DNS problems - weird

[getridoff]

Hi there,

It's me again..something happened, but i dunno what is it. Ok, i have installed centos, disabled selinux, then the firewall, and done the Split DNS, as my machine is behind a firewall. But each time i configure the Split DNS, there is an error from the nslookup..perhaps i should post my output here, so that any guys of you can highlight me :

cat /etc/hosts
cat /etc/resolv.conf
dig domain.com mx
dig domain.com any
host `hostname` <- note backticks and not single quotes

cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.102 mail.nha2u.com mail

cat /etc/resolv.conf
search nha2u.com
nameserver 192.168.1.102


dig domain.com mx
[root@mail ~]# dig nha2u.com mx

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> nha2u.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8169
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;nha2u.com. IN MX

;; ANSWER SECTION:
nha2u.com. 156 IN MX 10 mail.nha2u.com.

;; AUTHORITY SECTION:
nha2u.com. 156 IN NS ns1.agigaworld.com.

;; ADDITIONAL SECTION:
mail.nha2u.com. 156 IN A 211.24.155.2




dig domain.com any
[root@mail ~]# dig nha2u.com any

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> nha2u.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52185
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;nha2u.com. IN ANY

;; ANSWER SECTION:
nha2u.com. 93 IN MX 10 mail.nha2u.com.
nha2u.com. 93 IN NS ns1.agigaworld.com.

;; AUTHORITY SECTION:
nha2u.com. 93 IN NS ns1.agigaworld.com.

;; ADDITIONAL SECTION:
mail.nha2u.com. 93 IN A 211.24.155.2

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Sun Jul 18 16:44:59 2010
;; MSG SIZE rcvd: 107




host `hostname`
[root@mail ~]# host `hostname`
mail.nha2u.com.nha2u.com is an alias for Napoleon Hill Associates.
Napoleon Hill Associates has address 124.217.227.140
;; connection timed out; no servers could be reached


I can suspect there is problem with the config above, but i just cant find it out, after 5 hours of trying this. Please do highlight me of my stupid mistakes here...

Thank you

Regards,
getridoff

[phoenix]

The simple answer is your DNS configuration files seem to have the A record of the Public IP (I'm assuming that's what 211.24.155.2 is?) rather than the Private LAN IP of the Zimbra server.

[getridoff]

Quote:

Originally Posted by phoenix

The simple answer is your DNS configuration files seem to have the A record of the Public IP (I'm assuming that's what 211.24.155.2 is?) rather than the Private LAN IP of the Zimbra server.

Hi phoenix,

yeah, but it supposed to have private LAN IP, as this machine is supposed to be behind firewall. i have edited the db.domain.com files, but it still showing the public ip for the A record..is there any place that i can check in the machine itself to change the A record to Private LAN ip? please advice me, so confused..

Thank you

Regards,
getridoff

[phoenix]

You need to configure the BIND(?) configuration files on this server 192.168.1.102 to reflect the fact it should be pointing to the LAN IP.

Quote:

Originally Posted by getridoff

host `hostname`
[root@mail ~]# host `hostname`
mail.nha2u.com.nha2u.com is an alias for Napoleon Hill Associates.
Napoleon Hill Associates has address 124.217.227.140
;; connection timed out; no servers could be reached

I'd also suspect you have a problem with the format of your DNS statements in your BIND config files given the response from the above command.

Check the details in the split DNS sarticle again and pay particular attention to the format of the statements and specifically the '.' (the period) at the end of the domain name in the config files.

[getridoff]

Quote:

Originally Posted by phoenix

You need to configure the BIND(?) configuration files on this server 192.168.1.102 to reflect the fact it should be pointing to the LAN IP.

I'd also suspect you have a problem with the format of your DNS statements in your BIND config files given the response from the above command.

Check the details in the split DNS sarticle again and pay particular attention to the format of the statements and specifically the '.' (the period) at the end of the domain name in the config files.

Hi phoenix,

I have re-configure the SPLIT DNS for zimbra to work, but un-usual, i face a different kind of issue here. below is my post :

[root@mail ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.102 mail.nha2u.com mail


[root@mail ~]# cat /etc/resolv.conf
search nha2u.com
nameserver 192.168.1.102

[root@mail ~]# dig nha2u.com mx

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> nha2u.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37915
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;nha2u.com. IN MX

;; ANSWER SECTION:
nha2u.com. 2592000 IN MX 10 mail.nha2u.com.

;; AUTHORITY SECTION:
nha2u.com. 2592000 IN NS 192.168.1.102.nha2u.com.

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Tue Jul 20 11:28:59 2010
;; MSG SIZE rcvd: 76

[root@mail ~]# dig nha2u.com any

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> nha2u.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25315
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nha2u.com. IN ANY

;; ANSWER SECTION:
nha2u.com. 2592000 IN SOA nha2u.com. hostmaster.mail.nha2u.com. 10118 43200 3600 3600000 2592000
nha2u.com. 2592000 IN NS 192.168.1.102.nha2u.com.
nha2u.com. 2592000 IN A 192.169.1.102
nha2u.com. 2592000 IN MX 10 mail.nha2u.com.

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Tue Jul 20 11:29:05 2010
;; MSG SIZE rcvd: 139

[root@mail ~]# host `hostname`
Host mail.nha2u.com not found: 3(NXDOMAIN)


why my hostname seems not found, even though i have set it in the host file itself ??

Please guide me

Thank you

regards,
getridoff

[phoenix]

Quote:

Originally Posted by getridoff

why my hostname seems not found, even though i have set it in the host file itself ??

For the simple reason that your DNS configuration files are incorrect as shown by the output you've posted above. The "host `hostname`" command will use DNS to resolve the hostname of the machine on which it is run, if it can't be resolved you'll get the response you've posted.

There are several threads in the forums that have details of what's needed in the BIND configuration files and tutorials on the internet, take your pick:

Linux DNS Server - How To Set Up Static or Dynamic DNS for Your Internet Servers
+"how to" +dns +NAMED - Yahoo! Search Results

[LMStone]

I know this is very frustrating for you, but the good news is as others have replied that the only thing wrong here is your BIND configuration.

The instance of BIND running on your Zimbra server needs to be the Master for your domain, with private IP addresses, and must never replicate your real public zone file.

At a minimum in local BIND you'll need an A record for your Zimbra server, an MX record for your domain, and forwarders for off-domain lookups by Zimbra.

Hope that helps,
Mark

[getridoff]

Quote:

Originally Posted by LMStone

I know this is very frustrating for you, but the good news is as others have replied that the only thing wrong here is your BIND configuration.

The instance of BIND running on your Zimbra server needs to be the Master for your domain, with private IP addresses, and must never replicate your real public zone file.

At a minimum in local BIND you'll need an A record for your Zimbra server, an MX record for your domain, and forwarders for off-domain lookups by Zimbra.

Hope that helps,
Mark

Hi to everyone here,

it is very pleasant to know that everyone here is willing to share their knowledge and experience with me, so i do not give up on this, and at last have found the way to get the host name work!! So i need the guru's here to confirmed that my settings here is correct .

cat /etc/hosts
[root@mail ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.102 mail.nha2u.com mail

cat /etc/resolv.conf
[root@mail ~]# cat /etc/resolv.conf
search nha2u.com
nameserver 192.168.1.102


dig nha2u.com mx
[root@mail ~]# dig nha2u.com mx

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> nha2u.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16921
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;nha2u.com. IN MX

;; ANSWER SECTION:
nha2u.com. 2592000 IN MX 10 mail.nha2u.com.

;; AUTHORITY SECTION:
nha2u.com. 2592000 IN NS 192.168.1.102.nha2u.com.

;; ADDITIONAL SECTION:
mail.nha2u.com. 2592000 IN A 192.168.1.102

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Fri Jul 23 16:21:18 2010
;; MSG SIZE rcvd: 92



dig nha2u.com any
[root@mail ~]# dig nha2u.com any

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> nha2u.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28019
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;nha2u.com. IN ANY

;; ANSWER SECTION:
nha2u.com. 2592000 IN SOA mail.nha2u.com. hostmaster.mail.nha2u.com. 10118 43200 3600 3600000 2592000
nha2u.com. 2592000 IN NS 192.168.1.102.nha2u.com.
nha2u.com. 2592000 IN A 192.169.1.102
nha2u.com. 2592000 IN MX 10 mail.nha2u.com.

;; ADDITIONAL SECTION:
mail.nha2u.com. 2592000 IN A 192.168.1.102

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Fri Jul 23 16:21:27 2010
;; MSG SIZE rcvd: 155


host `hostname`
[root@mail ~]# host `hostname`
mail.nha2u.com has address 192.168.1.102

nslookup mail.nha2u.com
[root@mail ~]# nslookup mail.nha2u.com
Server: 192.168.1.102
Address: 192.168.1.102#53

Name: mail.nha2u.com
Address: 192.168.1.102



Yes, and the above is my settings. Please do highlight if there is any errors or mistakes so that i can improve my settings here.

Thank you very much

Regards
getridoff

[LMStone]

All that looks good so far!

If it were our system we would set the web server mode to "redirect" using the zmtlsctl command; you may need to open TCP 443 on the firewall too.

I'd also be sure all admin accounts have very strong passwords if you are going to leave the Admin Console open to the public Internet.

Hope that helps,
Mark

[getridoff]

Quote:

Originally Posted by LMStone

All that looks good so far!

If it were our system we would set the web server mode to "redirect" using the zmtlsctl command; you may need to open TCP 443 on the firewall too.

I'd also be sure all admin accounts have very strong passwords if you are going to leave the Admin Console open to the public Internet.

Hope that helps,
Mark

Hi LMStone,

Thank you,

If it were our system we would set the web server mode to "redirect" using the zmtlsctl command; you may need to open TCP 443 on the firewall too.

may i know the reason for your sentences above please ? a bit confused here...


thank you

regards
getridoff