Open in new window


The syntax you ahve used is generally correct. But you don't need "@" macro before the NS record.  Since you don't have anything after SOA the NS definition already belongs to your domain. So there's no need to expand the macro again.

Though syntactically correct the your TTL is very high. According to RFC 2308 it should be 1-3 hours. Which I prefer 2 hours personally.

 

Author

Commented:
Sir, Iam very much happy to get a reply, Thank you very much. Finally please also suggest me is the below correct
-------------------------sudo vim /etc/bind/db.1.168.192.in-addr.arpa-----------------------
$TTL 3D
@               IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051702    ; Serial
                               8H      ; Refresh
                               2H      ; Retry
                               4W      ; Expire
                               1D)     ; Minimum TTL
                        NS      orangesrv.mydomain.com.
1                       PTR     localhost.
---------------------------------------------------------------------------------------------------------

Request you to please correct if the above is wrong , also i followed a weblink to do so i did not understand the host id 1  ( 1            PTR localhost)  is this required.
Please help. Thanks in advance.
Kerem ERSOYPresident

Commented:
You're welcome. I like DNS and bind so this is my pleasure.

This is the contents of "0.0.127.in-addr.arpa" zone. Normally it includes only the localhost It will work but the correct syntax would be:

$TTL 3D
@               IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051702    ; Serial
                               8H      ; Refresh
                               2H      ; Retry
                               4W      ; Expire
                               1D)     ; Minimum TTL
                   IN     NS      orangesrv.mydomain.com.
1                 IN     PTR     localhost.

Open in new window


This zone is only reverse dns for the localhost i.e., to respond nslookup 127.0.0.1 so that it will return localhost.

As you know reverse DNS is converting addresses to domain names. and each IP range will find its way into their zone file. It is obvious that you won't have one for the IP range 127.0.0.x so by default BIND implements it so that you can also resolve 127.0.0.1. Nothing more and no big deal..

Cheers,
K.



Author

Commented:
Sir, Thanks for the reply, the above dns configurations  which i posted and suggested from you is for the mail server behind the firewall (split dns).Please confirm will this work fine. Thanks
Kerem ERSOYPresident

Commented:
Hi,

It will work but you'll need one more zone "1.168.192.in-addr.arpa" the contents would be:

$TTL 7200
@                  IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051701    ; Serial
                               3600       ; Refresh
                               1800      ; Retry
                               4W         ; Expire
                               7200)     ; Minimum TTL

                       IN     NS      orangesrv.mydomain.com.
230                 IN     PTR     

Open in new window

I recommend making no changes to the 0.0.127.in-addr.arpa zone file. The db.mydomain.com zone file is correct where you added the CNAME record. Have you tested that and is it working?
Kerem ERSOYPresident

Commented:
BTW in my note I forgot to mention in my note. Please *NEVER* use a CNAME for an e-mail server. Especially if it is at the Internet side and DNS server. Servers receiving mail from your server generally check your reverse DNS and most reject mail coming from a server with a CNAME and reverse DNS is always unresolvable wth a CNAME. The same applies to DNS too. Besides according to RFC's it is illegal to specify a CNAME for an e-mail server.

Cheers,
K.


KeremE, please note that in this case the CNAME is being used for WebMail, not SMTP, so your warning does not apply. Reverse DNS will not be affected by this, since the author points out that this is split DNS on the inside of the network, not on the public facing side.

A CNAME is the correct way to accomplish access of the Zimbra web interface from the inside network via mail.mydomain.com.
Kerem ERSOYPresident

Commented:
Zimbra webmail does not require another servername to work. If there's this cname then he should assignt the name inszide zimbra too. Why woould he bother with that ??

whan it comes to CNAME it was a general warning and it iss never suggested to use a CNAME for neither a web server nor a DNS server (also it is illegal according to the RFCs)
Kerem ERSOYPresident

Commented:
Besides I'd already removed the CNAME in my note http://#35778574 just forgot to add the logic behind it.

Author

Commented:
Sir, Thanks all for the reply, i did

----------------/etc/bind/"1.168.192.in-addr.arpa"

$TTL 7200
@                  IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051701    ; Serial
                               3600       ; Refresh
                               1800      ; Retry
                               4W         ; Expire
                               7200)     ; Minimum TTL

                       IN     NS      orangesrv.mydomain.com.
230                 IN     PTR    

-----------------------
After this when done nslookup mydomain.com
/etc/bind$ nslookup shriramproperties.com
Server:            192.168.1.230
Address:      192.168.1.230#53

** server can't find mydomain.com.mydomain.com: SERVFAIL

Please suggest me to fix this. Thanks in advance.






D_wathi,

 Your nslookup is on shriramproperties.com. Is that the domain name you intend to look up? i.e., is that the actual domain name represented by mydomain.com? If so, then your split DNS is not working correctly. I can lookup up that domain on the public Internet, and the host orangesrv.shriramproperties.com as well. So outside DNS is functioning, but there my be a typo in your inside DNS zone file causing it to be rejected by DNS. Check the named log file (possibly in /var/log/named.log).

Author

Commented:
Sir, Thanks for the reply, yes sir it is mydomain.com as i did not want to put actual domain as google search from will point it.

I think after changing
------------------------sudo vim /etc/bind/db.1.168.192.in-addr.arpa-----------------------
$TTL 3D
@               IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051702    ; Serial
                               8H      ; Refresh
                               2H      ; Retry
                               4W      ; Expire
                               1D)     ; Minimum TTL
                        NS      orangesrv.mydomain.com.
1                       PTR     localhost.
---------------------------------------------------------------------------------------------------------

TO

$TTL 7200
@                  IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051701    ; Serial
                               3600       ; Refresh
                               1800      ; Retry
                               4W         ; Expire
                               7200)     ; Minimum TTL

                       IN     NS      orangesrv.mydomain.com.
230                 IN     PTR    


This happened can you please correct me in this, please.





That is the IN-ADDR domain, and isn't used by forward lookups (e.g., of mydomain.com). So I don't think that's the problem. Did you check the named log file for errors? Try restarting DNS and then see if any errors are logged.

 -mel

Author

Commented:
Thanks for the reply,

/etc/bind/db.mydomain.com-------------
;
; BIND data file for mydomain.com
;
$TTL    604800
@       IN     SOA    orangesrv.mydomain.com. admin.mydomain.com. (
                         2011051707         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

                IN      NS      orangesrv
                IN      MX      20 orangesrv
                IN      A       192.168.1.230
mail            IN      CNAME   orangesrv
-----------------------------------
please suggest me if changes required. Thanks~                                                  


You are missing the A record for the orangesrv host. Reinsert that and it should be fine.

Author

Commented:
-------------------/etc/bind/db.mydomain.com
;
; BIND data file for mydomain.com
;
$TTL    604800
@       IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                         070725         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      orangesrv
        IN      MX      10 orangesrv
        IN      A       192.168.1.230
orangesrv    IN      A       192.168.1.230
---------------------------------------END--------------------------------

------------------------------ /etc/bind/db.1.168.192.in-addr.arpa-----------------------------------

$TTL 3D
@               IN      SOA     orangesrv.mydomanin.com. admin.mydomain.com. (
                               1       ; Serial
                               8H      ; Refresh
                               2H      ; Retry
                               4W      ; Expire
                               1D)     ; Minimum TTL
                        NS      orangesrv.mydomain.com.
1                       PTR     localhost.
-----------------------------------------------------END----------------------------------------------------

After doing the above , now the resolve to the local ip is happening, please suggest.
Kerem ERSOYPresident

Commented:
Ooops sorry my bad. Please modify the zone file as below:

$TTL 7200
@                  IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051701    ; Serial
                               3600       ; Refresh
                               1800      ; Retry
                               4W         ; Expire
                               7200)     ; Minimum TTL

                       IN     NS      orangesrv.mydomain.com.
230                 IN     PTR    [b]orangeserv.mydomain.com.   [/b]

Open in new window

Now you are missing the cnamr record. Can you put that in as well?
Kerem ERSOYPresident

Commented:
This is  wrong. You should have 3 files:

- Zone file: db.mydomain.com
- Reverse zone file for 0.0.127.in-addr.arpa : db.0.0.127.in-addr.arpa (which you are currently missing)
- reverse zone file  : db.1.168.192.in-addr.arpa

The contents should be:

1) db.mydomain.com
;
; BIND data file for mydomain.com
;
$TTL    604800
@       IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                         070725         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
                 
                    IN      NS      orangesrv
                    IN      MX      10 orangesrv
                    IN      A       192.168.1.230
orangesrv    IN      A       192.168.1.230

Open in new window


2) db.0.0.127.in-addr.arpa
$TTL 3D
@               IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051702    ; Serial
                               8H      ; Refresh
                               2H      ; Retry
                               4W      ; Expire
                               1D)     ; Minimum TTL
                   IN     NS      orangesrv.mydomain.com.
1                 IN     PTR     localhost.

Open in new window


3) db.1.168.192.in-addr.arpa
$TTL 7200
@                  IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051701    ; Serial
                               3600       ; Refresh
                               1800      ; Retry
                               4W         ; Expire
                               7200)     ; Minimum TTL

                       IN     NS      orangesrv.mydomain.com.
230                 IN     PTR    orangeserv.mydomain.com.

Open in new window


In my previous message I had added bold tags but code tag overrides it the correct version is the one above.

Cheers,
K.
KeremE,

Your first file lacks the "mail" cname record, which was the author's original objective.
Kerem ERSOYPresident

Commented:
Mydomain file needs to be modified according to the RFC:

- The serial should be like that: 2011051701
- The TTL should be between 1-3 hours !!

;
; BIND data file for mydomain.com
;
$TTL    7200
@       IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                         2011051701        ; Serial
                         3600                   ; Refresh
                         1800                   ; Retry
                          3W                     ; Expire
                         7200 )                 ; Negative Cache TTL
                 
                    IN      NS      orangesrv
                    IN      MX      10 orangesrv

; You won't need to following if what you intend is not  ping mydomain.com to work 
;                   IN      A       192.168.1.230
; Hence I've commented it out if not please remove the semicolon before the previous line

orangesrv    IN      A       192.168.1.230

Open in new window

Author

Commented:
Sir, Thanks for the reply  changed as per the below

$TTL 7200
@                  IN      SOA     orangesrv.mydomain.com. admin.mydomain.com. (
                               2011051701    ; Serial
                               3600       ; Refresh
                               1800      ; Retry
                               4W         ; Expire
                               7200)     ; Minimum TTL

                       IN     NS      orangesrv.mydomain.com.
230                 IN     PTR    orangeserv.mydomain.com.  

-------------------------------------.

Also replace the TTL in the forward zone as well with the $TTL 7200


Please suggest is this okay. Thanks.





Kerem ERSOYPresident

Commented:
> KeremE,
>
> Your first file lacks the "mail" cname record, which was the author's original objective.

It is not! I have warned him CNAME records are not suitable for DNS and MAIL servers!!!!! This is why I've removed it please read my comments throughly before commenting !
Kerem ERSOYPresident

Commented:
http://en.wikipedia.org/wiki/MX_record

excerpt from the article:

The characteristic payload information of an MX record is the fully qualified domain name of a mail host and a preference value. The host name must map directly to one or more address record (A, or AAAA) in the DNS, and must not point to any CNAME records.[1]

This is based on RFC 2181 here :http://tools.ietf.org/html/rfc2181

The except is here:

10.3. MX and NS records

   The domain name used as the value of a NS resource record, or part of
   the value of a MX resource record must not be an alias.  Not only is
   the specification clear on this point, but using an alias in either
   of these positions neither works as well as might be hoped, nor well
   fulfills the ambition that may have led to this approach.
This
   domain name must have as its value one or more address records.
   Currently those will be A records, however in the future other record
   types giving addressing information may be acceptable.  It can also
   have other RRs, but never a CNAME RR.
Kerem ERSOYPresident

Commented:
The primary reason behind is MTA's do lots of DNS queries and even when they start work and for their own address. So it is not a good practice use CNAME for NS and MX records as the FRC specifies. Whether it is a split intranet domain or full blown internet DNS.

Cheers,
K.
I explained that the CNAME record is not being used for SMTP, but for web access to the Zimbra server via the URL http://mail.mydomain.com. That is the original objective of the author of this question:

"i would like to make the webmail accessible like the below: mail.mydomain.com"

The CNAME record is the correct way to provide an alias name to orangesrv.mydomain.com. If this is not suitable, then defend your position and explain what the problem is.

For my part, I provide documentation that this is proper usage, from the definitive book DNS & BIND, by Cricket Liu:

 http://www.zytrax.com/books/dns/ch8/cname.html.

---------------excerpt-------------

While use of CNAME RRs with NS and MX records is widely implemented and generates a working configuration it is theoretically not permitted (RFC 1034 section 3.6.2) since it can result in lost names. The fragment below illustrates a widely used but technically invalid configuration.

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
           IN      MX  10  mail.example.com.
mail       IN      CNAME   server1
server1    IN      A      192.168.0.3

In the above configuration when a query is issued for the A RR of mail.example.com the result will return both the mail.example.com CNAME RR and the server1.example.com A RR. When the A RR is used the name associated with the CNAME can be lost, that is, there is a valid MX record referencing the host mail.example.com and an A RR referencing server1.example.com but nothing joins the two records. The fragment below, by re-ordering the RRs, will achieve the same result and allow a valid mapping of the MX name to the A RR name.

--------end of excerpt--------------

The excerpt above is for a situation where the "mail" host name IS GOING TO BE USED FOR SMTP. In the author's situation, it is not. IT IS GOING TO BE USED FOR WEB ACCESS. The author's host in the MX record is defined by the "orangesrv" A record, not the "mail" CNAME record..

If you can explain why there is a problem with the author using CNAME in this way, do so.
To reply to your reply, which cross-posted with mine, you say:

  "The domain name used as the value of a NS resource record, or part of
   the value of a MX resource record must not be an alias."

And I reiterate: the domain name in the MX record is NOT an alias. The MX record points to the orangesrv A record, as it should, and the CNAME is never referenced in any MX record. QED the reference you quote does not apply

Author

Commented:
SIr, Thank you very much

added a entry in the
---------------- /etc/bind/named.conf.local-------------------------------------------------
zone "0.0.127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0.0.127.in-addr.arpa";
};
---------------------------------------------

and then created db.0.0.127.in-addr.arpa in the /etc/bind/db.0.0.127.in-addr.arpa";


Please suggest me is this correct.
D_wathi,

That looks like a correct specification for the db.0.0.127.in-addr.arpa file. I still recommend that you check the named.log file to see if BIND is recording syntax errors for any of your files. That is what I recommend as your next step: locate the named.log file (generally in /var/log/named.log) and examine it for syntax errors timestamped after your most recent restart of DNS.

Author

Commented:
Sir, Thank you very much for all  spending time in this,
The reason for not assigning the host name as mail.mydomain.com is because this hostname is already present in the network for fetching the mails from the out sourced web/mail hosting, now i want to setup the mail server for the same domain in the LAN this is  why host named as orange.mydomain.com but please note the end users still should be able to access the web mail as mail.mydoamin.com only .



D_wathi,

Each name in DNS can only have one value, so if your intention is to have mail.mydomain.com reach both the inside Zimbra server and the outsourced webmail, then you have to have two different names (e.g., mail and mail2). If, however, you want mail.mydomain.com only reach the Zimbra server for inside users (e.g., return a private rather than public IP address), then the CNAME I suggested will accomplish this.
Kerem ERSOYPresident

Commented:
> the mail server for the same domain in the LAN this is  why host named as orange.mydomain.com but > please note the end users still should be able to access the web mail as mail.mydoamin.com only .

This is OK. At first I'd thought adding a cname would require you to configure your zimbra with extra options. This is why I had removed it.

Giving it a second thought you can also do this that way:
- don't use orange server as the server name just use mail as the name of the server and arrange all your records this way. So that you won't need an alias.  
- Since you have split dns there's no way that your internal users could get to the external server anyway. Since the internal server would always be authorized to serve the mydomain.com there's no way that it can query the outside DNS. So let your users use mail as the server name.

Another option is not to use a split DNS and use another domain such as "mydomain.sec" for the inside and "mydomain.com" for outside. Zimbra allows you to configure your server for the domain "mydomain.com" as default while the server name is "mail.mydomain.sec". But in theis case keep in mind that you'll need to setup the internal DNS and assign a n MX report that would just point to your internal serve otherwise the setup will not go through.

You can also keep the alias. and let your users access the internal server using the alias.

Cheers,
K.

KeremE,
Using mail... as the canonical server name is a bad idea, because then that hostname will be tied to both smtp and webmail services, which will cause future problems if these functions are ever separated. The author's approach of split DNS is the industry accepted best practice for DNS, and the cname is also the standard industry practice for providing a server alias.

There is no good reason to use the complex workarounds you propose when a CNAME is a simple, straightforward solution.

Author

Commented:
Sir, Thank you very much, iam able to access the mail server using https://<ip address>:7071 but not able to acces if try to access using https://orangesrv.mydomain.com:7071 please help me to resolve this.Thanks in advance.
Run the following tests from the cmd line on computer having the access problem:

Nslookup
Set type=a
mail.mydomain.com.
orangesrv.mydomain.com.
mydomain.com.

Note the periods at the end of each request; it's important that you include them.

Copy and paste all the results here.




Author

Commented:
Thanks for the reply, will do this in the office and post ,meanwhile have two  doubts posted below:

1.in the office(LAN) all the systems but for the zimbra mail server uses the windows 2003 dns server is it because of this not able to resolve the orangesrv.mydomain.com as this entry is not found in the windows 2003 forward zone.

2. As i have configured split dns for the zimbra mail server as the mail server is behind the firewall, can i configure the same bind for the local resolve for the LAN  in this case zimbra server will get the split dns and all the other systems will use this zimbra server bind as the dns server, please suggest. Thanks in advance.

I will know more once you provide the test results. Also, tell me the IP address and DNS server settings of the machine from which you conduct the test.
Kerem ERSOYPresident

Commented:
Hi,

I don't think it is because of DNS problem. This is what I was trying to warn you about. Zimbra does not like CNAMEs and it requres extra setup. This is why I was suggesting you to use a single name. This has being said lets fix this:
- Just logon Zimbra admin
- Go to Settings > Global Settings > network
- Add the cname "mail.mydomain.com" under Webmail MTA System Names. Hit the add button and ad d the name to the newly  created empty field.
- Save
- Restart Zimbra.

Now you should be able to logon to zimbra.

Cheers,
K.
Let's et the diagnostic data before running off and making changes. I install and maintain Zimbra, so I understand about the Webmail naming things. But note that the author is able to log in using just the IP address, so I don't think this is an HTTP virtual host name problem.

Data first, changes second. And always change just one thing at a time. It's in my book: http://tinyurl.com/amazonnetworking

Author

Commented:
Thanks for the reply,

In my network are using two methods one DHCP SERVER the hardware firewall fortegate 110  of the ip 192.168.1.5 is functioning as dhcp server for this we have assigned the IP of google dns server hence ip from this gets released to the systems which is configured for the dhcp service.

2. for the remaining systems other than the dhcp , manually we assign the IP, subnetmask,gateway and dns, for the dns we use the IP of windows 2003 AD .

posted below required inputs of the system using the dhcp service from the firewall/router please help.
 nslookup
> set type=a
> orangesrv.mydomain.com
Server:            8.8.8.8
Address:      8.8.8.8#53

Non-authoritative answer:
Name:      orangesrv.mydomain.com
Address: 208.43.158.133
-------------------------------------------------------------------------------------------------------------------
route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
0.0.0.0         192.168.1.5     0.0.0.0         UG    0      0        0 eth0
indar@indarubuntu:~$ ip route show
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.222  metric 1
169.254.0.0/16 dev eth0  scope link  metric 1000
default via 192.168.1.5 dev eth0  proto static

D_wathi,

If you point users at an external name server your split dns won't work. All users needing split dns should only point to your internal name server.

Author

Commented:
Sir, Thanks for the reply, please suggest me shall i configure forward and reverse zones for all the users pointing to the zimbra mail server, so that tzimbra mail server works as dns server for local users.

Please suggest.

Author

Commented:
Sir after adding the entries in forward and reverse zones of the users now able to resolve and access the zimbra mail server with orangesrv.mydomain.com. finally please suggest me by configuring the zimbra serve as a ddns will resolve all this issues. Request your help. please

Author

Commented:
Sir, for some time was able to access the zimbra mail server the web http://orangesrv.mydomain.com but again now resolve is not happening please suggest me to fix this.

nslookup
> set type=a
> orangesrv.mydomain.com
Server:            192.168.1.230
Address:      192.168.1.230#53

Name:      orangesrv.mydomain.com
Address: 192.168.1.230

Author

Commented:
Sir, This is in continuation with my previous post, i added CNAME in the forward zone , Iam able to access through the web using the canonical name like below
http://srv.mydomain.com but not able access using the server name orangesrv. Please help me how to fix this.

2. Is it recommended to configure this zimbra mail server to work as ddns so that all the users will get the ip released from this server. Please suggest.
Kerem ERSOYPresident

Commented:
> In my network are using two methods one DHCP SERVER the hardware firewall fortegate 110  of > the ip 192.168.1.5 is functioning as dhcp server for this we have assigned the IP of google dns
> server hence ip from this gets released to the systems which is configured for the dhcp service.


> 2. for the remaining systems other than the dhcp , manually we assign the IP,
> subnetmask,gateway and dns, for the dns we use the IP of windows 2003 AD .

First of all what domain your Windows 2003 servers use ?  Is it the same split DNS as your mydomain.com ? I f this is the case I'll suggest you put add these records in AD 2003 DNS instead.

Then modify your fortigate to point to tour AD DNS server as DNS not the external ones. So your Zimbra must point to the internal AD too.

Cheers,
K:

Author

Commented:
Sir, Thanks for the reply, actually i had missed . in the config could trace fix it using named-checkzone. now iam able to access the zimbra mail server through the web using http://orangesrv.mydomain.com as well with the canonical name
This got fixed.

2. I have made this zimbra mail server to serve as a caching name server with the forwarders added of google dns, and added the users computer names and ip address to the forward zone and reverse zone , now able to resolve .

Request you to suggest me is this a recommended method reason is in future we are removing the windows AD server, please help. Thanks in advance.
Congratulations! That's a very good configuration. When you move to AD the transition will be simple, as that is also the default AD DNS architecture. Did you put the CNAME in for mail.mydomain.com? If you did, you should be able to use that name to access webmail internally as well.

Author

Commented:
Sir, Thank you very much for the reply, Yes iam also able to access from the web using the cname. finally with your could a manage to resolve this. Thanks once again. Sir, now the zimbra mail server is not only functioning as mail server in addition it is functioning as below mentioned:
1. Caching name server
2. name server for the users of the LAN

since we too have laptop users i am planning to configure the same zimbra mail server to function as a DDNS so that automatically ip will be released. Please sir consider this as my final request on this post. Please help.

Author

Commented:
Please suggest me on my previous post of configuring the zimbra mail server as ddns server the LAN, please suggest on this. Thanks in advance.
D_wathi,

It's not necessary to configure Dynamic DNS (ddns) on the Zimbra server. Email functions don't require ddns, and when you migrate to AD you'll get ddns automatically.

Author

Commented:
Sir, Thanks for the reply,  Iam not migrating to the AD in fact iam removing the AD in my network and configure another linux server to work as samba domain controller but prefer to keep local name server of the existing (newly configured zimbra mail server) as the name server for the LAN for the local resolving. Please sueggest
Kerem ERSOYPresident

Commented:
Hi,

DDNS server is required only if your Internet IP is not a fixed one. This isnothing enterprise though.
You don2t need to configure it. You already have DNS for outside.

Cheers,
K.
KermE,

 I believe the author is referring to private LAN ddns, not public WAN ddns. See http://support.microsoft.com/kb/816592. Both services use similar protocols, but what you're referring to is for dynamic ISP-issued public IP addresses. Windows uses ddns for LAN discovery and client DHCP-to-name mapping.

Author

Commented:
thanks for the reply, yes sir iam referring to the private lan ddns as this will avoid assiging ip address manually so that laptop users when in office using the wireless network can access the lan and when they go out they can access through the other sources no need to change the ip address every time. I think configuring the ddns for the zimbra mail server should be  a problem just a comment from you will make me still safer, please suggest.
D_wathi,

As long as you have a DHCP server running on the network, giving out the Zimbra server's IP address as the name server, you won't need ddns.

Author

Commented:
SIr, Thanks for the reply, Iam sorry forgot to inform that first will stop dhcp service on the fortegate firewall after this will configure the zimbra mail server with the DDNS, please suggest after hearing from you will go further, please help.
You don't need ddns for email. You do have to have dhcp somewhere in your network if you have non-static-IP users. It would be wiser to have that dhcp service on the fortigate than on the zimbra server, so that all your services aren't on a single device should that go offline for some reason.

Author

Commented:
Thank you very much sir will do it as suggested, Thank you very much sir. Happy weekend.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial