Results 1 to 9 of 9

Thread: [SOLVED] DNS Problems, Maybe I'm just stupid.

  1. #1
    Mad Professor is offline Intermediate Member
    Join Date
    Jun 2008
    Posts
    21
    Rep Power
    7

    Default [SOLVED] DNS Problems, Maybe I'm just stupid.

    I'm trying to setup zimbra for personal use for the last month. Even tho I don't have a problem with installing it, its just that everytime I do install it, It complains about my domain "rebelfighter.no-ip.com" not pointing to my internal address which is 192.168.0.131.

    I assume that is the reason why I can't send or receive mail or the security certificates being questioned by firefox.

    I've read the wiki how to setup a split DNS and other articles across the web about setting up a full internal dns server, but I haven't got any of them to work.

    It just won't resolve my domain and there hostnames to the machine.

    I don't know what I'm doing wrong.
    I'm not sure whats wrong or where to look.

    Perhaps I need a full internal DNS, but all the articles I've read on setting up a DNS server have been very vague or are outdated.


    I'm trying to setup the DNS and Zimbra on the same machine.

    I'm using CentOS 5

    Target machine is mail.rebelfighter.no-ip.com at 192.168.0.131. 255.255.255.0

    Right now I'm doing a wipe and reload to start fresh.

    Any help appreciated.

    ~Mp

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,499
    Rep Power
    56

    Default

    As you are behind a NAT router you'll need a Split DNS set-up and you'll also need a correct /etc/hosts file.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Mad Professor is offline Intermediate Member
    Join Date
    Jun 2008
    Posts
    21
    Rep Power
    7

    Default

    yes, a d-link router.

    all right I'll try again with the split dns.

  4. #4
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    For it to work correctly, you should have an MX record, an A record resolving to the MX and an entry for reverse DNS.

  5. #5
    Mad Professor is offline Intermediate Member
    Join Date
    Jun 2008
    Posts
    21
    Rep Power
    7

    Default

    I don't fully understand this.
    2. Edit the /etc/named.conf file. (Substitute your fully-qualified server name for server.example.com in all cases, and if named runs in a chroot'ed directory /var/named/chroot, named.conf should be placed in /etc/named/chroot/etc/named.conf and you should create a symbolic link to /etc/named.conf.)
    Does it want me to create named.conf in /var/named/chroot/etc/ ?

    Because /var/named/chroot/etc/named/chroot doesn't exist.


    I'm about to create the named.conf
    Please correct me if I'm wrong, I don't know if it should be "mail.rebelfighter.no-ip.com" or just plain "rebelfighter.no-ip.com"

    // Default named.conf generated by install of bind-9.2.4-2
    options {
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    forwarders { 208.67.222.222; 208.67.220.220; };
    };
    include "/etc/rndc.key";
    // We are the master server for mail.rebelfighter.no-ip.com
    zone "mail.rebelfighter.no-ip.com" {
    type master;
    file "mail.rebelfighter.no-ip.com.zone";
    };
    The mail.rebelfighter.no-ip.com.zone
    I think its missing the TTL entry.
    ;
    ; Addresses and other host information.
    ;
    @ IN SOA mail.rebelfighter.no-ip.com. admin.mail.rebelfighter.no-ip.com (
    10118 ; Serial
    43200 ; Refresh
    3600 ; Retry
    3600000 ; Expire
    2592000 ) ; Minimum
    ; Define the nameservers and the mail servers
    IN NS 192.168.0.131
    IN A 192.168.0.131
    IN MX 10 mail.rebelfighter.no-ip.com
    /etc/hosts

    This is the unmodified file:
    #Do not remove the following line, or various programs
    #that require network functionality will fail.
    127.0.0.1 mail.rebelfighter.no-ip.com mail
    localhost.localdomain localhost
    ::1 localhost6.localdomain6 localhost6

    Not sure if I put my external or internal IP address. I will assume internal.
    Changes
    #Do not remove the following line, or various programs
    #that require network functionality will fail.
    127.0.0.1 mail.rebelfighter.no-ip.com mail
    192.168.0.131 mail.rebelfighter.no-ip.com
    localhost.localdomain localhost
    ::1 localhost6.localdomain6 localhost6
    Last edited by Mad Professor; 06-09-2008 at 09:18 AM.

  6. #6
    Mad Professor is offline Intermediate Member
    Join Date
    Jun 2008
    Posts
    21
    Rep Power
    7

    Default

    Ok so I followed this guide from Sébastien Wains » CentOS 5 : chroot DNS with bind

    When I do nslookup I get my internal ips now along with Record A and MX from the machine.

    Now when I do NSlookup on a different computer with a different DNS provider, I get my external ip.

    Have I setup my split dns correctly?

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,499
    Rep Power
    56

    Default

    Did you modify the /etc/hosts file to your example above? If you did it's incorrect, it should be in this format:
    Code:
    127.0.0.1 localhost.localdomain localhost
    192.168.0.131 mail.rebelfighter.no-ip.com  mail
    If you're getting an incorrect IP address from another PC then you are not using the correct DNS server for resolution, you use the one on your LAN to resolve LAN addresses.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Mad Professor is offline Intermediate Member
    Join Date
    Jun 2008
    Posts
    21
    Rep Power
    7

    Default

    named.conf
    Code:
    // we assume our server has the IP 192.168.254.207 serving the 192.168.254.0/24 subnet
    controls {
            inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
            inet 192.168.0.131 allow { 192.168.0.0/24; } keys { "rndckey"; };
    };
    
    options {
            directory "/var/named";
            pid-file "/var/run/named/named.pid";
    
            recursion yes;
    
            allow-recursion {
                    127.0.0.1;
                    192.168.0.0/24;
                    };
    
            // these are the opendns servers (optional)
            forwarders {
                    208.67.222.222;
                    208.67.220.220;
            };
    
            listen-on {
                    127.0.0.1;
                    192.168.0.131;
                    };
    
            /*
             * If there is a firewall between you and nameservers you want
             * to talk to, you might need to uncomment the query-source
             * directive below.  Previous versions of BIND always asked
             * questions using port 53, but BIND 8.1 uses an unprivileged
             * port by default.
             */
            query-source address * port 53;
    
            // so people can't try to guess what version you're running
            version "REFUSED";
    
            allow-query {
                    127.0.0.1;
                    192.168.0.0/24;
                    };
            };
    
    server 192.168.0.131 {
            keys { rndckey; };
            };
    
    zone "." IN {
            type hint;
            file "named.ca";
            };
    
    // we assume we have a slave dns server with the IP 192.168.254.101
    zone "rebelfighter.no-ip.com" IN {
            type master;
            file "data/rebelfighter.no-ip.com.zone";
            allow-update { none; };
            allow-transfer { 192.168.0.131; };
            };
    rebelfighter.no-ip.com.zone
    Code:
    $ttl 38400
    rebelfighter.no-ip.com. IN SOA  ns.rebelfighter.no-ip.com. admin.rebelfighter.no-ip.com. (
                           2007020400   ; Serial
                           10800           ; Refresh after 3 hours
                           3600            ; Retry after 1 hour
                           604800          ; Expire after 1 week
                           86400 )         ; Minimum TTL of 1 day
    rebelfighter.no-ip.com.       	IN      NS    ns.rebelfighter.no-ip.com.
    rebelfighter.no-ip.com.    	IN      MX  10   rebelfighter.no-ip.com.
    rebelfighter.no-ip.com.      	IN      A       192.168.0.131
    ns.rebelfighter.no-ip.com.      IN      A       192.168.0.131
    mail.rebelfighter.no-ip.com.	IN	CNAME	rebelfighter.no-ip.com.
    /etc/hosts
    Code:
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1	localhost.localdomain	localhost
    192.168.0.131 rebelfighter.no-ip.com
    ::1	localhost6.localdomain6	localhost6
    If you see anything wrong let me know.

    I can send and receive emails.

    Now the only problem is the Security Certifcate, but I think thats due to the self signing and not having it commercially signed.

    I'm going to keep fiddiling with it.

  9. #9
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Quote Originally Posted by Mad Professor View Post
    Ok so I followed this guide from Sébastien Wains » CentOS 5 : chroot DNS with bind

    When I do nslookup I get my internal ips now along with Record A and MX from the machine.

    Now when I do NSlookup on a different computer with a different DNS provider, I get my external ip.

    Have I setup my split dns correctly?
    Probably. The whole purpose of split DNS is so your Zimbra server resolves to itself and doesn't try to go to the public IP that everybody else sees. I should be able to look up your domain (from the outside world) and see only your public IP address. Your Zimbra server should see only its own internal address. That's the essence of split DNS.

    As Bill alluded though, the PCs on your LAN may need to resolve to either the same internal address as your Zimbra server (if it's actually on the LAN subnet) or even to another (third) ip address altogether if the server is on a DMZ and depending how you handle routing from LAN to DMZ. So depending on which of these scenarios mirrors your setup, you may need to point your LAN pcs to either the Zimbra DNS (the one on the Zimbra box) or have your internal LAN DNS point to the Zimbra server's internal address.

    In my case, in addition to regular split DNS, I have the DNS server on my Active Directory pointing to the Zimbra box on the DMZ, not the public IP.

    Hope this helps,
    Cheers,

    Dan

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 12-25-2007, 09:00 AM
  2. :( DNS Lookup issues
    By jhgutierrezg in forum Administrators
    Replies: 3
    Last Post: 05-30-2007, 08:00 AM
  3. Replies: 3
    Last Post: 01-09-2007, 01:24 AM
  4. DNS in a nutshell part two (For dummies)
    By daimer77 in forum Installation
    Replies: 4
    Last Post: 12-18-2006, 06:28 PM
  5. DNS Strategies and Best Practices, and a SLES10 Request
    By LMStone in forum Administrators
    Replies: 4
    Last Post: 10-14-2006, 07:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •