Still fighting with Split DNS

[frankb]

Hi, have been fighting with having to setup Split DNS. I am probably making it more difficult than it should be however I am now following the Zimbra help document Making Bind Work and I can get as far as Part 2 where it starts to discuss the named.conf file. It states that I should have a named.conf located in the /etc folder however I don't. I have verified that all packages needing to be installed are installed as described in Part 1. I have searched my system and have found a named.conf file in the following locations:

/usr/share/doc/bind-9.3.3/sample/etc/named.conf
/usr/share/logwatch/default.conf/services/named.conf
/etc/dbus-1/system.d/named.conf

I am using a fully upgraded CentOS 5 64 bit distro and "hopefully" the latest 64 bit version of Zimbra for RHEL 5.

I have looked at the sample file located /usr/share/doc/bind-9.3.3/sample/etc/named.conf and the first steps in Part 2 of the help document talks about editing the localhost zone and provides how the file should be formated. This sample named.conf is not formated like that. It has sections with slave zones and ddns internal zone which are not referenced in the help document at all.

What should I do?? Is there a named.conf sample somewhere that goes with the help document referenced above??

HELP!!!
Frank

[jholder]

Do you have chroot installed?
If so, go ahead and remove it.

[frankb]

Hi,

Well I have gotten a little farther. What I have done is used the help document referenced above but used the sample named.conf and db.server.example.com from the Split DNS help document and I can get DNS locally. However I have 2 problems. First off I believe that I am setting it up to receive mail at mail.servername.com instead of just servername.com (and I want it to only be servername.com) and my 2nd issue is that my Zimbra install fails on loading ldap. Please see my log file below:

Getting installed packages
checking isEnabled zimbra-core
zimbra-core not in enabled cache
enabled packages
Newinstall enabling all installed packages
Enabling zimbra-core
Enabling zimbra-ldap
Enabling zimbra-store
Enabling zimbra-mta
Enabling zimbra-snmp
Enabling zimbra-logger
Enabling zimbra-apache
Enabling zimbra-spell
Setting defaults...
Setting local config zimbra_java_home to /opt/zimbra/java
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_java_home='/opt/zimbra/java'
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-ldap
zimbra-ldap is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-mta
zimbra-mta is enabled
MX: mail.velocitaonline.com (192.168.0.52)

Interface: 192.168.0.52
Interface: 127.0.0.1
Done
checking isEnabled zimbra-ldap
zimbra-ldap is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-mta
zimbra-mta is enabled
checking isEnabled zimbra-mta
zimbra-mta is enabled
checking isEnabled zimbra-spell
zimbra-spell is enabled
Checking for port conflicts
checking isEnabled zimbra-ldap
zimbra-ldap is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-logger
zimbra-logger is enabled
checking isEnabled zimbra-mta
zimbra-mta is enabled
checking isEnabled zimbra-ldap
zimbra-ldap is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
Global config attribute retrieved from ldap: zimbraSpamIsSpamAccount=
Global config attribute retrieved from ldap: zimbraSpamIsNotSpamAccount=
Global config attribute retrieved from ldap: zimbraNotebookAccount=
checking isEnabled zimbra-mta
zimbra-mta is enabled
checking isEnabled zimbra-snmp
zimbra-snmp is enabled
checking isEnabled zimbra-spell
zimbra-spell is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-ldap
zimbra-ldap is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-mta
zimbra-mta is enabled
checking isEnabled zimbra-snmp
zimbra-snmp is enabled
checking isEnabled zimbra-spell
zimbra-spell is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-ldap
zimbra-ldap is enabled
checking isEnabled zimbra-store
zimbra-store is enabled
checking isEnabled zimbra-mta
zimbra-mta is enabled
checking isEnabled zimbra-snmp
zimbra-snmp is enabled
checking isEnabled zimbra-spell
zimbra-spell is enabled
Saving config in /opt/zimbra/config.3439...
Done
Operations logged to /tmp/zmsetup.log.3439
Setting local config values...
Setting local config zimbra_server_hostname to mail.velocitaonline.com
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_server_hostname='mail.velocitaonline.com'
Setting local config ldap_master_url to ldap://mail.velocitaonline.com:389
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_master_url='ldap://mail.velocitaonline.com:389'
Setting local config ldap_url to ldap://mail.velocitaonline.com:389
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_url='ldap://mail.velocitaonline.com:389'
Setting local config ldap_port to 389
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_port='389'
Setting local config ldap_host to mail.velocitaonline.com
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_host='mail.velocitaonline.com'
Setting local config zimbra_uid to 500
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_uid='500'
Setting local config zimbra_gid to 503
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_gid='503'
Setting local config zimbra_user to zimbra
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_user='zimbra'
Setting local config tomcat_truststore_password to changeit
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e tomcat_truststore_password='changeit'
Setting local config tomcat_keystore_password to PyzJizkBNO
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e tomcat_keystore_password='PyzJizkBNO'
Setting local config av_notify_user to admin@mail.velocitaonline.com
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e av_notify_user='admin@mail.velocitaonline.com'
Setting local config ssl_allow_untrusted_certs to TRUE
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ssl_allow_untrusted_certs='TRUE'
Setting local config mysql_memory_percent to 30
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e mysql_memory_percent='30'
Setting local config tomcat_java_heap_memory_percent to 40
*** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e tomcat_java_heap_memory_percent='40'
Done
Setting up CA...
*** Running as zimbra user: cd /opt/zimbra; zmcreateca
** Creating CA private key

Generating a 1024 bit RSA private key
..++++++
........++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
-----
** Creating CA cert

Signature ok
subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
Getting Private key
unable to write 'random state'
Done
Creating SSL certificate...
checking isEnabled zimbra-store
zimbra-store is enabled
*** Running as zimbra user: cd /opt/zimbra; zmcreatecert
** Importing CA

Certificate was added to keystore
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
.................................................. ...........++++++
...................++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
11:95:51:08:64
Validity
Not Before: Nov 19 22:21:07 2007 GMT
Not After : Nov 18 22:21:07 2008 GMT
Subject:
countryName = US
stateOrProvinceName = N/A
organizationName = Zimbra Collaboration Suite
commonName = mail.velocitaonline.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
32:F7:6B:8A:23:20:3B:49:91:C81:78:CD:F5:F7:3B:C7 :A1:F4:3B
X509v3 Authority Key Identifier:
DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
serial:C3:49:68:18:92:B4:B6:A7

X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Certificate is to be certified until Nov 18 22:21:07 2008 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=mail.velocitaonline.com
Getting CA Private Key
unable to write 'random state'
checking isEnabled zimbra-ldap
zimbra-ldap is enabled
checking isEnabled zimbra-mta
zimbra-mta is enabled
*** Running as zimbra user: cd /opt/zimbra; zmcreatecert
** Importing CA

Certificate was added to keystore
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
............................++++++
.....++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
11:95:51:08:68
Validity
Not Before: Nov 19 22:21:11 2007 GMT
Not After : Nov 18 22:21:11 2008 GMT
Subject:
countryName = US
stateOrProvinceName = N/A
organizationName = Zimbra Collaboration Suite
commonName = mail.velocitaonline.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
99:6E6:EF:22:27:201:98:BB:2B:2F:84:C2:70:06:1C :57:FE:92
X509v3 Authority Key Identifier:
DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
serial:C3:49:68:18:92:B4:B6:A7

X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Certificate is to be certified until Nov 18 22:21:11 2008 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=mail.velocitaonline.com
Getting CA Private Key
unable to write 'random state'
Done
checking isEnabled zimbra-ldap
zimbra-ldap is enabled
Initializing ldap...
*** Running as zimbra user: /opt/zimbra/libexec/zmldapinit
FAILED (1)


ERROR



Configuration failed

Please address the error and re-run /opt/zimbra/libexec/zmsetup.pl to
complete the configuration.

Errors have been logged to /tmp/zmsetup.log.3439

Thanks for your assistance!!!!!!!!!!!!!!

[frankb]

Here also some of my config file for your review:

named.conf
// Default named.conf generated by install of bind-9.2.4-2
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forwarders { 192.168.0.1 ; };
};
include "/etc/rndc.key";
// We are the master server for mail.velocitaonline.com
zone "mail.velocitaonline.com" {
type master;
file "db.mail.velocitaonline.com";
};

My db.mail.velocitaonline.com zones file
;
; Addresses and other host information.
;
@ IN SOA mail.velocitaonline.com. hostmaster.mail.velocitaonline.com. (
10118 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
; Define the nameservers and the mail servers
IN NS 192.168.0.52
IN A 192.168.0.52
IN MX 10 mail.velocitaonline.com.


my resolve.conf file

search velocitaonline.com
nameserver 192.168.0.52

my hosts file
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.52 mail.velocitaonline.com mail


I hope this extra info helps!!!!!!!!!!!!!!!!!!
Frank

[dwmtractor]

I think you may be running into some of the differences in syntax and file conventions between bind (which is mostly documented in the docs you're referencing) and bind9, which you are obviously using. Some stuff has changed. This wiki, although mostly about installing on Ubuntu, starts with a step-by-step config that is specific to bind9, and it has some of the options in different places than you do.

Specifically I see a difference in the latter part of your db file:

Quote:

; Define the nameservers and the mail servers
IN NS 192.168.0.52
IN A 192.168.0.52
IN MX 10 mail.velocitaonline.com.

In order to get my setup to work, I had to have the IN NS line refer to the hostname, not the ip, and then the ip was in an IN A record, like this:

Quote:

;
@ IN NS mail
IN MX 10 mail
IN A xxx.xxx.xxx.xxx
mail IN A xxx.xxx.xxx.xxx

I also see that some of the things you have in named.conf I have in named.conf.options, but whether that is optional (so to speak ) or not is more than I can say.

[soxfan]

Quote:

First off I believe that I am setting it up to receive mail at mail.servername.com instead of just servername.com (and I want it to only be servername.com)

To fix this change the zone in your named.conf file from mail.servername.com to servername.com

Just a tip. When you post config files and log files it's best to put them inside a 'code' tag. I know I find it easier to follow, and others have mentioned the same thing in other threads.