Multiple-Server DNS settings

[Vimm]

I'm trying to figure out what the DNS settings should be for a multiple server installation so I can get it right on the first try. All the instructions I see indicate I need an A and MX record for "the" server, but that's not much help when I'm working with three servers (LDAP, Mailbox, and MTA). Which is "the" server? From what I can tell the mailbox server seems to be running all the services (webmail, admin, IMAP, POP, etc) so I should point my A record there, but what about my MX record? Shouldn't that be pointing to the MTA server? And what if I add more Mailbox servers? Do I need multiple sub-domains? But then won't I need multiple certificates? The installation guide doesn't give me much to go on here. It's all incredibly foggy and I could really use some clarification.

http://www.zimbra.com/docs/ne/latest...1.html#1073993

Quote:

DNS Configuration Requirement

In order to send and receive email, the Zimbra MTA must be configured in DNS with both A and MX records. For sending mail, the MTA uses DNS to resolve hostnames and email-routing information. To receive mail the MX record must be configured correctly to route the message to the mail server.

During the installation process ZCS checks to see if you have an MX record correctly configured. If it is not, an error is displayed suggesting that the domain name have an MX record configured in DNS.

You must configure a relay host if you do not enable DNS. After ZCS is installed, go to the Global Settings>MTA tab on the administration console and uncheck Enable DNS lookups. Enter the relay MTA address to use for external delivery.

Note: Even if a relay host is configured, an MX record is still required if the ZCS server is going to receive email from the internet.

Edit: For example, say this is my configuration.

Domain: mydomain.com (mail@mydomain.com)

Servers:
ldap.mynetwork.com
maibox.mynetwork.com
mta.mynetwork.com

DNS:
A - mydomain.com -> maibox.mynetwork.com
MX - mydomain.com -> mta.mynetwork.com

SSL Cert:
mydomain.com installed on maibox.mynetwork.com

Would that be correct? It seems like something's missing to me...

[phoenix]

The answer is in your quote:

Quote:

In order to send and receive email, the Zimbra MTA must be configured in DNS with both A and MX records. For sending mail, the MTA uses DNS to resolve hostnames and email-routing information. To receive mail the MX record must be configured correctly to route the message to the mail server.

- the MTA (i.e. postfix).

[Vimm]

That's fine if I need to point both an A and MX record at the MTA server, but then how are people supposed to connect to the webmail on the Mailbox server without an A record? The only way I see to do that is to make it a sub-domain with a seperate A record, but then I need a second SSL Cert for it. Is that the only solution? I need to shell out for two certs?

Edit:
Or is the SSL cert is only needed on the Mailbox server? I would like to use SSL for both webmail and IMAP, and it would be nice if it could all be done using one FQDN on the user's end (and one cert on mine). I've gotten it working fine on one server but I'm trying to figure out how it all fits together when it's split across 3 servers. I'm also trying to cut my certs and I need to know how many I need and for what domains. The multi-server documentation often refers to "the server" or "the ZCS server" which is kinda vague.

So if mailbox needs an A record, and MTA needs an A record, and they both use SSL, wouldn't that mean I need two A records and two certs?