I have a DNS issue, but I can't figure it out.

[AmandaM]

Please forgive me, I'm new to DNS and I'm posting as a last resort since I've been trolling the forums for answers and I just can't figure out my issues. I've tried and failed at several ZCA and ZCS installs to this point because of DNS issues so I've started fresh and decided that I want the DNS fixed before the install.
Please keep in mind that I'm in a test environment on VMs to use this and so I cannot connect directly to RHN, only what our production loads have updated (meaning no bind9 just dnsmasq).

The setup is RHEL5 in a VM using dnsmasq to do the split dns, and the DNS server I want to point to is on Windows 2003 Server SP1 in another VM in the same vCenter.

In the Windows DNS I set up a Host(A) record for zimbra.domain.com pointing to the zimbra vm ip address and an MX record based off this A.

The output from the split dns wiki:

dig domain.com mx

Question Section:
domain.com. IN MX
Answer Section:
domain.com. 3600 IN MX 1 zimbra.domain.com.
Additional Section:
zimbra.domain.com. 3600 IN A [ZimbraVM IP address]

dig domain.com any

Questions section:
domain.com IN ANY
Answer Section:
domain.com. 600 in A [DNS Server IP]
domain.com. 3600 IN A [DNS Secondary IP]
domain.com. 3600 IN NS VMName.domain.com
domain.com. 3600 IN SOA VMName.domain.com host master 1821 900 600 86400 3600
domain.com. 3600 IN MX 1 zimbra.domain.com
domain.com. 0 IN TYPE65281 \# 20 00000000000000020000000384000000011405CCAC

Additional Section:
VMName.domain.com. 3600 IN A [DNS Server IP]
zimbra.domain.com. 3600 IN A [ZimbraVM IP]



host $(hostname)
connection timed out; no servers could be reached

cat /etc/resolv.conf
search domain.com
nameserver [DNS Server IP]


cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
[ZimbraVM IP] zimbra.domain.com zimbra

/etc/dnsmasq.conf file
server=[DNS Server Secondary IP]
server=[DNS Server IP]
domain=domain.com
mx-host=domain.com,zimbra.domain.com,5
listen-address=127.0.0.1

Any suggestions, or pointing me to the right thread would be fine. I've been trolling threads for about a week now though, and I'm probably just missing what I need.
Thanks in advance for all your help!

[AmandaM]

So, no takers on helping me figure this out? I really would like some help or someone to point me to where help is. I would really appreciate it, because at this point it doesn't seem like I'm going to be able to get this set up properly to test, and an alternative to Exchange would be nice.

[phoenix]

Quote:

Originally Posted by AmandaM

So, no takers on helping me figure this out? I really would like some help or someone to point me to where help is. I would really appreciate it, because at this point it doesn't seem like I'm going to be able to get this set up properly to test, and an alternative to Exchange would be nice.

Part of the problem is that your information doesn't really tell us much because you've obfuscated the IP address and the domain name and you're missing the output from the dig commands that tells you which server responded with that information and you didn't say where you ran those command nor did you say why you've set-up another DNS server when you already have one on your Windows machine.

You've also posted this:

Code:

host $(hostname)
connection timed out; no servers could be reached

That shows the DNS server can't be contacted.

[AmandaM]

Phoenix, thank you I just wanted some response. I didn't mean to sound ungrateful, I've just been frustrated with this for a few weeks now amongst other things. I obscured the IP addresses since I cannot give them out, I'll try to post it better if I need to again.
For now I'm going to ask the admin to move the Zimbra VM to the Datacenter that the DNS is located on to see if that helps resolve the issue of the connection timing out.
The domain.com is my Windows 03 DNS, I apologize for not making that clearer.

[spectra]

My setup is not on a VM.
The key here is I am behind a NAT firewall/router so I need to do Split DNS.
Maybe this can help, here's my split DNS setup

-----
DNS
-----
On Ubuntu, check /etc/default/bind9 to see the root directory path for your bind installation. If not other path is specified, then it's most likely /etc/bind/

Proper DNS configuration is PARAMOUNT! If you don't have your DNS working properly, don't even bother trying to install Zimbra, because trying to fix DNS after the fact may result in an install that can do everything except send mail--even from a Zimbra user to himself! So I'll say it again:


Step 1.
If you can't resolve your mailserver's own private IP address (NOT the public IP) using nslookup, fix it BEFORE you install Zimbra!

If your installation above was successful, when you sign on at the command line you'll be able to ping public IP addresses if you know them, but you may not be able to resolve any names to ping them.


Step 2.
Now you have to configure the following files, which are in the directory /etc/bind (for brevity I've deleted the generic comment lines included by the distro). Note that the query-source address and forwarders lines are already there, they just need to be uncommented, and in the case of the forwarders, the ip addresses of your ISP's DNS servers need to be added. Note also that the syntax needs to be EXACTLY as shown below--leave out one semicolon or bracket and the whole thing blows up:

/etc/bind/named.conf.options

options {
directory "/var/cache/bind";
query-source address * port 53;
forwarders {
68.87.77.134; 68.87.72.134; //these are my ISP DNS IP
};
auth-nxdomain no; # conform to RFC1035
};

the ip addresses on this file are public ip addresses of the DNS you use in the outside world. The line "query-source address * port 53" is to allow your machine to hit the DNS if oddball DNS ports are blocked. You can leave it commented if you don't need it.


Step 3.
Check /etc/resolv.conf and make sure it looks like this:
nameserver xxx.xxx.xxx.xxx
The IP address here should be the Zimbra box's private ip address.

search p-c-o.org
nameserver 10.26.26.253 // the IP assigned to zimbra server locally


Step 4.
Once you've fixed these two files, restart bind

/etc/init.d/bind9 restart

you should be able to resolve names in the outside world. Try something like "ping google.com" and if you get an answer, you're on the way.

Step 5.
Now it's time to get the internal zone working. Append the following lines to /etc/bind/named.conf.local

zone "p-c-o.org" {
type master;
file "/etc/bind/db.p-c-o.org";
};

Note that you need to type the full pathname to your db.* file. Also, be sure you don't miss a semicolon ";" in any of these lines that have them because a missing semicolon breaks the file.


Step 6.
Now create your file /etc/bind/db.p-c-o.org

;
;BIND data file for p-c-o.org
;
$TTL 604800
@ IN SOA mail.p-c-o.org. admin.p-c-o.org. (
090767 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS mail
IN MX 10 mail
IN A 10.26.26.253
mail IN A 10.26.26.253

The ip address here is again your Zimbra internal ip address; the string "admin.p-c-o.org" is replaced with the email address you are using for administration, only with a "." instead of the "@" in the address. Be careful to increment the serial number one higher every time you modify this file or the changes won't stick. Many users use the date they edit the file for the serial number, but as long as you start low and only get higher it really doesn't matter.


Step 7.
Now you may need to reboot the machine (restarting bind9 alone doesn't always work) and try to resolve your mail server.
/etc/init.d/bind9 restart
/sbin/init 6

nslookup p-c-o.org
You should get output similar to this:

Server: 10.26.26.253
Address: 10.26.26.253#53

Name: p-c-o.org
Address: 10.26.26.253

If it returns your public IP address, xxx.xxx.xxx.xxx, your internal DNS is not working.
Fix it, when this failed it was because I placed the wrong IP in /etc/resolv.conf file.


Step 8.
Before you get to the install you also need to modify your /etc/hosts file:
127.0.0.1 localhost.localdomain localhost
10.26.26.253 mail.p-c-o.org mail


Step 9.
sudo apt-get install bind9 dnsutils file libgmp3c2 libexpat1 libstdc++5 libltdl3 libperl5.8 perl curl libpcre3 libc6

It's now time to update your packages:
sudo bash (this will ask for your password, enter your administrator's pw, then you'll be at a root prompt)
apt-get upgrade; apt-get update

----------
End DNS
----------

I also would suggest you get it working first then adjust the port number.

[AmandaM]

Thank you Spectra for your suggestions. I reverted to try out bind, only to find out that RHEL 5 does not do the normal things that are listed either here or in the split dns wiki. Yes it creates a named.conf in the /var/named/chroot/etc/ file but it isn't the same kind of named.conf everyone talks about it, the only way to even generate that is through the system-config-bind gui. (Which for the life of me I can't figure out to a degree to make the preview named match what you had but I did try). I finally got in touch with the admin who said that the dns and the vm share the same network so I was able to install it with just the dns entries and the /etc/hosts pointing to [the vm's ip] [mail.domain.com] [domain.com] It still threw the MX error during installation but thanks to some other posts in the forums I knew to change it from mail.domain.com to just domain.com and it resolved itself. I had tried this previously but never with any luck it would always fail at ldap. Only thing I can think of that I did not do this time was that I never touched the resolv.conf file. I'm so happy this is finally installed and I can't wait to configure it!