Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Problem setting up split DNS Zimbra 8.0.5 Ubuntu 12.04

  1. #1
    NorthWill is offline Junior Member
    Join Date
    Sep 2013
    Posts
    9
    Rep Power
    1

    Default Problem setting up split DNS Zimbra 8.0.5 Ubuntu 12.04

    I know this topic has been pounded to death on the forums and I apologise for dragging it back up again but I am having a real problem setting up split DNS for my new Zimbra install. Iím sure that it is probably something simple that Iím missing but Iíve been staring at it for too long and cannot see what Iím doing wrong.

    First some background. This is a new install of Zimbra 8.0.5 on Ubuntu 12.04 running on a KVM VM under Ubuntu 12.04. This setup is located behind an Untangle box running in router mode. My local IP is 192.168.0.191.

    My named.conf.local file looks like:

    Code:
    //
    // Do any local configuration here
    //
    
    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    // include "/etc/bind/zones.rfc1918";
    
    include "/etc/bind/rndc.key";
    
    zone "tkdb.ca" {
            type master;
            file "/etc/bind/db.tkdb.ca";
    };
    My db.tkdb.ca file looks like:

    Code:
    $TTL    3600
    @       IN      SOA     ns.tkdb.ca.     hostmaster.tkdb.ca. (
                         2013092501         ; Serial
                               3600         ; Refresh
                               3600         ; Retry
                             604800         ; Expire
                             604800 )       ; Negative Cache TTL
    ;
            IN      NS      192.168.0.191
    
    tkdb.ca.        IN      MX      10 mail.tkdb.ca
    mail.tkdb.ca    IN      A       192.168.0.191
    My /etc/hosts file looks like:

    Code:
    127.0.0.1       localhost mail.tkdb.ca
    192.168.0.191   mail.tkdb.ca    mail
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    dig tkdb.ca mx returns:

    Code:
    ; <<>> DiG 9.8.1-P1 <<>> tkdb.ca mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4608
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;tkdb.ca.                       IN      MX
    
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.191#53(192.168.0.191)
    ;; WHEN: Wed Sep 25 08:56:06 2013
    ;; MSG SIZE  rcvd: 25
    dig tkdb.ca any returns:

    Code:
    ; <<>> DiG 9.8.1-P1 <<>> tkdb.ca any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48393
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;tkdb.ca.                       IN      ANY
    
    ;; Query time: 1 msec
    ;; SERVER: 192.168.0.191#53(192.168.0.191)
    ;; WHEN: Wed Sep 25 08:56:16 2013
    ;; MSG SIZE  rcvd: 25
    host $(hostname) returns
    Code:
    Host mail not found: 3(NXDOMAIN)
    DNS is working on the box and I have a connection to the world as nslookup google.ca returns:
    Code:
    Server:         192.168.0.191
    Address:        192.168.0.191#53
    
    Non-authoritative answer:
    Name:   google.ca
    Address: 173.194.33.31
    Name:   google.ca
    Address: 173.194.33.23
    Name:   google.ca
    Address: 173.194.33.24
    Can anybody see where I went wrong?

    Thanks,
    Last edited by NorthWill; 09-25-2013 at 09:55 AM.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    You really should enclose each command and it's output in code tags (highlight the relevant text and hit the CODE button - it's the # symbol) as it's difficult to read in the format you've posted.

    The simple answer to your question (although you haven't given any indication of what error you're encountering) is that your hosts file is incorrect, go to the Split DNS article and compare you file to the example given there.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    NorthWill is offline Junior Member
    Join Date
    Sep 2013
    Posts
    9
    Rep Power
    1

    Default

    Thanks for the response (and the pointer re: the code tags. I was looking for something like that but I missed that there was an advanced edit menu).

    I've changed my host file to:

    Code:
    127.0.0.1       localhost.localdomain localhost
    192.168.0.191   mail.tkdb.ca    mail
    but I'm still getting the status: SERVFAIL error on the dig commands and host $(hostname) still returns:

    Code:
    Host mail not found: 3(NXDOMAIN)
    The basic problem is that tkdb.ca is not resolvable. I cannot ping tkdb.ca internally or externally. I can log on to the admin console and my test account using the IP address internally but not using the name mail.tkdb.ca. I can send mail from Zimbra but I cannot send mail to Zimbra.

    Thanks,

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    What is in your resolve.conf and is your DNS server authoritative for your domain?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    NorthWill is offline Junior Member
    Join Date
    Sep 2013
    Posts
    9
    Rep Power
    1

    Default

    My resolv.conf is:

    Code:
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 192.168.0.191
    search tkdb.ca
    These settings are controlled from the dns-option entries in my /etc/network/interfaces file but I don't think that matters.

    It doesn't appear that my DNS server is authoritative though. I'll work on that and try again. Thanks for the tip.

  6. #6
    NorthWill is offline Junior Member
    Join Date
    Sep 2013
    Posts
    9
    Rep Power
    1

    Default

    Finally figured it out. The split DNS article at Split DNS - Zimbra :: Wiki is not quite correct in all cases.

    In my case I have a firewall (Untangle) that uses dnsmasq -s to pass through dns queries to the dns nameserver on 192.168.0.191. It seems that that makes the firewall transparent to dns queries so I need to set up my dns nameserver on 192.168.0.191 with the A and MX records pointing to my public address rather than to the internal address. Once I did that the world was a happy place.

    The article at Making Zimbra & BIND Work Together :: Zimbra :: Blog is what I eventually followed although because I am on Ubuntu 12 I only installed the Bind9 package rather than the bind-devel, bind-utils, and caching-nameserver packages. From Part 2, I followed the instructions fairly closely with slight modifications to reflect the different file and folder structure of Ubuntu.

    Thanks,

  7. #7
    NorthWill is offline Junior Member
    Join Date
    Sep 2013
    Posts
    9
    Rep Power
    1

    Default

    I may have spoken too soon.

    I can receive mail from the world but I cannot send anything outside of our local network. Internally I can both send and receive mail. Any mail that I send outside of the local network ends up in the deferred queue. The reason logged is "connect to xxx.com[1.2.3.4.]:25: connection timed out". Port 25 is open on my firewall and it tests ok from the firewall to the mail server. I can resolve the xxx.com domain from the mail server using nslookup so I don't think it is a DNS issue.

    When I test according to the instructions in both articles mentioned above everything looks good.

    dig tkdb.ca mx looks like
    Code:
    ; <<>> DiG 9.8.1-P1 <<>> tkdb.ca mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63341
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;tkdb.ca.                       IN      MX
    
    ;; ANSWER SECTION:
    tkdb.ca.                38400   IN      MX      10 mail.tkdb.ca.
    
    ;; AUTHORITY SECTION:
    tkdb.ca.                38400   IN      NS      ns.tkdb.ca.
    
    ;; ADDITIONAL SECTION:
    mail.tkdb.ca.           38400   IN      A       184.68.38.222
    ns.tkdb.ca.             38400   IN      A       184.68.38.222
    
    ;; Query time: 5 msec
    ;; SERVER: 192.168.0.191#53(192.168.0.191)
    ;; WHEN: Mon Sep 30 09:23:12 2013
    ;; MSG SIZE  rcvd: 95
    dig tkdb.ca any returns
    Code:
    ; <<>> DiG 9.8.1-P1 <<>> tkdb.ca any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16049
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;tkdb.ca.                       IN      ANY
    
    ;; ANSWER SECTION:
    tkdb.ca.                38400   IN      SOA     ns.tkdb.ca. root.tkdb.ca. 3740775733 10800 3600 604800 38400
    tkdb.ca.                38400   IN      NS      ns.tkdb.ca.
    tkdb.ca.                38400   IN      MX      10 mail.tkdb.ca.
    tkdb.ca.                38400   IN      A       184.68.38.222
    
    ;; ADDITIONAL SECTION:
    ns.tkdb.ca.             38400   IN      A       184.68.38.222
    mail.tkdb.ca.           38400   IN      A       184.68.38.222
    
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.191#53(192.168.0.191)
    ;; WHEN: Mon Sep 30 09:23:19 2013
    ;; MSG SIZE  rcvd: 152
    host $(hostname) returns
    Code:
    mail.tkdb.ca has address 184.68.38.222
    Thanks,

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    You haven't followed the Split DNS article. This is not the IP of your Zimbra server:

    Code:
    184.68.38.222
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default

    If your Zimbra server has an RFC1918 (i.e. Private) IP address, it needs to use a DNS server that will resolve the Zimbra server's A and PTR records using that private IP address. That's the core of the Split Domain Wiki article.

    In smaller or single-server Zimbra deployments, it's customary to deploy a separate BIND9 instance on (one of) the Zimbra server instance(s), and configure BIND to be authoritative for the domain in which your Zimbra server lives, i.e. tkdb.ca in your case. The forwarders for that BIND9 instance should be public forwarders, so that the Zimbra server knows where to send email for other domains.

    So if your /etc/hosts file still looks like this (which is correct):
    Code:
    127.0.0.1       localhost.localdomain localhost
    192.168.0.191   mail.tkdb.ca    mail
    but a "dig@ip_of_your_DNS_server mail.tkbd.ca" doesn't give you the 192.168.0.191 IP above, then you as Bill said have a DNS issue.

    It's also important to keep in mind that Zimbra's components use a mix of lookups via both DNS and /etc/hosts, so having one correct isn't sufficient for Zimbra to run. Both have to be picture perfect.

    Hope that helps,
    Mark

  10. #10
    NorthWill is offline Junior Member
    Join Date
    Sep 2013
    Posts
    9
    Rep Power
    1

    Default

    Obviously I am really not getting something. Now I can't send mail externally or internally and I'm pretty much back to where I was when I started this thread.

    I have reconfigured the zone file to be exactly the same as the example in the Split DNS - Zimbra :: Wiki article.

    My hosts file is:
    Code:
    127.0.0.1       localhost.localdomain localhost
    192.168.0.191   mail.tkdb.ca            mail
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost   ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    My resolv.conf shows:
    Code:
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 192.168.0.191
    search tkdb.ca
    dig tkdb.ca any gives me the same message "status: SERVFAIL" that I was originally getting. Here is the output from dig tkdb.ca any
    Code:
    ; <<>> DiG 9.8.1-P1 <<>> tkdb.ca any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26257
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;tkdb.ca.                       IN      ANY
    
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.191#53(192.168.0.191)
    ;; WHEN: Mon Sep 30 12:11:50 2013
    ;; MSG SIZE  rcvd: 25
    dig @192.168.0.191 tkdb.ca gives me the same.

    It seems to me that my dns server on 192.168.0.191 is not resolving anything. If I do an nslookup yahoo.com for example it returns the correct IP but I expect that is because of my forwarders and not because of my local dns server. What am I missing?

    Thanks,

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Replies: 2
    Last Post: 08-25-2011, 03:41 AM
  2. zimbra split domain problem
    By sandiphw in forum Administrators
    Replies: 0
    Last Post: 06-02-2010, 07:11 AM
  3. Replies: 5
    Last Post: 08-28-2009, 09:35 AM
  4. [SOLVED] Problem w/ split DNS on Ubuntu 6.06
    By LittleLebowski in forum Installation
    Replies: 4
    Last Post: 05-06-2008, 08:18 AM
  5. Split DNS setup help? Ubuntu and zimbra 4.5RC2.
    By nfear24 in forum Installation
    Replies: 2
    Last Post: 01-11-2007, 07:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •