Results 1 to 4 of 4

Thread: Where to use DNS aliases/CNAMEs?

  1. #1
    notpeter is offline Member
    Join Date
    Aug 2008
    Location
    New York, NY
    Posts
    11
    Rep Power
    6

    Default Where to use DNS aliases/CNAMEs?

    Hi, I'm in the process of building out a multi-server installation and had a couple questions about naming.

    Specifically I have the following hosted seperately.
    Mailstore, MTA, LDAP, Proxy

    I'd like to iron out names now befoe I get much further. Here are the CNAMEs I'd like to use:

    mail.dept.uni.edu (POP, IMAP)
    send.dept.uni.edu (SMTP)
    ldap.dept.uni.edu (LDAP)

    I'm concerned about making sure URLs don't change even if the backend server configurations slide/grow. Basically I'd like to hide the name of my mailstores from the users among other things. Should I have a seperate CNAME for http(s) connections to the mail server? Is the http/https reverse proxy stable enough for production use?

    Is there a way I can force the mailstore to generate URLs which are the alias names (and thus proxied)? At the moment urls the mailstore shows (when defining new shares, etc) is its own (non-aliased) name. Is there a way I can force the mailstore to generate URLs which are the alias names (and thus perhaps proxied)?

    Currently I'm planning on buying two commercial SSL certificates (mail.dept.uni.edu and send.dept.uni.edu). I'd like to use Mail.dept.uni.edu for proxied IMAP/POP/HTTP(s), but not if I can't get the backend server to generate public friendly urls. Is there any advantage to buying a third cert for https on the mailstore itself (zimbra.dept.uni.edu or whatever)?

    Each host has a FQDN of it's own, but will I have any trouble if tell Zimbra its hostname is something that's actually a CNAME? (tell zimbra the server is send.dept.uni.edu instead of internalname.dept.uni.edu instead?)

  2. #2
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    Section 10.3 of RFC 2181 states you should not use cnames when resolving an MX record.

  3. #3
    notpeter is offline Member
    Join Date
    Aug 2008
    Location
    New York, NY
    Posts
    11
    Rep Power
    6

    Default

    Quote Originally Posted by Bill Brock View Post
    Section 10.3 of RFC 2181 states you should not use cnames when resolving an MX record.
    Sorry, I should've been more explicit. My MX records should be fine. They are off of dept.uni.edu and point to the zimbra MTAs directly (no CNAMEs). The send.dept.uni.edu is only for client secure SMTP access.

    Anyone know if there's a similar reasons for/against giving zimbra a CNAME which points to, rather than a name with an A record?

    Is there a way to tell Zimbra: "this is the FQDN of the server you're on. But use 'cname.dept.uni.edu' for all client facing communication?" Or should I just tell zimbra the CNAME.

  4. #4
    whetu is offline New Member
    Join Date
    Aug 2008
    Posts
    4
    Rep Power
    6

    Default

    My understanding is that so long as the Zimbra server can resolve the IP, it should be happy (or tricked; unknowingly delivering to itself)

    The only issue then is certificates for secure connections. To mitigate annoying cert warnings (especially with Firefox 3 users) you'll probably want to use subjectaltnames, e.g.
    [SOLVED] No SubjectAltname in Commercial Certificate request (FOSS 5.0.1)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DNS ERROR resolving MX for mail.domain.com
    By csoliss in forum Installation
    Replies: 11
    Last Post: 04-29-2008, 08:32 AM
  2. :( DNS Lookup issues
    By jhgutierrezg in forum Administrators
    Replies: 3
    Last Post: 05-30-2007, 08:00 AM
  3. ZCS ROCKS! Need some DNS help!
    By SiteDiscovery in forum Administrators
    Replies: 9
    Last Post: 12-30-2006, 10:50 PM
  4. DNS in a nutshell part two (For dummies)
    By daimer77 in forum Installation
    Replies: 4
    Last Post: 12-18-2006, 06:28 PM
  5. DNS Strategies and Best Practices, and a SLES10 Request
    By LMStone in forum Administrators
    Replies: 4
    Last Post: 10-14-2006, 07:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •