Results 1 to 4 of 4

Thread: DNS resolution and firewalls.

  1. #1
    jeg1972 is offline Active Member
    Join Date
    Jan 2006
    Location
    UK
    Posts
    37
    Rep Power
    9

    Default DNS resolution and firewalls.

    Firstly, can I just say that Zimbra is excellent, and I've got it up and running and sending and receiving mail... so why am I posting this thread? Well, I suspect the way I've set it up is a bit of a kludge... it doesn't seem particularly ellegant to me anyway. I've looked at other threads and some are similar, but not exactly this scenario.

    I, like most people, have set up the Zimbra server behind a firewall in a DMZ. The server has got an internal address of 10.0.1.192 and the zone file looks like:

    127.0.0.1 localhost.localdomain localhost
    10.0.1.192 zimbra.ourdomain.net zimbra


    Now, we have only one set of DNS servers, which are used for resolution by the outside world (we have delegation for a number of domains) and also the servers in the DMZ. I added the entry for zimbra.ourdomain.net in our zone file and pointed the MX and above A record to the external IP address, which is in turn NAT'ed by our firewall to point to 10.0.1.192.

    Using this method, I can only receive mails when DNS lookups are switched off, but can only send when DNS lookups are switched on.

    So, I added another A record and MX record in the zone file for zimbra-ext.ourdomain.net pointing to the external IP address and changed zimbra.ourdomain.net record in the zone file to point to the internal address (10.0.1.192). This all works, but it doesn't seem great.

    So my question is, other than having internal and external DNS servers and/or using a relay MTA, is there any other way of solving this problem?

    Cheers

    John

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Seems you got it. Postfix must use DNS to send and thus needs to be able to look itself up and get an internal IP. So there was 2 options:

    1) Setup two DNS servers. (Like a simple local bind for Zimbra)
    2) Use a relay host with DNS look-ups off

    Now there is a 3rd
    3) You new method.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    brad is offline Junior Member
    Join Date
    Jan 2006
    Posts
    6
    Rep Power
    9

    Default DNS Configuration link

    Here is a link to configure a named server with two different zone files. this will allow you to use one dns server for both external and internal domains. I currently have this set up which allows me to run zimbra with dns. Just a quick note i do use my internal IP for the hosts file. I am only running a caching name server as my domain name is registered with a seperate domain registration company that allows me to circumvent the port 25 blocking done by all good ISPs. I would also advise if you are going to run an authoritative server that you do a lot of research on how to secure it. I have no less than 50 probes a day on port 53. The good thing about a caching name server is i don't have to open the port in order for it to work.

    Here is the link to the site i was talking about.
    http://www.linuxhomenetworking.com/l...dns-static.htm

  4. #4
    Tarkin is offline Active Member
    Join Date
    Dec 2005
    Location
    Australia
    Posts
    26
    Rep Power
    9

    Default

    I've just finished using the info on
    http://sysadmin.oreilly.com/news/views_0501.html
    to setup views with bind9. Its a really nice simple document to follow.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •