[SOLVED] New install of 5.0.6 and subdomain v domain problem

[jason]

My past posts were prepping me for going live with network edition of 5.0.6. So this past Friday, I finally was able to install 5.0.6 network on RHEL 5.2x64. Yes I made it after adding a few rpms, but the install is of the subdomain, and not the domain that I wanted. I of course scoured the lists and saw many similar posts, but am asking for expert guidance to fix what I have, or reinstall.

Details...
Hosts file is correct: 127.0.0.1 local.... then below it, 10.1.x.x java.domain.org (java is my my server's host name). No problem there. But the install script could not find an MX record.
I created one, as the internal server points to our AD DNS. The record is (10) 10.1.x.x java.domain.org. Our existing mailserver is (0) 10.1.x.x mail.domain.org. So is it possible that on install, the script did the NS lookup and found the (0) record, saw that it was not the right IP, and then did not query further? If id did query further, surely it would have found the (10) 10.1.x.x java.domain.org record.

I want my server to operate under 1 domain, the domain.org domain. Should I have set it in DNS to (0) for the install and then later back to (10)? Once Zimbra is live, we will accordingly kill the other server and replace the MX for 'java' to (0).

-----------

In the admin console, on server status (of which I have to login as admin@java.domain.org (when I planned to have admin@domain.org), I have a Red X on the MTA. Would this be tied to all of this?

-----------

So I am prepared to do the install -u option, if that is the best and change (for the purpose of the install) the MX to (0), but I thought maybe the esperts have seen this about a few hundred times and point me in the correct direction??

I did add a second domain, to be domain.org, but the Certs, postmaster, reports, spam/ham accts., etc..... all are pointing to the subdomain (of the hostname), so this worries me. I have to start right, not start with fixes. I am very excited to go live for our staff, but need the 'java.domain.org' instance to be for 'domain.org'.

I hope I gave all the details. If something is missing, please let me know. I will post back.

Thank you for all your help. Looking forward to the new install!!!!
-Jason

[phoenix]

There are many answers in the forums covering this type of problem.To start, post the output of the following commands (run on the zimbra server):

Code:

host `hostname`  <-- use backticks not single quotes
dig yourdomain.com any
dig yourdomain.com mx
cat /etc/hosts
cat /etc/resolv.conf

Are you behind a NAT router? If you are do you have a Split DNS set-up?

[jason]

Thank you Bill for the reply.
Here are our details:
-Our Zimbra RHEL server ('java') is behind the NAT firewall.
-Our internal ActiveDirectory DNS, knows it as (A) java.domain.org at 10.1.x.x
-Also has an MX for the domain.org (10) pointing to it's correct IP.
-Has a lower (0) MX to our live mail server (exchange).
Based on reading the link you posted, it would seem that the MTA would get the live server 1st, and that probably is the error, as internally, MX records are there, but sounds like not in the proper order.
Externally, the public MX record goes to our spam box, then the spam box to our live mailserver.
The 'java' server has Internal DNS ips, so It would never go outbound to find the MX.
I have a hunch that the priority records for the 2 MX records, needed to be reversed for the install script. Would you think so, or am I way off?

If so, I am thinking better to change them on Monday (still Sunday here), and do a reinstall, BUT 1st do a nslookup from 'java' to ensure it see 'java' as the lowest record for our domain - (found that info somewhere in the searches from the forum/wiki).

When I get into work, I'll throw those commands 1st that you mentioned to see what comes back. Then nslookup and report back.
-Jason

[phoenix]

Is this going to be a scenario where you run in parallel with the Exchange server and is it a migration? If it is, you might want to look at the Split Domain as well. Don't worry about this for now as you can set it up after the Zimbra server is working.

[jason]

I forgot to add (for clarification):
- We never query our ISP's DNS servers, we use internal DNS, which has forwarders, thus they do the lookups and reply back. This is why I am thinking that since we are internal only on DNS, that we would never need a split DNS setup.

-On your reply to the scenoario.... exchange is going down, once we get zimbra up, so...

a) get zimbra going, add accounts, distro groups, etc...., then a magic day to the new server cutover is approaching.
b) dump the MX of the old exchange server and stop its smtp. I won't be running both. We'll point the spam box to zimbra at that time.

Having said all this, does it look like the script MX lookup would have seen (0) exisitng mail server, and not did a second lookup for (10) java - the zimbra server?

I am not sure if the MX lookup is part of the script, or Postfix doing the lookup, so I do not know what to expect.

Thank you as always for your guidance. I try not to ask dumb questions and always look/search for as much as I can before.

[phoenix]

Quote:

Originally Posted by jason

I forgot to add (for clarification):
- We never query our ISP's DNS servers, we use internal DNS, which has forwarders, thus they do the lookups and reply back. This is why I am thinking that since we are internal only on DNS, that we would never need a split DNS setup.

That is a Split DNS set-up already. I just need to see the information from the commands to check that it's OK. You will probably find it easier to uninstall Zimbra then re-install to get your domain name set correctly but let's check the dns etc. first.

[jason]

Oh No....
Well here is my plan for Monday:
a) run your commands and post back
b) uninstall
c) change MX order in my DNS (for install purposes)
d) nslookup to verify
e) install again

Hope it works. If so, the domain.org will be right and we will be ready for the cutover.

Thank you so much for the guidance!!!!

[jason]

Bill,
Here is the output:
[root@java ~]# host 'java'
java.domain.org has address 10.1.18.1
[root@java ~]# dig domain.org any

; <<>> DiG 9.3.4-P1 <<>> domain.org any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10332
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 20, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;domain.org. IN ANY

;; ANSWER SECTION:
domain.org. 3600 IN MX 0 mail.domain.org.
domain.org. 3600 IN MX 10 java.domain.org.


;; Query time: 5331 msec
;; SERVER: 10.1.5.32#53(10.1.5.32)
;; WHEN: Mon Jun 30 10:12:42 2008
;; MSG SIZE rcvd: 511

[root@java ~]# dig domain.org mx

; <<>> DiG 9.3.4-P1 <<>> domain.org mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56040
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;domain.org. IN MX

;; ANSWER SECTION:
domain.org. 3600 IN MX 0 mail.domain.org.
domain.org. 3600 IN MX 10 java.domain.org.

;; ADDITIONAL SECTION:
mail.domain.org. 1200 IN A 10.1.0.20
java.domain.org. 3600 IN A 10.1.18.1

;; Query time: 0 msec
;; SERVER: 10.1.5.32#53(10.1.5.32)
;; WHEN: Mon Jun 30 10:12:59 2008
;; MSG SIZE rcvd: 101

[root@java ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
10.1.18.1 java.domain.org java
::1 localhost6.localdomain6 localhost6
[root@java ~]# cat /etc/resolv.conf
search domain.org
nameserver 10.1.5.32
nameserver 10.1.0.10

'domain' is an alias of course, for our original

[jason]

Updates:
-Uninstalled Zimbra
-Set local DNS MX for the zimbra server ('java') to (0) and the live mail server to (50).
-Verified from 'java' that the MX records were correct upon reboot (0) java.domain.org.
-Installed again, had the same MX problem popup for domain.org, so I did change the domain name to 'domain.org' at that prompt (so it would not use java.domain.org).
-everything else went smooth, Admin console is up and all is correct for 'domain.org' now, BUTTTT I still have the Red X on the MTA. I am working on that right now/searcching for answers in the docs/forums.

-------

running zmcontrol status (all but mta are running)
running zmmtactl status - comes back with:
-MTA Stopped > postfix not running > saslauthd is running with PID 12766
I am now searching for help on this.

[jason]

OK, spent a day learning about split dns, almost installed it, then came onto a linuxquestion.org post about bind, and a post mentioned using webmin to do the config of bind. Loaded webmin and what did I find, sendmail was running. I did not install it from the start, but it must be part of the rhel5 core distro. Even found the install guide for zimbra that said to disable it. So I did so and prevent it from starting up, then restart server.
loginto the admin interface and voila, MTA is running. I sent an email from that account to a public account and it made it.
So far it looks like our internal DNS is working behind the firewall without split-dns, of which I am sooooo happy. For now everything appears to be 100%, so I will close this post. Bill, thank you for all your help up to this.!!!