Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 08-25-2008, 12:37 PM
Member
 
Posts: 10
Default Where to use DNS aliases/CNAMEs?

Hi, I'm in the process of building out a multi-server installation and had a couple questions about naming.

Specifically I have the following hosted seperately.
Mailstore, MTA, LDAP, Proxy

I'd like to iron out names now befoe I get much further. Here are the CNAMEs I'd like to use:

mail.dept.uni.edu (POP, IMAP)
send.dept.uni.edu (SMTP)
ldap.dept.uni.edu (LDAP)

I'm concerned about making sure URLs don't change even if the backend server configurations slide/grow. Basically I'd like to hide the name of my mailstores from the users among other things. Should I have a seperate CNAME for http(s) connections to the mail server? Is the http/https reverse proxy stable enough for production use?

Is there a way I can force the mailstore to generate URLs which are the alias names (and thus proxied)? At the moment urls the mailstore shows (when defining new shares, etc) is its own (non-aliased) name. Is there a way I can force the mailstore to generate URLs which are the alias names (and thus perhaps proxied)?

Currently I'm planning on buying two commercial SSL certificates (mail.dept.uni.edu and send.dept.uni.edu). I'd like to use Mail.dept.uni.edu for proxied IMAP/POP/HTTP(s), but not if I can't get the backend server to generate public friendly urls. Is there any advantage to buying a third cert for https on the mailstore itself (zimbra.dept.uni.edu or whatever)?

Each host has a FQDN of it's own, but will I have any trouble if tell Zimbra its hostname is something that's actually a CNAME? (tell zimbra the server is send.dept.uni.edu instead of internalname.dept.uni.edu instead?)
Reply With Quote
  #2 (permalink)  
Old 08-25-2008, 02:18 PM
Outstanding Member
 
Posts: 684
Default

Section 10.3 of RFC 2181 states you should not use cnames when resolving an MX record.
Reply With Quote
  #3 (permalink)  
Old 08-25-2008, 02:44 PM
Member
 
Posts: 10
Default

Quote:
Originally Posted by Bill Brock View Post
Section 10.3 of RFC 2181 states you should not use cnames when resolving an MX record.
Sorry, I should've been more explicit. My MX records should be fine. They are off of dept.uni.edu and point to the zimbra MTAs directly (no CNAMEs). The send.dept.uni.edu is only for client secure SMTP access.

Anyone know if there's a similar reasons for/against giving zimbra a CNAME which points to, rather than a name with an A record?

Is there a way to tell Zimbra: "this is the FQDN of the server you're on. But use 'cname.dept.uni.edu' for all client facing communication?" Or should I just tell zimbra the CNAME.
Reply With Quote
  #4 (permalink)  
Old 08-25-2008, 07:25 PM
New Member
 
Posts: 4
Default

My understanding is that so long as the Zimbra server can resolve the IP, it should be happy (or tricked; unknowingly delivering to itself)

The only issue then is certificates for secure connections. To mitigate annoying cert warnings (especially with Firefox 3 users) you'll probably want to use subjectaltnames, e.g.
[SOLVED] No SubjectAltname in Commercial Certificate request (FOSS 5.0.1)
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.