[SOLVED] DNS Problems, Maybe I'm just stupid.

[Mad Professor]

I'm trying to setup zimbra for personal use for the last month. Even tho I don't have a problem with installing it, its just that everytime I do install it, It complains about my domain "rebelfighter.no-ip.com" not pointing to my internal address which is 192.168.0.131.

I assume that is the reason why I can't send or receive mail or the security certificates being questioned by firefox.

I've read the wiki how to setup a split DNS and other articles across the web about setting up a full internal dns server, but I haven't got any of them to work.

It just won't resolve my domain and there hostnames to the machine.

I don't know what I'm doing wrong.
I'm not sure whats wrong or where to look.

Perhaps I need a full internal DNS, but all the articles I've read on setting up a DNS server have been very vague or are outdated.


I'm trying to setup the DNS and Zimbra on the same machine.

I'm using CentOS 5

Target machine is mail.rebelfighter.no-ip.com at 192.168.0.131. 255.255.255.0

Right now I'm doing a wipe and reload to start fresh.

Any help appreciated.

~Mp

[phoenix]

As you are behind a NAT router you'll need a Split DNS set-up and you'll also need a correct /etc/hosts file.

[Mad Professor]

yes, a d-link router.

all right I'll try again with the split dns.

[Bill Brock]

For it to work correctly, you should have an MX record, an A record resolving to the MX and an entry for reverse DNS.

[Mad Professor]

I don't fully understand this.

Quote:

2. Edit the /etc/named.conf file. (Substitute your fully-qualified server name for server.example.com in all cases, and if named runs in a chroot'ed directory /var/named/chroot, named.conf should be placed in /etc/named/chroot/etc/named.conf and you should create a symbolic link to /etc/named.conf.)

Does it want me to create named.conf in /var/named/chroot/etc/ ?

Because /var/named/chroot/etc/named/chroot doesn't exist.


I'm about to create the named.conf
Please correct me if I'm wrong, I don't know if it should be "mail.rebelfighter.no-ip.com" or just plain "rebelfighter.no-ip.com"

Quote:

// Default named.conf generated by install of bind-9.2.4-2
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forwarders { 208.67.222.222; 208.67.220.220; };
};
include "/etc/rndc.key";
// We are the master server for mail.rebelfighter.no-ip.com
zone "mail.rebelfighter.no-ip.com" {
type master;
file "mail.rebelfighter.no-ip.com.zone";
};

The mail.rebelfighter.no-ip.com.zone
I think its missing the TTL entry.

Quote:

;
; Addresses and other host information.
;
@ IN SOA mail.rebelfighter.no-ip.com. admin.mail.rebelfighter.no-ip.com (
10118 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
; Define the nameservers and the mail servers
IN NS 192.168.0.131
IN A 192.168.0.131
IN MX 10 mail.rebelfighter.no-ip.com

/etc/hosts

This is the unmodified file:

Quote:

#Do not remove the following line, or various programs
#that require network functionality will fail.
127.0.0.1 mail.rebelfighter.no-ip.com mail
localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

Not sure if I put my external or internal IP address. I will assume internal.
Changes

Quote:

#Do not remove the following line, or various programs
#that require network functionality will fail.
127.0.0.1 mail.rebelfighter.no-ip.com mail
192.168.0.131 mail.rebelfighter.no-ip.com
localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

[Mad Professor]

Ok so I followed this guide from Sébastien Wains » CentOS 5 : chroot DNS with bind

When I do nslookup I get my internal ips now along with Record A and MX from the machine.

Now when I do NSlookup on a different computer with a different DNS provider, I get my external ip.

Have I setup my split dns correctly?

[phoenix]

Did you modify the /etc/hosts file to your example above? If you did it's incorrect, it should be in this format:

Code:

127.0.0.1 localhost.localdomain localhost
192.168.0.131 mail.rebelfighter.no-ip.com  mail

If you're getting an incorrect IP address from another PC then you are not using the correct DNS server for resolution, you use the one on your LAN to resolve LAN addresses.

[Mad Professor]

named.conf

Code:

// we assume our server has the IP 192.168.254.207 serving the 192.168.254.0/24 subnet
controls {
        inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
        inet 192.168.0.131 allow { 192.168.0.0/24; } keys { "rndckey"; };
};

options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";

        recursion yes;

        allow-recursion {
                127.0.0.1;
                192.168.0.0/24;
                };

        // these are the opendns servers (optional)
        forwarders {
                208.67.222.222;
                208.67.220.220;
        };

        listen-on {
                127.0.0.1;
                192.168.0.131;
                };

        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        query-source address * port 53;

        // so people can't try to guess what version you're running
        version "REFUSED";

        allow-query {
                127.0.0.1;
                192.168.0.0/24;
                };
        };

server 192.168.0.131 {
        keys { rndckey; };
        };

zone "." IN {
        type hint;
        file "named.ca";
        };

// we assume we have a slave dns server with the IP 192.168.254.101
zone "rebelfighter.no-ip.com" IN {
        type master;
        file "data/rebelfighter.no-ip.com.zone";
        allow-update { none; };
        allow-transfer { 192.168.0.131; };
        };

rebelfighter.no-ip.com.zone

Code:

$ttl 38400
rebelfighter.no-ip.com. IN SOA  ns.rebelfighter.no-ip.com. admin.rebelfighter.no-ip.com. (
                       2007020400   ; Serial
                       10800           ; Refresh after 3 hours
                       3600            ; Retry after 1 hour
                       604800          ; Expire after 1 week
                       86400 )         ; Minimum TTL of 1 day
rebelfighter.no-ip.com.       	IN      NS    ns.rebelfighter.no-ip.com.
rebelfighter.no-ip.com.    	IN      MX  10   rebelfighter.no-ip.com.
rebelfighter.no-ip.com.      	IN      A       192.168.0.131
ns.rebelfighter.no-ip.com.      IN      A       192.168.0.131
mail.rebelfighter.no-ip.com.	IN	CNAME	rebelfighter.no-ip.com.

/etc/hosts

Code:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1	localhost.localdomain	localhost
192.168.0.131 rebelfighter.no-ip.com
::1	localhost6.localdomain6	localhost6

If you see anything wrong let me know.

I can send and receive emails.

Now the only problem is the Security Certifcate, but I think thats due to the self signing and not having it commercially signed.

I'm going to keep fiddiling with it.

[dwmtractor]

Quote:

Originally Posted by Mad Professor

Ok so I followed this guide from Sébastien Wains » CentOS 5 : chroot DNS with bind

When I do nslookup I get my internal ips now along with Record A and MX from the machine.

Now when I do NSlookup on a different computer with a different DNS provider, I get my external ip.

Have I setup my split dns correctly?

Probably. The whole purpose of split DNS is so your Zimbra server resolves to itself and doesn't try to go to the public IP that everybody else sees. I should be able to look up your domain (from the outside world) and see only your public IP address. Your Zimbra server should see only its own internal address. That's the essence of split DNS.

As Bill alluded though, the PCs on your LAN may need to resolve to either the same internal address as your Zimbra server (if it's actually on the LAN subnet) or even to another (third) ip address altogether if the server is on a DMZ and depending how you handle routing from LAN to DMZ. So depending on which of these scenarios mirrors your setup, you may need to point your LAN pcs to either the Zimbra DNS (the one on the Zimbra box) or have your internal LAN DNS point to the Zimbra server's internal address.

In my case, in addition to regular split DNS, I have the DNS server on my Active Directory pointing to the Zimbra box on the DMZ, not the public IP.

Hope this helps,