[SOLVED] Is Zimbra Desktop hard coded to use another DNS?

[frankman]

I've installed zdesktop_0_91_build_1344_win32.exe and ZoneAlarm (v7).

Every time I startup zdesktop, ZoneAlarm tells me zdesktop is trying to access 216.154.194.103 for DNS. When I deny the request, zdesktop stays offline.

Why is it using another DNS other than what shows up in "ipconfig /all" ?

[uxbod]

Are you receiving any sort of e-paper from elliottwave.com that contains images ? It maybe that ZCD is looking up that address.

[frankman]

Thanks for responding, uxbod.

None that i know of. The alert comes up during the splash screen. So I'd expect that it shouldn't be doing any lookups for images.

If it's doing an DNS lookup at that address, shouldn't the request be made to the DNS server indicated in "ipconfig /all" and in turn that DNS server queries whichever authoritative server, not zdesktop itself? Or does the name server say, "I'm not the authority for that domain, but here's the DNS server for him" and zdesktop connects to the that outside DNS server?

I do notice that the ip address for DNS request changes. I rebooted and now it's looking for 207.46.17.61 on port 53. I've denied it and although zdesktop is running, it's still offline (as indicated with the red square next to "New Folder" on the upper right.

A user has almost 2GB of mail and stopped it during the syncing (had to shutdown the machine). I can't seem to get to try syncing again. Clicking the red square doesn't do anything. How do you get zdesktop to retry

So to summarize, I think I have 2 questions:
1. Why is zdesktop making DNS requests to another DNS server instead of what the OS tells it to use?
2. How to get zdesktop back online and resume syncing?

I'm wondering if the different DNS server lookup question is related to zdesktop not resuming to sync/staying off line.

[frankman]

I tried clicking Send/Receive and the red square icon turned into the spinning spiked wheel with a "running" status, but went back to the red "offline" square status.

I decided to resync by going ahead by deleting and recreated the account. When I enter the Zimbra Account setup window and clicking save after entering the acct info, it's now trying to access 66.150.96.119 for DNS.

Maybe my understanding of DNS is wrong, but I still don't get why zdesktop makes DNS requests to outside DNS servers.

[jjzhuang]

we don't hardcode any dns server. if it's trying to reach a particular dns server, it must be given by your system.

[dwmtractor]

I'd do a good hard scan for spyware/trojans if I were you. Zimbra doesn't do this natively, and if something is trying to hit other DNS, it's other than Zimbra software.

[uxbod]

Shutdown ZCD completely including the service and see if the DNS requests persist. As dwmtractor has said perform a *very* hard scan.

[frankman]

Thanks guys.

I've shutdown ZCD completely including the service and it did persist even after a reboot. I deleted the account in ZCD, recreated it, and let it sync/download the account this time in its entirety (I have 2GB+ for my inbox and let it run yesterday and overnight.). zdesktop.exe finally made a request to the proper DNS server (as alerted by Zonealarm).

ZoneAlarm alerted that other apps, such as jusched.exe and WindowsUpdate (some IP address i didn't write now) and others (I downloaded ClamAV, ran Freshclam.exe just now and it tried to access 74.125.102.36 on the DNS port).

So based on jjzhuang's reply and other apps having similiar behavior, I believe this isn't a Zimbra Desktop issue at all.

When an app wants to resolve a domain name to an IP, I thought the IP info is passed to each in the chain. I had thought an app asks the OS, the OS asks its local DNS server, the local DNS server finds and asks the authorative DNS server and sends the info back, linearly to the app (ie. local DNS servers says "Hey OS, I got the IP from the authorativative DNS server." And the OS says, "Hey app, I got the IP from our DNS server." Visually:
app <--> OS <--> local DNS server <--> authorative DNS

But it seems like the local DNS server is saying, "Hey OS, I don't know. It isn't me, ask that DNS server." and the OS tells the app, "go ask that DNS server." Please correct me if I'm wrong, but that doesn't sound right, because the local DNS server needs to cache the info anyways when asked again.

[dwmtractor]

You're on the right track, frankman. The problem is that some spyware, adware, and viruses hack your computer's usual DNS lookup to point to other, non-standard DNS servers as authoritative. By doing this they can track your requests, and redirect certain requests to their selected sites, whether for marketing, or more nefarious schemes like phishing. The very fact that ANY DNS queries on your system are being redirected like this is cause for serious concern.

This is why uxbod and I have expressed so strongly the need for you to do a security audit of your system. The ways it can have been compromised are many, from a replacement of one of the TCP/IP dlls, to hacking your local hosts file, to putting certain search settings into various areas of your registry, to a variety of other things I probably don't even know. But this sort of non-standard behavior (which is admittedly extremely hard to debug) cannot be an indication of anything good.

[frankman]

Thanks Dan. I appreciate the response and completely agree with it.

To close this thread, I ended up wiping the disk and installed Ubuntu 8.10. I figure, if a virus/trojan/whatever is found, I'll have to wipe it anyways. If I don't, then this behavior is just not acceptable for the reasons already pointed out. So this gave me a chance to try out Ubuntu and I am impressed with it's "snappiness." (Hope they add an easy GUI control for dual monitor support.) I've added iptables rules to help ensure the proper DNS server is being queried.

I've downloaded and am checking out Zimbra Desktop for linux (mainly because I need alerts and am too lazy to configure free/busy, calendar, etc. in Evolution). Zimbra Desktop still syncing the mailbox but it's syncing much, much faster than the Windows version. yay!