| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
05-18-2010, 06:14 AM
| | Intermediate Member | |
Posts: 21
| |  Properly setting up DNS and MX
Hello,
while trying to resolve another problem it came up that my DNS and MX records aren't properly set up. In order not to mess up the already log-filled thread I hope it's ok if a start another one for that problem. First the outputs of some commands:
cat /etc/hosts Code: zimbra@srvXXXX:~$ cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
95.xxx.xx.xx srvXXXX.provider.tld srvXXXX cat /etc/resolv.conf Code: zimbra@srvXXXX:~$ cat /etc/resolv.conf
nameserver 95.xxx.xx.xx dig domain.net mx Code: root@srvXXXX:~# dig domain.net
; <<>> DiG 9.4.2-P2 <<>> domain.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18276
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.net. IN A
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Tue May 18 12:56:45 2010
;; MSG SIZE rcvd: 28 dig domain.net any Code: root@srvXXXX:~# dig domain.net any
; <<>> DiG 9.4.2-P2 <<>> domain.net any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18697
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.net. IN ANY
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Tue May 18 12:58:01 2010
;; MSG SIZE rcvd: 28 dig domain.de mx Code: root@srvXXXX:~# dig domain.de mx
; <<>> DiG 9.4.2-P2 <<>> domain.de mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1597
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.de. IN MX
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Tue May 18 12:59:10 2010
;; MSG SIZE rcvd: 27 dig domain.de any Code: root@srvXXXX:~# dig domain.de any
; <<>> DiG 9.4.2-P2 <<>> domain.de any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36881
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.de. IN ANY
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Tue May 18 12:59:55 2010
;; MSG SIZE rcvd: 27 hosts `hostname` Code: zimbra@srvXXXX:~$ host `hostname`
srvXXXX.domain.tld has address 95.xxx.xx.xx nslookup domain.net Code: root@srvXXXX:~# nslookup domain.net
Server: 95.XXX.XX.XX
Address: 95.XXX.XX.XX#53
** server can't find domain.net: SERVFAIL nslookup domain.de Code: root@srvXXXX:~# nslookup domain.de
Server: 95.XXX.XX.XX
Address: 95.XXX.XX.XX#53
** server can't find domain.de: SERVFAIL Here the configuration files:
/etc/bind/named.conf.options Code: options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
80.XXX.XXX.XXX; 145.XXX.XXX.XXX;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
}; /etc/resolv.conf (Die IP ist die externe ServerIP) Code: Nameserver 95.XXX.XX.XX /etc/bind/named.conf.local Code: //
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "domain.net" {
type master;
file "/etc/bind/db.domain.net";
};
zone "domain.de" {
type master;
file "/etc/bind/db.domain.de";
};
# Reverse DNS
zone "XX.XX.XXX.95.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
}; /etc/bind/db.domain.net Code: ;
; BIND data file for domain.net
;
$TTL 604800
@ IN SOA mail.domain.net. admin.domain.net. (
070725 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
@ IN NS mail
IN MX srvXXXX.provider.tld
IN A 95.XXX.XX.XX
mail IN A 95.XXX.XX.XX /etc/bind/db.domain.de Code: ;
; BIND data file for domain.de
;
@ IN SOA mail.domain.de. admin.domain.de. (
070725 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
@ IN NS mail
IN MX srvXXXX.provider.tld
IN A 95.XXX.XX.XX
mail IN A 95.XXX.XX.XX /etc/hosts Code: 127.0.0.1 localhost.localdomain localhost
95.XXX.XX.XX srvXXXX.provider.tld srvXXXX Thanks a lot in advance for any help.
Best regards  |
05-18-2010, 07:37 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
So what exactly is the domain name on your server, you seem to be using three different ones? WHy are you using "provider.tld" when it should be your domain name.
These redords: Code: IN MX srvXXXX.provider.tld
IN A 95.XXX.XX.XX
mail IN A 95.XXX.XX.XX should look like this: Code: IN MX srvXXXX.provider.tld.
IN A 95.XXX.XX.XX
srvXXXX.provider.tld. IN A 95.XXX.XX.XX Note the additional period '.' at the end of the FQDN and I prefer the A record to have the full FQDN of the server. These instructions are documented in the Split DNS article in the wiki.
__________________
Regards
Bill
|
05-19-2010, 03:54 AM
| | Intermediate Member | |
Posts: 21
| | 
I have 2 domains - domain.net and domain.de which I wanted both to lead to zimbra. The third domain is the domain the provider gave me for the server, to be quite honest I don't know why I left it in the configuration, probuably because I'm still not familiar enough with everything around the IP and Domain Setup - but I changed that now and substituted it with the proper domain names.
What I did now was change:
/etc/bind/db.domain.net Code: ;
; BIND data file for domain.net
;
$TTL 604800
@ IN SOA mail.domain.net. admin.domain.net. (
100519 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
@ IN NS mail
IN MX domain.net.
IN A 95.XXX.XX.XX
domain.net. IN A 95.XXX.XX.XX db.domain.de Code: ;
; BIND data file for domain.de
;
@ IN SOA mail.domain.de. admin.domain.de. (
100519 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
@ IN NS mail
IN MX domain.de.
IN A 95.XXX.XX.XX
domain.de. IN A 95.XXX.XX.XX and /etc/hosts Code: 127.0.0.1 localhost.localdomain localhost
95.XXX.XX.XX mail.domain.net mail I increased the serial numbers and restarted bind but I still don't get proper MX results for "dig domain.net": Code: root@srvXXXX:~# dig domain.net
; <<>> DiG 9.4.2-P2 <<>> domain.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31981
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.net. IN A
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Wed May 19 10:52:11 2010
;; MSG SIZE rcvd: 28 Is it possible that there is a mistake in the zone configuration for the 2 domains?
Thanks for all the help so far. |
05-19-2010, 04:04 AM
| | |
Code: ;
; BIND data file for domain.net
;
$TTL 604800
@ IN SOA mail.domain.net. admin.domain.net. (
100519 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
@ IN NS mail
IN MX mail
mail IN A 95.XXX.XX.XX
IN A 95.XXX.XX.XX and for domain.de point the MX record at mail.domain.net. as that is the primary serving Zimbra.
__________________  |
05-19-2010, 04:34 AM
| | Intermediate Member | |
Posts: 21
| |
I adjusted the files:
db.domain.net Code: ;
; BIND data file for domain.net
;
$TTL 604800
@ IN SOA mail.domain.net. admin.domain.net. (
100520 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
@ IN NS mail
IN MX mail
mail In A 95.XXX.XX.XX
IN A 95.XXX.XX.XX db.domain.de Code: ;
; BIND data file for domain.de
;
@ IN SOA mail.domain.de. admin.domain.de. (
100520 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
@ IN NS mail
IN MX mail.domain.net.
mail IN A 95.XXX.XX.XX
IN A 95.XXX.XX.XX restarted bind, dig record still looks like this: Code: root@srvXXXX:~# dig domain.net
; <<>> DiG 9.4.2-P2 <<>> domain.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56604
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.net. IN A
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Wed May 19 11:32:56 2010
;; MSG SIZE rcvd: 28 |
05-19-2010, 04:45 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
Make the following changes, these lines: Code: @ IN NS mail
IN MX mail.domain.net.
mail IN A 95.XXX.XX.XX
IN A 95.XXX.XX.XX to this: Code: @ IN NS x.x.x.x <- IP address of server (never use the hostname)
IN MX mail.domain.net.
mail.domain.net. IN A 95.XXX.XX.XX
IN A 95.XXX.XX.XX When you've done that and restarted bind post the output of all the commands I asked your for earlier.
__________________
Regards
Bill
|
05-19-2010, 05:38 AM
| | |
For reference there is no need to specify the FQDN for MX or A records when you wish to use the domain of the zone. For which the domain.net you can set either or Code: IN MX mail.domain.net. As Phoenix has said the '.' is very important if using the second scheme. For domain.de you would always need to specify the FQDN so that it can find mail.domain.net. With regards to why your dig was not reporting anything is due to you not saying what to look for eg. dig domain.net mx
__________________ |
05-19-2010, 06:46 AM
| | Intermediate Member | |
Posts: 21
| |
I decided to go with mail.domain.net. if it works both ways then i'd rather have the files similar for simplicity.
db.domain.net Code: ;
; BIND data file for domain.net
;
$TTL 604800
@ IN SOA mail.domain.net. admin.domain.net. (
100522 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
@ IN NS 95.XXX.XX.XX
IN MX mail.domain.net.
mail.domain.net. IN A 95.XXX.XX.XX
IN A 95.XXX.XX.XX db.domain.de Code: ;
; BIND data file for domain.de
;
@ IN SOA mail.domain.de. admin.domain.de. (
100523 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
@ IN NS 95.XXX.XX.XX
IN MX mail.domain.net.
mail.domain.net. IN A 95.XXX.XX.XX
IN A 95.XXX.XX.XX @phoenix I read back but couldn't find you asking for any commands? But if you ment the "dig mx/any" commands:
dig domain.net mx Code: root@srvXXXX:~# dig domain.net mx
; <<>> DiG 9.4.2-P2 <<>> domain.net mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62095
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.net. IN MX
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Wed May 19 13:41:02 2010
;; MSG SIZE rcvd: 28 dig domain.net any Code: root@srvXXXX:~# dig domain.net any
; <<>> DiG 9.4.2-P2 <<>> domain.net any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 15690
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.net. IN ANY
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Wed May 19 13:41:28 2010
;; MSG SIZE rcvd: 28 dig domain.de mx Code: root@srvXXXX:~# dig domain.de mx
; <<>> DiG 9.4.2-P2 <<>> domain.de mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55811
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.de. IN MX
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Wed May 19 13:42:01 2010
;; MSG SIZE rcvd: 27 dig domain.de any Code: root@srvXXXX:~# dig domain.de any
; <<>> DiG 9.4.2-P2 <<>> domain.de any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37252
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;domain.de. IN ANY
;; Query time: 0 msec
;; SERVER: 95.XXX.XX.XX#53(95.XXX.XX.XX)
;; WHEN: Wed May 19 13:42:25 2010
;; MSG SIZE rcvd: 27 nslookup domain.net Code: root@srvXXXX:~# nslookup domain.net
Server: 95.XXX.XX.XX
Address: 95.XXX.XX.XX#53
** server can't find domain.net: SERVFAIL I compared it to before when phoenix said that there was something wrong with the DNS A and MX records but nothing changed?
Also what worried me a bit is the output of "nslookup domain.net"
Thanks again for your help so far. |
05-19-2010, 06:53 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
Quote:
Originally Posted by Chodid  @phoenix I read back but couldn't find you asking for any commands? But if you ment the "dig mx/any" commands: | Sorry, I meant the command you'd run earlier.
Well as you say, nothing has changed. Can you send me the IP address of the DNS server and the correct domain name so I can check your settings?
__________________
Regards
Bill
|
05-19-2010, 08:34 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
OK, so your external DNS records look correct for both domains and they resolve to the correct IP address. Next question(s): - is this server on a public IP (the 95.x.x.x shown in this thread)?
- your resolv.conf has the 95.x.x.x as it's DNS server, is that correct?
- when you ran the dig commands were they run on the Zimbra server?
- just out of interest, which operating system is this?
- have you disabled selinx/apparmor and the firewall on this server?
- is this server actually behind any firewall or NAT router?
- is the Zimbra server currently up and all services running?
__________________
Regards
Bill
| | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
