Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: [SOLVED] ping problems :(

  1. #11
    maurixio is offline Intermediate Member
    Join Date
    Apr 2009
    Posts
    17
    Rep Power
    6

    Default

    Quote Originally Posted by Bill Brock View Post
    as it applies to BIND. Most split DNS configurations require two DNS servers. One with the zone file that contains your internal data that Zimbra uses as a resolver and one that is the true Start of Authority that contains your external data that the outside world will look to to resolve your IP's.

    Your internal data should not be viewable to the outside as it obviously is or the ping would not be directed to the internal IP.

    Is this DNS server setup as the Start of Authority at your registrar?
    yes it is , but i got your point.. lets think about this schema

    i have a firewall (in linux with iptables), that has 2 nic

    eth0 --> 100.100.100.100 (the public ip)
    eth1--> 1.1.1.1 (the first private ip , and acts like a gateway for the whole lan).

    then i have the web server and the dns together

    eth0 --> 2.2.2.2 (another private ip in the same range of 1.1.1.1)

    so i was thinking if i install in 2.2.2.2 the local dns , so zimbra can resolve "locally" , the another i could install where the public ip is, so that server would use that ip to "say" that all my services are in that public ip.

    but how can i connect those two servers each other to do the "translation" between local and public?

    and the other question would be , in the server with the 2 interfaces, what dns server should i use first in the /etc/resolv.conf? my isp public dns server? my own public dns server? or the local resolver? (thinking that eth1 is the gateway for the lan)
    Last edited by maurixio; 04-10-2009 at 09:54 AM.

  2. #12
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default If I am reading you right...

    2.2.2.2 is a server where Zimbra resides. and 1.1.1.1 is another server acting as your firewall/gateway.

    I would use BIND on the Zimbra server to resolve the internal IP scheme which Zimbra will use and then use BIND on the firewall, which will be set as the true Start of Authority that the external world will see with your external IP data.

  3. #13
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Forwarder.

    You may need to setup a forwarder, that being your external DNS server, on the Zimbra DNS server for it to resolve properly to the outside. If it doesn't find the DNS info locally it will querry the forwarder you have setup. That meaning it will always find the Internal IP's because the zone file resides locally. Any other reslolution, such as other mail servers, will be resolved through the forwarder.

  4. #14
    maurixio is offline Intermediate Member
    Join Date
    Apr 2009
    Posts
    17
    Rep Power
    6

    Default

    Quote Originally Posted by Bill Brock View Post
    You may need to setup a forwarder, that being your external DNS server, on the Zimbra DNS server for it to resolve properly to the outside. If it doesn't find the DNS info locally it will querry the forwarder you have setup. That meaning it will always find the Internal IP's because the zone file resides locally. Any other reslolution, such as other mail servers, will be resolved through the forwarder.
    ok the thing would be this way

    ******* BIND on the firewall / gateway ******************

    $TTL 3600
    domain.cl. IN SOA ns1.domain.cl. admin.domain.cl. (
    2009210216 ; Serial
    1H ; Refresh
    2H ; Retry
    4W ; Expire
    2D ) ; Negative Cache TTL
    ;
    IN NS ns1.domain.cl.
    IN A 100.100.100.100
    IN MX 10 mail
    ns1 IN A 100.100.100.100
    ns2 IN A 100.100.100.100
    mail IN A 100.100.100.100
    www IN A 100.100.100.100
    ftp IN A 100.100.100.100


    named.conf

    zone "domain.cl" IN {
    type master;
    file "/etc/bind/db.domain";
    allow-transfer { 111.111.111.111; };
    };

    zone "100.100.100.in-addr.arpa" {
    type master;
    file "/etc/bind/db.100";
    allow-transfer { 111.111.111.111; };
    };



    include "/etc/bind/named.conf.local";

    with 100.100.100.100 my public ip , 111.111.111.111 isp dns

    /etc/resolv.conf

    nameserver 100.100.100.100 (my public ip dns)
    nameserver 1.1.1.1 (the zimbra dns who resolve locally)
    nameserver 111.111.111.111 (my isp dns)


    named.conf.options

    options {
    directory "/var/cache/bind";
    query-source address * port 53;

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    forwarders {
    111.111.111.111; 100.100.100.100; 1.1.1.1;
    };

    auth-nxdomain yes;
    allow-query { any; };
    listen-on-v6 { any; };
    };


    ************ BIND IN THE ZIMBRA HOST *******************

    $TTL 3600
    domain.cl. IN SOA ns1.domain.cl. admin.domain.cl. (
    2009210216 ; Serial
    1H ; Refresh
    2H ; Retry
    4W ; Expire
    2D ) ; Negative Cache TTL
    ;
    IN NS ns1.domain.cl.
    IN A 1.1.1.1
    IN MX 10 mail
    ns1 IN A 1.1.1.1
    ns2 IN A 1.1.1.1
    mail IN A 1.1.1.1
    www IN A 1.1.1.1
    ftp IN A 1.1.1.1


    named.conf

    zone "domain.cl" IN {
    type master;
    file "/etc/bind/db.domain";
    allow-transfer { 100.100.100.100; };
    };

    zone "1.1.1.in-addr.arpa" {
    type master;
    file "/etc/bind/db.1";
    allow-transfer { 100.100.100.100; };
    };



    include "/etc/bind/named.conf.local";

    with 100.100.100.100 my public ip , 111.111.111.111 isp dns , 1.1.1.1 zimbra host

    /etc/resolv.conf

    nameserver 1.1.1.1 (my zimbra dns)
    nameserver 100.100.100.100 (my public dns)
    nameserver 111.111.111.111 (my isp dns)


    named.conf.options

    options {
    directory "/var/cache/bind";
    query-source address * port 53;

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    forwarders {
    100.100.100.100; 1.1.1.1; 111.111.111.111;
    };

    auth-nxdomain yes;
    allow-query { any; };
    listen-on-v6 { any; };
    };


    is that correct? sorry for the long reply

  5. #15
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default It may not matter but...

    I don't think I would setup the public DNS servers as resolvers on the Zimbra machine since you are configuring them as forwarders. And I wouldn't include the private (1.1.1.1) DNS server in the list of forwarders on the Zimbra machine.

  6. #16
    maurixio is offline Intermediate Member
    Join Date
    Apr 2009
    Posts
    17
    Rep Power
    6

    Default

    Quote Originally Posted by Bill Brock View Post
    I don't think I would setup the public DNS servers as resolvers on the Zimbra machine since you are configuring them as forwarders. And I wouldn't include the private (1.1.1.1) DNS server in the list of forwarders on the Zimbra machine.
    i keep on see it as a private address

  7. #17
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default What are you using....

    as the resolver on the machine you are pinging from.?

  8. #18
    maurixio is offline Intermediate Member
    Join Date
    Apr 2009
    Posts
    17
    Rep Power
    6

    Default

    yeah , probably im doing something bad, im doing all again.

  9. #19
    thorng is offline Active Member
    Join Date
    Apr 2009
    Posts
    46
    Rep Power
    6

    Default

    I would go back to set up multi-view on the on the firewall / gateway. Also there are multiple places you are doing this wrong. A rule of thumb, you need to keep the public IP address complete separated from the internal servers. Internal servers never need to know anything about their public IP address.

    Here is what I would have from your config:

    /etc/bind/domain.cl.external:

    $TTL 3600
    domain.cl. IN SOA ns1.domain.cl. admin.domain.cl. (
    2009210216 ; Serial
    1H ; Refresh
    2H ; Retry
    4W ; Expire
    2D ) ; Negative Cache TTL
    ;
    IN NS ns1.domain.cl.
    IN A 100.100.100.100
    IN MX 10 mail.domain.cl.
    ns1 IN A 100.100.100.100
    ns2 IN A 100.100.100.100
    mail IN A 100.100.100.100
    www IN A 100.100.100.100
    ftp IN A 100.100.100.100

    /etc/bind/domain.cl.internal:

    $TTL 3600
    domain.cl. IN SOA ns1.domain.cl. admin.domain.cl. (
    2009210216 ; Serial
    1H ; Refresh
    2H ; Retry
    4W ; Expire
    2D ) ; Negative Cache TTL
    ;
    IN NS ns1.domain.cl.
    IN A 1.1.1.1
    IN MX 10 mail.domain.cl.
    ns1 IN A 1.1.1.1
    ns2 IN A 1.1.1.1
    mail IN A 2.2.2.2
    www IN A 1.1.1.1
    ftp IN A 1.1.1.1


    /etc/named.conf:

    view "private" {
    match-clients { x.x.x.x/24; }; // what ever that match your entire private network. I assume the 1.1.1.1 and 2.2.2.2 are hosts in the same subnet.
    recursion yes;
    zone "domain.cl" {
    type master;
    // private zone file including local hosts
    file "/etc/bind/domin.cl.internal";
    };
    zone "1.1.1.in-addr.arpa" {
    type master;
    file "/etc/bind/db.1";
    };
    // add required zones
    };
    view "public" {
    match-clients {"any"; }; // all others hosts
    // recursion not supported
    recursion no;
    };
    zone "domain.cl" {
    type master;
    // public only hosts
    file "/etc/bin/domain.cl.external";
    allow-transfer { 111.111.111.111; };
    };

    // I don't even think you need this entire section. doesn't your ISP take care of this. BEGIN
    zone "100.100.100.in-addr.arpa" {
    type master;
    file "/etc/bind/db.100";
    allow-transfer { 111.111.111.111; };
    };
    // I don't even think you need this entire section. doesn't your ISP take care of this. END
    };

    include "/etc/bind/named.conf.local";

    /etc/resolv.conf

    nameserver 127.0.0.1
    nameserver 111.111.111.111 (my isp dns) <- This is a fail safe in case the DNS dies you will still have Internet Access, but all of your internal services depended on DNS will fail. This may do more ham then good as you should never need to make your public IP know to internal servers. A better way is set up a internal slave DNS and replace this line.

    named.conf.options

    options {
    directory "/var/cache/bind";
    query-source address * port 53;

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    forwarders {
    111.111.111.111; // do not forward back to an internal server
    };

    auth-nxdomain yes;
    allow-query { any; };
    listen-on-v6 { any; };
    };


    ************ IN THE ZIMBRA HOST *******************

    /etc/resolv.conf

    nameserver 1.1.1.1 (my zimbra dns)
    nameserver 111.111.111.111 (my isp dns) <- this will definitely will do more ham than good.

  10. #20
    thorng is offline Active Member
    Join Date
    Apr 2009
    Posts
    46
    Rep Power
    6

    Default

    Quote Originally Posted by Bill Brock View Post
    as the resolver on the machine you are pinging from.?
    I also agree with Bill Brock your initial post looks like a DNS resolver issue on the client side (the system you are testing from). you should debug this before assume this is a DNS issue on the server. just do a nslookup on the client to see if the DNS is returning the right IP address. Your client may be resolving the mail IP from different source (i.e. cache or local host file).

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Restarting and german 'umlaut' problems
    By Oswald-Kolle in forum Installation
    Replies: 3
    Last Post: 05-29-2007, 02:09 AM
  2. iSync Connector / Apple Address Book Problems
    By jrosen in forum CalDAV / CardDAV / iSync
    Replies: 11
    Last Post: 04-16-2007, 03:40 PM
  3. Replies: 3
    Last Post: 12-06-2006, 11:31 AM
  4. Port and Password Problems
    By dennosius in forum Installation
    Replies: 3
    Last Post: 11-21-2006, 02:25 PM
  5. Problems with public Subversion repository
    By dwhite in forum Developers
    Replies: 0
    Last Post: 11-18-2006, 12:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •