Results 1 to 9 of 9

Thread: [SOLVED] DNS in a nutshell

  1. #1
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default [SOLVED] DNS in a nutshell

    Here's a quick overview of what you need:

    First, remember that you need to set up an MX record for the DOMAIN, which points to the A record for the HOST, which will be the IP ADDRESS of the box running zimbra.

    Example:
    Zimbra is running on zcs.domain.com, IP 1.2.3.4
    You send mail to user1@domain.com

    Postfix will look up the MX record for domain.com, which will return zcs.domain.com, IP address 1.2.3.4.

    Something like this is the file you need. This sets itself up as the SOA for the domain.com domain, sets the NS record to be zcs.domain.com, standard timeout stuff, then adds one MX record, plus the A record that corresponds to the MX record.

    Code:
    $TTL 3D
    @       IN      SOA     zcs.domain.com. zcs.marcmac.com. (
                            2005110200
                            8H              ; refresh, seconds
                            2H              ; retry, seconds
                            4W              ; expire, seconds
                            1D )            ; minimum, seconds
    ;
                    NS      zcs              ; Inet Address of name server
                    MX      10 zcs.domain.com.     ; Primary Mail Exchanger
    ;
    zcs              A       1.2.3.4
    mail            CNAME zcs           ; CNAME for a common nickname
    otherhost      A       1.2.3.5       ; another host, for example
    www            CNAME otherhost   ; with a nickname
    So, drop that in the domain.com file in /var/named/data (or /var/named/chroot/var/named/data, depending).

    In /etc/named.conf (or /var/named/chroot/etc/named.conf), you'll put:

    Code:
    options {
           directory "/var/named";
           dump-file "/var/named/data/cache_dump.db";
           statistics-file "/var/named/data/named_stats.txt";
    };
    include "/etc/rndc.key";
    
    zone domain.com {
            type master;
            file "/var/named/data/domain.com";
    };
    A note about chrooting - most name servers run in a chrooted environment - so, you'll create the files in /var/named/chroot/whatever - but remember, when named is running, it's paths are relative to the chroot - so when you REFER to a file (as I do above in the named.conf snippet) you'll have absolute paths that are relative to the chroot.

    Is it chrooted? Check /etc/sysconfig/named for a ROOTDIR value. If it's present, then that's your chroot.

    Also, make sure that this nameserver is listed first in resolv.conf. Also, if there are other hosts in this domain, you should add them, too - or you won't be able to resolve them.

    CAVEAT - I haven't touched my named config in a while, so more recent bind versions may be pickier than mine - but this should work.

    Another CAVEAT - Run named chrooted, as a non-root user. Bind is known for exploits, and being hacked is a drag. My examples are just to get you going, and aren't intended as a Bind security primer.
    Last edited by marcmac; 11-02-2005 at 03:15 PM. Reason: www cname www? WTF?

  2. #2
    andreychek is offline Special Member & Volunteer
    Join Date
    Oct 2005
    Location
    Harrisburg, Pennsylvania
    Posts
    155
    Rep Power
    9

    Default

    Quote Originally Posted by codecoward
    So as far as I understand it, I need to have the first DNS server in my resolv.conf file point to something that in turn points to the internal ip address first. That way, when postfix asks where "mail.example1.com" or "mail.example2.com" are located, it points them to 192.168.1.3 before it points them to the external ip.

    Is that correct, or am I way off base? And if it is correct... (the million dollar question) how do I get it to work?
    Hmm. I haven't run into that problem... but, I'm going to move ahead making the assumption that this here is correct. That's what I gathered from the messages the Zimbra folks left. So, maybe we can fix it --

    Quote Originally Posted by codecoward
    Fedora Core 4 has BIND installed by default, so I would imagine that I use that. However, the documentation/forums and information about DNS and Bind is pretty archaic, and I have been unable to find anyone that just needs to use a small DNS footprint that ONLY translates a host to an internal ip address.
    BIND offers a lot of functionality for what you need, it may be overkill. At the same time, it comes with Fedora, is well supported, and there are lots of examples of how to make it work. And, more to the point, I can tell you how to do what you need to in order for it to work, something I can't say for the others :-)

    I only have a copy of CentOS/RedHat Enterprise in front of me. I'm assuming that their setup for BIND is the same as Fedora. What you'll need to do is this:

    (assuming that you're running BIND on the same machine as Zimbra, and that you'll change "mydomain.com" to whatever your domain is, and "hostname" to whatever your hostname is)

    * Edit /etc/named.conf, and add your domain like so to the end of the file:

    Code:
    zone "mydomain.com" {
    	type master;
    	file "/var/named/mydomain.com.hosts";
    };
    * Create a file /var/named/mydomain.com.hosts, and add this to it:

    Code:
    $ttl 38400
    @	IN	SOA	hostname.mydomain.com. root.hostname.mydomain.com. (
    			2005110200
    			10800
    			3600
    			604800
    			38400 )
    @	      IN	NS	hostname.mydomain.com.
    @             IN        MX     10 hostname.mydomain.com.
    @	      IN	A	192.168.1.3
    hostname IN        A       192.168.1.3
    mail1       IN	      CNAME	hostname
    mail2       IN        CNAME     hostname
    * Edit /etc/resolv.conf, comment out the "nameserver" line(s), add make it read:

    Code:
    nameserver 127.0.0.1
    Now restart bind:

    service named restart

    After all that, if you run the command:

    dig a mydomain.com

    You should get a few lines of output, that includes something like:

    Code:
    ;; ANSWER SECTION:
    mydomain.com.	2400	IN	A	192.168.1.3
    I haven't tried the above. While I pieced it together from other settings I do have working, I'm not 100% certain there are no syntax errors and that sort of thing in this. You'll want to do a sanity check on anything you are typing in :-)

    There are a lot of examples of how to setup BIND for handling DNS. One good place to start is the BIND HOWTO:

    http://langfeldt.net/DNS-HOWTO/BIND-9/

    Have a good one,
    -Eric
    Last edited by andreychek; 11-16-2005 at 07:47 AM. Reason: Oops, forgot MX Priority

  3. #3
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default MX record

    The above post is missing the MX record, which is key for this issue - also, it's considered a good idea to have the name for your MX host be an A record, not a CNAME record (though I don't remember why).

  4. #4
    andreychek is offline Special Member & Volunteer
    Join Date
    Oct 2005
    Location
    Harrisburg, Pennsylvania
    Posts
    155
    Rep Power
    9

    Default

    Quote Originally Posted by marcmac
    The above post is missing the MX record, which is key for this issue - also, it's considered a good idea to have the name for your MX host be an A record, not a CNAME record (though I don't remember why).
    Oops, good catch. That's been corrected.

    Now, I think the way most MTA's work is that they first look up the DNS MX record, and failing that, search for an A record. So, what was in there would likely have worked. However, it increases the amount of DNS queries necessary to deliver an email to that domain, which isn't what we want :-)

    Regarding one not using a CNAME for an MX record... I ran across that in an RFC somewhere after having tried it with occasional odd results :-) Some MTA's rebel, and instead of delivering the email to the CNAME listed in the MX record, they resolve the A record for that IP address. So, it generally ends up working, but can have some really unexpected results if you aren't looking for it... for example, I saw that occur on a mailing list. The list was setup to receive mail at the domain stuff.mylist.com... which the name was really CNAME for other.domain.com.

    So, the emails arrived, but some MTA's rewrote the To: address to be the A record, other.domain.com. Since the mailing list software was prepared to receive emails for stuff.mylist.com, it ignored the emails. It took some time to figure that out :-)

    SMTP RFC: http://www.ietf.org/rfc/rfc2821.txt

    "The lookup first attempts to locate an MX record associated with the name. If a CNAME record is found instead, the resulting name is processed as if it were the initial name."

    So yeah, if you use a CNAME, it's going to deliver to the resulting A record. And MTA's like sendmail go so far as to rewrite the To: address to match this. So, yeah, bad :-)
    -Eric

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Hi

    I'm still learning about BIND DNS but just a quick query about the example above, shouldn't this line in your 'mydomain.com.hosts' file:

    Code:
    @             IN        MX     hostname.mydomain.com.
    have a priority on it and be in this form:

    Code:
    @             IN        MX     10 hostname.mydomain.com.
    On my system it seems to not resolve correctly if you don't have the priority, or have I missed something obvious?

    Regards

    Bill

  6. #6
    andreychek is offline Special Member & Volunteer
    Join Date
    Oct 2005
    Location
    Harrisburg, Pennsylvania
    Posts
    155
    Rep Power
    9

    Default

    Quote Originally Posted by phoenix
    Hi

    I'm still learning about BIND DNS but just a quick query about the example above, shouldn't this line in your 'mydomain.com.hosts' file:

    Code:
    @             IN        MX     hostname.mydomain.com.
    have a priority on it and be in this form:
    Indeed it should have a priority. I thought I had corrected everything I had wrong with that line earlier, but I guess not :-)

    Thanks for the heads up, I'll correct that now.
    -Eric

  7. #7
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    DNS has/should be in the wiki.

    unstuck.

  8. #8
    powrrrplay is offline Special Member
    Join Date
    Nov 2008
    Posts
    119
    Rep Power
    6

    Default

    Quote Originally Posted by marcmac View Post
    Here's a quick overview of what you need:

    First, remember that you need to set up an MX record for the DOMAIN, which points to the A record for the HOST, which will be the IP ADDRESS of the box running zimbra.

    Example:
    Zimbra is running on zcs.domain.com, IP 1.2.3.4
    You send mail to user1@domain.com

    Postfix will look up the MX record for domain.com, which will return zcs.domain.com, IP address 1.2.3.4.

    Something like this is the file you need. This sets itself up as the SOA for the domain.com domain, sets the NS record to be zcs.domain.com, standard timeout stuff, then adds one MX record, plus the A record that corresponds to the MX record.

    Code:
    $TTL 3D
    @       IN      SOA     zcs.domain.com. zcs.marcmac.com. (
                            2005110200
                            8H              ; refresh, seconds
                            2H              ; retry, seconds
                            4W              ; expire, seconds
                            1D )            ; minimum, seconds
    ;
                    NS      zcs              ; Inet Address of name server
                    MX      10 zcs.domain.com.     ; Primary Mail Exchanger
    ;
    zcs              A       1.2.3.4
    mail            CNAME zcs           ; CNAME for a common nickname
    otherhost      A       1.2.3.5       ; another host, for example
    www            CNAME otherhost   ; with a nickname
    So, drop that in the domain.com file in /var/named/data (or /var/named/chroot/var/named/data, depending).

    In /etc/named.conf (or /var/named/chroot/etc/named.conf), you'll put:

    Code:
    options {
           directory "/var/named";
           dump-file "/var/named/data/cache_dump.db";
           statistics-file "/var/named/data/named_stats.txt";
    };
    include "/etc/rndc.key";
    
    zone domain.com {
            type master;
            file "/var/named/data/domain.com";
    };
    A note about chrooting - most name servers run in a chrooted environment - so, you'll create the files in /var/named/chroot/whatever - but remember, when named is running, it's paths are relative to the chroot - so when you REFER to a file (as I do above in the named.conf snippet) you'll have absolute paths that are relative to the chroot.

    Is it chrooted? Check /etc/sysconfig/named for a ROOTDIR value. If it's present, then that's your chroot.

    Also, make sure that this nameserver is listed first in resolv.conf. Also, if there are other hosts in this domain, you should add them, too - or you won't be able to resolve them.

    CAVEAT - I haven't touched my named config in a while, so more recent bind versions may be pickier than mine - but this should work.

    Another CAVEAT - Run named chrooted, as a non-root user. Bind is known for exploits, and being hacked is a drag. My examples are just to get you going, and aren't intended as a Bind security primer.
    Does it matter if your if your NAT router is in PPOE w/ port forwarding or should the NAT router be in Bridged mode?

    I have my router in NAT PPOE mode with DNS, POP, SMTP, IMAP (and the secure ports) pointing to zimbra (.77). My zimbra server (192.168.1.77) is up and running fine. But requests to the http server (192.168.1.67) are failing.

    Internally I am not able to access .67 and I have not tested external access. (will use a free proxy server to test)

  9. #9
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Please open a new thread and not one that is two years old ! When you do please post
    Code:
    cat /etc/hosts
    cat /etc/resolv.conf
    dig yourdomain mx
    dig yourdomain any
    host `hostname` <- note backticks and not single quotes


LinkBacks (?)

  1. 11-28-2007, 06:51 PM
  2. 08-04-2007, 02:00 AM
  3. 07-26-2007, 10:15 PM
  4. 07-19-2007, 06:18 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. :( DNS Lookup issues
    By jhgutierrezg in forum Administrators
    Replies: 3
    Last Post: 05-30-2007, 08:00 AM
  2. ZCS ROCKS! Need some DNS help!
    By SiteDiscovery in forum Administrators
    Replies: 9
    Last Post: 12-30-2006, 10:50 PM
  3. DNS in a nutshell part two (For dummies)
    By daimer77 in forum Installation
    Replies: 4
    Last Post: 12-18-2006, 06:28 PM
  4. DNS Strategies and Best Practices, and a SLES10 Request
    By LMStone in forum Administrators
    Replies: 4
    Last Post: 10-14-2006, 07:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •