[SOLVED] Zimbra and Linux NOOB here! I know. I know SPLIT DNS!

[robcore3]

Hello to all.
Let me first explain that this is my first entry into the Open Source world. I am leaving the DarkSide of Micro-Squish! This being said here is what I am having trouble with:

I am unable to send email to and from external email accounts. However, I am able to send and receive emails to my MS Exchange server that resides on the internal network. Surprise. Surprise. Yes, it has to be SPLIT DNS. I have read the WIKI at least 100 times ( ok, maybe at least 15 ). It just doesn't make sense to me.

My environment:
OS - RHEL 5.0
Zimbra version: zcs-NETWORK-5.0.6_GA_2313.RHEL5.20080522094306
Server sits in the DMZ.
I am using CLI not the GUI
Email address: @core3access.com
Public IP MX: 208.14.183.136 NAT to DMZ IP: 192.168.1.127

The named.conf is not in the /etc/ folder. Do I make a copy of the file that resides in my cd /var/named/chroot/etc/ and move it to the /etc/ folder?

Then copy in the statement from the WIKI?

HELP!?!?!?!

These were run from the server:

[root@core3access etc]# host -t mx core3access.com
core3access.com mail is handled by 10 core3access.com.

; <<>> DiG 9.3.4-P1 <<>> core3access.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61118
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;core3access.com. IN MX

;; ANSWER SECTION:
core3access.com. 3600 IN MX 10 core3access.com.

;; ADDITIONAL SECTION:
core3access.com. 3600 IN A 192.168.1.76

;; Query time: 6 msec
;; SERVER: 172.16.0.24#53(172.16.0.24)
;; WHEN: Thu Aug 14 17:03:01 2008
;; MSG SIZE rcvd: 65

[robcore3]

Ok.. I believe I have made some headway tonight.

I was successful in creating the named.conf files. I was able to start the named as well (# /etc/init.d/named start)

I am able to perform my lookups.

[root@core3access ~]# nslookup
> core3access.com
Server: 192.168.1.127
Address: 192.168.1.127#53

Name: core3access.com
Address: 192.168.1.127


[root@core3access ~]# dig core3access mx

; <<>> DiG 9.3.4-P1 <<>> core3access mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60463
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;core3access. IN MX

;; AUTHORITY SECTION:
. 10063 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008081401 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 192.168.1.127#53(192.168.1.127)
;; WHEN: Thu Aug 14 21:36:02 2008
;; MSG SIZE rcvd: 104

There is a step in the Split DNS setup that I am unclear about now. Creating the symbolic links to point back to the files in CHROOT.

HELP!?!?!?!?! i am almost there!

[phoenix]

Forget the symbolic links for chroot for the moment, lets start from the beginning. Post the output of the following commands (run on the Zimbra server):

Code:

host `hostname`  <-- type as-is and use backticks not single quotes
cat /etc/resolv.conf
cat /etc/hosts
dig  core3access.com mx
dig  core3access.com any

Please also post the contents of your named.conf and the zone file.

[robcore3]

Hello Bill

Below are my results from what you requested.

[root@core3access /]# host `hostname`
core3access.com has address 192.168.1.127
core3access.com mail is handled by 10 core3access.com.

[root@core3access /]# cat /etc/resolv.conf
;search com
nameserver 192.168.1.127
#nameserver 192.168.1.22
#nameserver 172.17.0.30
#nameserver 172.16.0.24
#nameserver 192.168.1.21
search core3access.com

[root@core3access /]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 core3access.com mail localhost.localdomain localhost mail
192.168.1.127 core3access.com mail
208.14.183.136 core3access.com mail
172.16.0.25 core3inc.com mail
::1 localhost6.localdomain6 localhost6


[root@core3access /]# dig core3access.com mx

; <<>> DiG 9.3.4-P1 <<>> core3access.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44159
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;core3access.com. IN MX

;; ANSWER SECTION:
core3access.com. 2592000 IN MX 10 core3access.com.

;; AUTHORITY SECTION:
core3access.com. 2592000 IN NS 192.168.1.127.core3access.com.

;; ADDITIONAL SECTION:
core3access.com. 2592000 IN A 192.168.1.127

;; Query time: 1 msec
;; SERVER: 192.168.1.127#53(192.168.1.127)
;; WHEN: Fri Aug 15 08:45:42 2008
;; MSG SIZE rcvd: 93

[phoenix]

Your hosts file should contain the following:

Code:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost 
192.168.1.127 mail.core3access.com mail

You need an FQDN (Fully Qualified Domain Name) for the host, that consists of the host name (mail) plus the domain name (core3access.com) to give you the entry I've shown above.

You also don't need the additional IP entries in the hosts file )what are they, BTW?). You also appear to have incorrect external DNS records as it shows no A record, you should also change the entry to reflect the FQDN I've mentioned above. Check this DNS report.

Is this the only mail server in your installation? You also need to post the named.conf and the zone file.

[robcore3]

Hello Bill

I have made the adjustments to the /etc/hosts file per your instrucion.

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.127 mail.core3access.com mail

I did some work on our PUBLIC DNS. I have set the FQDN to mail.core3access.com. You should now be able to resolve external. All records should now display.

Those other IPs in the host file were IPs of the DNS servers and and internal Exchange server. I figured if I threw everything in there, I should be good. More info the better, right?? :-)

Yes, this is a single installation.

Now that I have changed the FQDN, my assumption is that now the NAMED.CONF and ZONE FILEwill need to change to reflect MAIL.CORE3ACCESS.COM ??

Below is the named.conf:
// Default named.conf generated by install of bind-9.2.4-2
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forwarders { 192.168.1.21 ; 192.168.1.22 ; };
};
include "/etc/rndc.key";
// We are the master server for core3access.com
zone "core3access.com" {
type master;
file "db.core3access.com";
};

Here is the Zone File:
; Addresses and other host information.
;
@ IN SOA core3access.com. hostmaster.core3access.com. (
10118 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
; Define the nameservers and the mail servers
IN NS 192.168.1.127
IN A 192.168.1.127
IN MX 10 core3access.com.

[phoenix]

OK, I can see the external DNS records seem fine. You need to change the MX record to be the FQDN of the server i.e.

Code:

IN MX 10 mail.core3access.com.

Make that change and restart BIND then run the commands I gave you earlier and see if the results are correct.

[robcore3]

Hello Bill

I have made the change and below are the results:

[root@core3access /]# host `hostname`
core3access.com has address 192.168.1.127
core3access.com mail is handled by 10 mail.core3access.com.

[root@core3access /]# cat /etc/resolv.conf
;search com
nameserver 192.168.1.127
#nameserver 192.168.1.22
#nameserver 172.17.0.30
#nameserver 172.16.0.24
#nameserver 192.168.1.21
search core3access.com

[root@core3access /]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.127 mail.core3access.com mail

[root@core3access /]# dig core3access.com mx

; <<>> DiG 9.3.4-P1 <<>> core3access.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56350
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;core3access.com. IN MX

;; ANSWER SECTION:
core3access.com. 2592000 IN MX 10 mail.core3access.com.

;; AUTHORITY SECTION:
core3access.com. 2592000 IN NS 192.168.1.127.core3access.com.

;; Query time: 2 msec
;; SERVER: 192.168.1.127#53(192.168.1.127)
;; WHEN: Fri Aug 15 10:53:57 2008
;; MSG SIZE rcvd: 82

[root@core3access /]# dig core3access.com any

; <<>> DiG 9.3.4-P1 <<>> core3access.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62451
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;core3access.com. IN ANY

;; ANSWER SECTION:
core3access.com. 2592000 IN SOA core3access.com. hostmaster.core3access.com. 10118 43200 3600 3600000 2592000
core3access.com. 2592000 IN NS 192.168.1.127.core3access.com.
core3access.com. 2592000 IN A 192.168.1.127
core3access.com. 2592000 IN MX 10 mail.core3access.com.

;; Query time: 1 msec
;; SERVER: 192.168.1.127#53(192.168.1.127)
;; WHEN: Fri Aug 15 10:54:16 2008
;; MSG SIZE rcvd: 145

[phoenix]

At a quick glance those results look OK to me. What stage are you at now, from what you mentioned earlier Zimbra is installed but you can't send externally is that correct? I assume you want your main domain name on Zimbra When you did the initial install you would have seen a message that asked if you wanted to change the domain name, what did you do at that point - did you change the domain name? Is the domain name on your Zimbra server set correctly for your needs, again I'm assuming you want core3access.com - if it's not that let me know. If your domain is set OK then you should be able to start Zimbra and send/receive external mail OK.

Just check that in the Admin UI on the Global and Server MTA tab that the setting 'Enable DNS lookups' is checked. That should, with a following wind, be all you need to do. Let me know what happens next.

[robcore3]

Hello Bill

WE HAVE SUCCESS sending email external!!

But we have broken sending email to an internal Exchange Server. I can send from my internal Exchange Server to @core3access.com. but cannot send to @core3inc.com

Can I setup in the Split DNS an option directing email to core3inc.com? to an Internal IP?