Thank you for your help. Since this is a public forum, I have sanitized output, replacing my domain name and the public IP of my public DNS server (it's not sub.domain.edu or 256.256.256.85
-- hostname and non-routable addresses are otherwise correct)
Quote:
zimbra@zim:~$ cat /etc/hosts
127.0.0.1 localhost
172.16.8.29 zim.sub.domain.edu zim
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
zimbra@zim:~$ cat /etc/resolv.conf
search sub.domain.edu
nameserver 172.16.16.241
nameserver 172.16.16.239
nameserver 256.256.256.85
zimbra@zim:~$
zimbra@zim:~$ dig zim.sub.domain.edu mx
; <<>> DiG 9.3.2 <<>> zim.sub.domain.edu mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41378
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;zim.sub.domain.edu. IN MX
;; AUTHORITY SECTION:
sub.domain.edu. 3600 IN SOA pdc-01.sub.domain.edu. admin. 16070 900 600 86400 900
;; Query time: 16 msec
;; SERVER: 172.16.16.241#53(172.16.16.241)
;; WHEN: Tue Apr 1 20:05:42 2008
;; MSG SIZE rcvd: 83
zimbra@zim:~$ dig zim.sub.domain.edu ns
; <<>> DiG 9.3.2 <<>> zim.sub.domain.edu ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35509
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;zim.sub.domain.edu. IN NS
;; AUTHORITY SECTION:
sub.domain.edu. 3600 IN SOA pdc-01.sub.domain.edu. admin. 16070 900 600 86400 900
;; Query time: 17 msec
;; SERVER: 172.16.16.241#53(172.16.16.241)
;; WHEN: Tue Apr 1 20:05:48 2008
;; MSG SIZE rcvd: 83
zimbra@zim:~$ host `hostname`
zim.sub.domain.edu has address 172.16.8.29
zimbra@zim:~$
|
pdc-01 is my internal Active Directory DC doing DNS for my LAN; IP address is 172.16.16.241 (ie, it's in the resolv.conf).
I don't believe a split DNS will help matters as that will break mail from zim.sub.domain.edu to my other users in sub.domain.edu, no? (i.e., sub.domain.edu (non-zimbra) users' mail will need to be found via the real MX for sub.domain.edu, not the "faked" one that would be handed out by spoofing via Views (or setting up a DNS server on the zimbra box itself) for zimbra. I'll set one up if you really think this will help, but I have other machines setup without this (a red hat box running qmail, no MX entry only an A entry in the DNS. )
I essentially already have a "split dns" setup; my LAN IP's have their DNS served by my Domain Controllers and the IP addresses are all internal; public DNS requests are handled by my nameservers (the only place it shows up in the above is the 256.256.256.85 entry in /etc/resolv.conf) and the majority of my LAN clients do not use this nameserver (the DC's forward to it though) so I don't know if I should remove it from the resolv.conf.