Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Problem setting up split DNS Zimbra 8.0.5 Ubuntu 12.04

  1. #11
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,366
    Rep Power
    10

    Default

    I think you've isolated the problem correctly to the config of your BIND instance on the DNS server. Lots of places with BIND where a simple syntax or other minor error can throw things off.

    May I suggest taking a look at https://help.ubuntu.com/community/BIND9ServerHowto and configuring your BIND instance following the "Primary Master Server" section in that Ubuntu wiki article?

    You may (or may not) also want to turn off IPv6 on your Ubuntu server. Not a big deal if (and that's a big "if") when you installed Zimbra you specified IPv4-only.

    Keep plugging; you are close!

    And keep us posted!

    Hope that helps,
    Mark

  2. #12
    NorthWill is offline Junior Member
    Join Date
    Sep 2013
    Posts
    9
    Rep Power
    1

    Default

    Thanks Mark. I appreciate the help.

    We had an old, lame nameserver listed with the registrar so I started at the registrar and created new records pointing to my ns.tkdb.ca server and a new (so far) lame server that I haven't set up yet. Not sure if that had anything to do with the problems but I thought it wouldn't hurt to get those records straightened out.

    I then started over with my bind configuration and made sure that all of the syntax is exactly what it should be.

    I now can send mail internally and receive it. I can also send mail from tkdb.ca to another (gmail) account but I cannot send mail from an external account to tkdb.ca.

    I can dig tkdb.ca mx and get

    Code:
    ; <<>> DiG 9.8.1-P1 <<>> tkdb.ca mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25001
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;tkdb.ca.                       IN      MX
    
    ;; ANSWER SECTION:
    tkdb.ca.                38400   IN      MX      10 mail.tkdb.ca.
    
    ;; AUTHORITY SECTION:
    tkdb.ca.                38400   IN      NS      ns.tkdb.ca.
    
    ;; ADDITIONAL SECTION:
    mail.tkdb.ca.           38400   IN      A       192.168.0.191
    ns.tkdb.ca.             38400   IN      A       192.168.0.191
    
    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Oct  1 16:19:58 2013
    ;; MSG SIZE  rcvd: 95
    All the other tests return what they are supposed to as well.

    I did find Ajcody-Hostname-DNS - Zimbra :: Wiki and ran those tests as well. Everything comes back the way it should except

    host -t MX `domainname -f` which indicates
    Code:
    mail.tkdb.ca has no MX record
    It seems my MX records are not public so they can't be resolved by other mail servers. Without using the public IPs in my db.tkdb.ca zone file I don't know how I'm going to resolve that.

    Thanks,

  3. #13
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,366
    Rep Power
    10

    Default

    Well it sounds like you are almost there!

    In public DNS I get:

    Code:
    PDP-8:~ lmstone$ dig mail.tkdb.ca mx
    
    
    ; <<>> DiG 9.8.5-P1 <<>> mail.tkdb.ca mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17013
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    
    ;; QUESTION SECTION:
    ;mail.tkdb.ca.            IN    MX
    
    
    ;; AUTHORITY SECTION:
    tkdb.ca.        900    IN    SOA    ns.tkdb.ca. root.tkdb.ca. 3741515995 10800 3600 604800 38400
    
    
    ;; Query time: 580 msec
    ;; SERVER: 192.168.15.51#53(192.168.15.51)
    ;; WHEN: Tue Oct 01 20:20:46 EDT 2013
    ;; MSG SIZE  rcvd: 74
    
    
    PDP-8:~ lmstone$ dig tkdb.ca mx
    
    
    ; <<>> DiG 9.8.5-P1 <<>> tkdb.ca mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    
    ;; QUESTION SECTION:
    ;tkdb.ca.            IN    MX
    
    
    ;; ANSWER SECTION:
    tkdb.ca.        21600    IN    MX    10 mail.tkdb.ca.
    
    
    ;; Query time: 176 msec
    ;; SERVER: 10.0.1.1#53(10.0.1.1)
    ;; WHEN: Tue Oct 01 20:20:55 EDT 2013
    ;; MSG SIZE  rcvd: 46
    
    
    PDP-8:~ lmstone$
    So, if the email addresses on your server are in the form:

    user@tkdb.ca

    then the fact that there is no MX record in public DNS for the domain "mail.tkdb.ca" is irrelevant, because it's not a domain, it's an FQDN.

    But, there is one thing you do need to fix that I see, and then you should be done...

    In public DNS, change the A record for mail.tkdb.ca from the current private, non-routable IP address of 192.168.0.191 to whatever it's true public IP address is. Hopefully this will generate a good-natured face-palm on your part (no disrespect intended!) that the public DNS servers (which the world needs to use to find your server) for your domain should resolve A records with public IP addresses, and that the private DNS servers for your domain (which the Zimbra server needs to use) should resolve private IP addresses but ONLY for your domain, and public IP addresses (via the forwarders) for all other domains. Hence... you have split your Zimbra server's domain out from the public DNS servers so that it can function with a private IP address. S'OK?

    If that all makes sense you are now a DNS Ninja and your Zimbra server should be all good to go once you fix that one A record in public DNS!

    Hope that helps,
    Mark

    P.S. If this is still not making sense, my apologies for not being clear enough! Help me to understand what's not getting through and I'll try to explain it in a different way.

  4. #14
    NorthWill is offline Junior Member
    Join Date
    Sep 2013
    Posts
    9
    Rep Power
    1

    Default

    Success. I changed the A record to the public IP and I can now send and receive emails internally and externally.

    I made the changes yesterday afternoon and for a while I did not think it was going to work because none of my test emails were coming through to the Zimbra server. I just needed to give it time to propagate as the emails started arriving about midnight.

    I really do need to do some more reading on DNS as I thought that if I did a dig tkdb.ca mx etc from another workstation outside of my network and it responded correctly, that meant that the changes had propagated completely. Obviously that isn't quite the case as it took another 10 or so hours to get emails coming in but everything now seems to be working.

    Thanks again for all your help.

  5. #15
    adanso239 is offline New Member
    Join Date
    Oct 2013
    Posts
    4
    Rep Power
    1

    Default

    I am having the same issues with Split dns and I would like help, I am running Release 8.0.5_GA_5839.SLES11_64_20130910123623 SLES11_64 FOSS edition.

    I am posting most of the needed files because I am running Zimbra behind a firewall and I am currently having mail deferred and would like to know where to look for I have slaved away at this for over a week and believe its time I get a second eye to look over my files and tell me what to do or look for.

    LOG FILE MESSAGES:
    mail:~ # tail -f /var/log/zimbra.log
    Oct 18 15:34:33 mail postfix/smtp[1286]: 78C8E28C390: to=, relay=none, delay=23660, delays=23660/0.03/0/0, dsn=5.4.6, status=bounced (mail for mail.domain.com loops back to myself)
    Oct 18 15:34:33 mail postfix/qmgr[5849]: 78C8E28C390: removed
    Oct 18 15:35:26 mail zmconfigd[18944]: Fetching All configs
    Oct 18 15:35:26 mail zmconfigd[18944]: All configs fetched in 0.03 seconds
    Oct 18 15:35:26 mail sudo: zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
    Oct 18 15:35:26 mail sudo: zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
    Oct 18 15:35:26 mail sudo: zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmtastatus
    Oct 18 15:35:28 mail zmconfigd[18944]: Watchdog: service antivirus status is OK.
    Oct 18 15:35:28 mail zmconfigd[18944]: All rewrite threads completed in 0.00 sec
    Oct 18 15:35:28 mail zmconfigd[18944]: All restarts completed in 0.00 sec
    Oct 18 15:36:05 mail sudo: zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
    Oct 18 15:36:05 mail sudo: zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmtastatus
    Oct 18 15:36:28 mail zmconfigd[18944]: Fetching All configs
    Oct 18 15:36:28 mail zmconfigd[18944]: All configs fetched in 0.03 seconds
    Oct 18 15:36:28 mail sudo: zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
    Oct 18 15:36:28 mail sudo: zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
    Oct 18 15:36:28 mail sudo: zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmtastatus
    Oct 18 15:36:29 mail zmconfigd[18944]: Watchdog: service antivirus status is OK.
    Oct 18 15:36:29 mail zmconfigd[18944]: All rewrite threads completed in 0.01 sec
    Oct 18 15:36:29 mail zmconfigd[18944]: All restarts completed in 0.00 sec

    zimbra@mail:~> sudo /opt/zimbra/libexec/zmqstat
    hold=0
    corrupt=0
    deferred=4
    active=0
    incoming=0

    mail:~ # cat /etc/hosts
    127.0.0.1 localhost.localdomain localhost
    10.10.10.83 mail.sysdial.com mail

    # special IPv6 addresses
    ::1 localhost ipv6-localhost ipv6-loopback

    fe00::0 ipv6-localnet

    ff00::0 ipv6-mcastprefix
    ff02::1 ipv6-allnodes
    ff02::2 ipv6-allrouters
    ff02::3 ipv6-allhosts
    10.10.10.83 mail.sysdial.com mail

    zimbra@mail:~> cat /etc/resolv.conf

    search domain.com
    nameserver 127.0.0.1
    nameserver XX.XX.XX..80 This is the local IP for ns1 which is the one resolving on the internet (I host my own DNS servers)
    nameserver XX.XX.XX..85 This is the Local IP for ns2 which is the slave DNS Sever (All of these Server have individual Public IPs)

    zimbra@mail:~> dig domain.com mx Please note that the returned information is the outside IP address for the mail server through the firewall

    ; <<>> DiG 9.6-ESV-R7-P4 <<>> domain.com mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65424
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;domain.com. IN MX

    ;; ANSWER SECTION:
    domain.com. 3600 IN MX 10 mail.domain.com.

    ;; ADDITIONAL SECTION:
    mail.domain.com. 3600 IN A XX.XX.XX.28

    ;; Query time: 5 msec
    ;; SERVER: XX.XX.XX..80#53(XX.XX.XX..80)
    ;; WHEN: Fri Oct 18 16:18:34 2013
    ;; MSG SIZE rcvd: 66

    zimbra@mail:~> dig domain.com any

    ; <<>> DiG 9.6-ESV-R7-P4 <<>> domain.com any Please note that the returned information is the outside IP address for the mail server through the firewall
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5609
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3

    ;; QUESTION SECTION:
    ;domain.com. IN ANY

    ;; ANSWER SECTION:
    domain.com. 3600 IN A XX.XX.XX.27
    domain.com. 3600 IN NS ns1.domain.com.
    domain.com. 3600 IN NS ns2.domain.com.
    domain.com. 3600 IN SOA ns1.domain.com. hostmaster.domain.com. 24 900 600 86400 3600
    domain.com. 3600 IN MX 10 mail.domain.com.

    ;; ADDITIONAL SECTION:
    ns1.domain.com. 3600 IN A XX.XX.XX.25
    ns2.domain.com. 3600 IN A XX.XX.XX.29
    mail.domain.com. 3600 IN A XX.XX.XX.28

    ;; Query time: 0 msec
    ;; SERVER: XX.XX.XX..80#53(XX.XX.XX..80)
    ;; WHEN: Fri Oct 18 16:19:23 2013
    ;; MSG SIZE rcvd: 197

    mail:~ # host 'hostname'
    Host hostname not found: 3(NXDOMAIN) Suspect here to be the problem

  6. #16
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by adanso239 View Post
    zimbra@mail:~> dig domain.com mx Please note that the returned information is the outside IP address for the mail server through the firewall
    The simple answer is that is incorrect, every forum post on this topic and the wiki article itself tells you it should point to the LAN IP address of your server - you need to fix your DNS records.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #17
    adanso239 is offline New Member
    Join Date
    Oct 2013
    Posts
    4
    Rep Power
    1

    Default

    Quote Originally Posted by phoenix View Post
    The simple answer is that is incorrect, every forum post on this topic and the wiki article itself tells you it should point to the LAN IP address of your server - you need to fix your DNS records.
    I have taken time and re-installed my zimbra and so far I am able to receive mail but I am still unable to send mail to any domain outside. I painstakingly compared the different flavors of the Operating systems configuration of the split dns and I found out that if I configure SLES DNS outside of the YAST tool it screws up the DNS setup so I put the pieces together to use the YAST tool to configure the split DNS but as of now I am unable to send email to any domain outside. Is there something I am overlooking, are there any troubleshooting pointers that I can run. I have all the mails waiting under deferred. Thank you.

  8. #18
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    I've given you the answer to the cause of your problem in my previous post and because you've obfuscated all the IP address in your post it's impossible to confirm any of your DNS configuration.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #19
    adanso239 is offline New Member
    Join Date
    Oct 2013
    Posts
    4
    Rep Power
    1

    Default

    Quote Originally Posted by phoenix View Post
    I've given you the answer to the cause of your problem in my previous post and because you've obfuscated all the IP address in your post it's impossible to confirm any of your DNS configuration.
    Please find below all the IP's from the top below, I have ran all the commands I posted before except the tail -f /var/log/zimbra.log and will post that if you need that also.

    mail:~ # /opt/zimbra/libexec/zmqstat
    hold=0
    corrupt=0
    deferred=2
    active=0
    incoming=0


    mail:~ # cat /etc/hosts
    #
    # hosts This file describes a number of hostname-to-address
    # mappings for the TCP/IP subsystem. It is mostly
    # used at boot time, when no name servers are running.
    # On small systems, this file can be used instead of a
    # "named" name server.
    # Syntax:
    #
    # IP-Address Full-Qualified-Hostname Short-Hostname
    #

    127.0.0.1 localhost.localdomain localhost
    10.10.10.83 mail.sysdial.com mail

    # special IPv6 addresses
    ::1 localhost ipv6-localhost ipv6-loopback

    fe00::0 ipv6-localnet

    ff00::0 ipv6-mcastprefix
    ff02::1 ipv6-allnodes
    ff02::2 ipv6-allrouters
    ff02::3 ipv6-allhosts


    mail:~ # cat /etc/resolv.conf
    ### /etc/resolv.conf file autogenerated by netconfig!
    #
    # Before you change this file manually, consider to define the
    # static DNS configuration using the following variables in the
    # /etc/sysconfig/network/config file:
    # NETCONFIG_DNS_STATIC_SEARCHLIST
    # NETCONFIG_DNS_STATIC_SERVERS
    # NETCONFIG_DNS_FORWARDER
    # or disable DNS configuration updates via netconfig by setting:
    # NETCONFIG_DNS_POLICY=''
    #
    # See also the netconfig(8) manual page and other documentation.
    #
    # Note: Manual change of this file disables netconfig too, but
    # may get lost when this file contains comments or empty lines
    # only, the netconfig settings are same with settings in this
    # file and in case of a "netconfig update -f" call.
    #
    ### Please remove (at least) this line when you modify the file!
    search sysdial.com
    nameserver 127.0.0.1


    mail:~ # dig sysdial.com mx

    ; <<>> DiG 9.6-ESV-R7-P4 <<>> sysdial.com mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42818
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;sysdial.com. IN MX

    ;; ANSWER SECTION:
    sysdial.com. 172800 IN MX 0 mail.sysdial.com.

    ;; AUTHORITY SECTION:
    sysdial.com. 172800 IN NS mail.sysdial.com.

    ;; ADDITIONAL SECTION:
    mail.sysdial.com. 172800 IN A 10.10.10.83

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 12 11:49:38 2013
    ;; MSG SIZE rcvd: 80


    mail:~ # dig sysdial.com any

    ; <<>> DiG 9.6-ESV-R7-P4 <<>> sysdial.com any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36073
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;sysdial.com. IN ANY

    ;; ANSWER SECTION:
    sysdial.com. 172800 IN SOA mail.sysdial.com. root.mail.sysdial.com. 2013111202 10800 3600 604800 86400
    sysdial.com. 172800 IN MX 0 mail.sysdial.com.
    sysdial.com. 172800 IN NS mail.sysdial.com.
    sysdial.com. 172800 IN A 10.10.10.83

    ;; ADDITIONAL SECTION:
    mail.sysdial.com. 172800 IN A 10.10.10.83

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 12 11:50:20 2013
    ;; MSG SIZE rcvd: 137

  10. #20
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    These results differ from your earlier post so you've now changed the DNS records to reflect your internal LAN IP addresses, correct? The output you've posted seems to be OK. First point, the host command you used earlier to check the IP address is incorrect - you should use backticks not single quotes or as the Split DNS article shows you can use this command:

    Code:
    host $(hostname)
    Second point, your external DNS records show there to be no A record for the MX record - that needs fixing. Third point, what is the reason are these emails deferred? You'll need to look in the log files to find the answer to that, tail the log file and try to send another email and see the reason it gets deferred. Fourth point, have you disabled the firewall and AppArmor on your Zimbra server?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 08-25-2011, 03:41 AM
  2. zimbra split domain problem
    By sandiphw in forum Administrators
    Replies: 0
    Last Post: 06-02-2010, 07:11 AM
  3. Replies: 5
    Last Post: 08-28-2009, 09:35 AM
  4. [SOLVED] Problem w/ split DNS on Ubuntu 6.06
    By LittleLebowski in forum Installation
    Replies: 4
    Last Post: 05-06-2008, 08:18 AM
  5. Split DNS setup help? Ubuntu and zimbra 4.5RC2.
    By nfear24 in forum Installation
    Replies: 2
    Last Post: 01-11-2007, 07:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •