configuring multiple domains on a single server

[tbullock]

If you want the outside world to be able to email your other domains you will.

If you are just worried about one of your Zimbra users from domain1 to be able to email a Zimbra user in domain2 then I don't think you will need to.

I had that problem when I set up my test server back in '05. I created a domain name that duplicated the domain name on my old Sendmail machine. When I created my test account and tried to send emails to my fellow domain email users on sendmail it would bounce because Zimbra was looking at itself as the mail server for my domain and not going to my DNS server to find the actual MX record. Obviously I had no accounts set up as it was just a test machine so I could not send mail to my collegues.

Perhaps that has changed but you can just create a domain create a test account and see if you can send mail to it without making the MX record in your DNS. If it bounces then maybe the behaviour I saw in '05 was a bug and they fixed it :-)

[forexmgr]

Ok looking for someone with DNS knowledge to help me.

This is the current situation.

We have 6 different mail domains hosted with a company (the DNS for the domains is housed here - call them OLD.NS1-2) - all of these domains are production and have to be moved in-house. We have chose Ubuntu 6.10 server and Zimbra to be the desired solution.

We sit behind a firewall and do NAT so split DNS needs to be used and ports 25 and 110 have been opened. We do not have our own in-house DNS. We have the two DNS server addresses from our ISP (call them ISP.NS1-2).

We have decided to use dnsmadeeasy.com as our DNS when we migrate the mail servers. They have provided 5 name servers (call them NEW.NS1-5). We have moved a small mail domain (mail.domain2.com) to the new DNS provider for testing.

The plan is to build the Ubuntu Server with a default domain of mail.domain1.com (our largest mail domain) and then add the other domains in using the Zimbra Multiple Domain functionality.

Steps so far

1. Built the server, can browse the internet.

2. cat /etc/hosts

127.0.0.1 localhost.localdomain localhost
192.168.1.xxx mail.domain1.com mail

3. cat /etc/resolv.conf

nameserver ISP.NS1
nameserver ISP.NS2

4. host `hostname`

Host mail not found: 3(NXDOMAIN)

5. nslookup mail.domain1.com

Server: ISP:NS1
Address: ISP:NS1#53

Non-authorative answer:
Name: mail.domain1.com
Address: External IP addr

6. apt-get install bind9

7. Ok - now I use - I got Ubuntu and Zimbra working

8. Configure named.conf.options and enter the DNS forwarders

forwarders {
ISP.NS1;
ISP.NS2;
};

9. Append the zone to the named.conf.local file

// We are the master server for mail.domain.com
zone "mail.domain1.com" {
type master;
file "db.mail.domain1.com";
};

10. Create the Zone file "db.mail.domain1.com"

;
; Addresses and other host information.
;
@ IN SOA mail.domain.com. hostmaster.mail.domain.com. (
10118 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
; Define the nameservers and the mail servers
IN NS 192.168.1.xxx
IN A 192.168.1.xxx
IN MX 10 mail.domain1.com.

11. Modify the /etc/resolv.conf file with local ip addr as the name server & cat /etc/resolv.conf

nameserver 192.168.1.xxx

12: /etc/init.d/networking restart

13: /etc/init.d/bind9 reload

14. Ok so I can still browse the net

15. host `hostname`

Host mail not found: 3(NXDOMAIN)

16. nslookup mail.domain1.com

Server: 192.168.1.xxx
Address: 192.168.1.xxx#53

Non-authorative answer:
Name: mail.domain1.com
Address: External IP Addr

17. named-checkzone mail.domain1.com db.mail.domain1.com

zone mail.domain1.com/IN: loading master file db.mail.forexmgr.com: file not found

Resolution: Copied the db.mail.forexmgr.com to /etc/bind
This is strange as the named.conf.options specifies the directory it will look for it in /var/cache/bind

18. Reload again

19. host `hostname`

Host mail not found: 3(NXDOMAIN)

20. nslookup mail.domain1.com

Server: 192.168.1.xxx
Address: 192.168.1.xxx#53

Non-authorative answer:
Name: mail.domain1.com
Address: External IP Addr

21. named-checkzone mail.domain1.com db.mail.domain1.com

db.mail.forexmgr.com:4: no TTL specified using SOA MINTTL instead
db.mail.forexmgr.com:11: NS Record '192.168.1.xxx' appears to be an address
zone mail.forexmgr.com/IN: loaded serial 10118
OK

Alright this is the point I am at.

I am still getting the Host mail not found: 3(NXDOMAIN) from the host `hostname` - I am sure this should resolve to the local ip addr of 192.168.1.15

Anyone any suggestions? Also does the config look correct?

Any help greatly appreciated, I would like to be sure the DNS is correct before I start the Zimbra install and configuration.

Thanks

[phoenix]

You said this earlier:

Quote:

We have 6 different mail domains hosted with a company (the DNS for the domains is housed here - call them OLD.NS1-2) - all of these domains are production and have to be moved in-house. We have chose Ubuntu 6.10 server and Zimbra to be the desired solution.

Does that mean that your six domains are hosted on your own internal DNS server?

[forexmgr]

Hi Bill,

We do not have an internal DNS server. When I arrived here, there was no network, we are only starting to put it in place. I have tried to set up the Split-DNS on the mail server.

The DNS servers we use are the ISP, we have our T-1 with.

The company hosting our mail and web servers have their own DNS. Because the boss wants to cancel the contract with them, I got stuck with this project.

We have just signed up with DNSMadeEasy.

Hope that helps

[phoenix]

Duh, it would help if I read your post as you've said that already. None of the external DNS settings will work because you don''t have the split-DNS set-up yet.

I must be being a bit dumb today but I thought you'd installed a DNS server to get Zimbra up and working?

[forexmgr]

I rebuilt the server server and have installed BIND9 on the mail server to try and get the suite to work. The Boss doesn't want to house internal DNS servers because he doesn't want the admin hassles.

I have configured everything as per the how tos, so it has to be something simple.

I hope

[phoenix]

That's OK, all your DNS should be done externally (for security) and your internal DNS only handles your LAN and pushes all other requests out to other DNS servers.

Let's go through tis step by step. Post the details of your DNS config files, the /etc/hosts file and your resolv.conf file. What's the internal domain name that you're using and the FQDN of your zimbra server?

[forexmgr]

1. cat /etc/hosts

127.0.0.1 localhost.localdomain localhost
192.168.1.15 mail.forexmgr.com mail

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

2. cat/etc/resolv.conf

nameserver 192.168.1.15

3. FQDN: mail.forexmgr.com

What else do you need mate?

[phoenix]

You need to add this to your resolv.conf:

Code:

search forexmgr.com

before the IP address line.

You should also disable IPv6. Is there any firewall enabled (or SElinux if your o/s has it)? If there is you need to disable them.

Can you post the configuration files for your DNS server? Is Zimbra installed at the moment and if it is does it come up OK?

[forexmgr]

Ok made the changes.

1. named.conf

Isn't changed

2. named.conf.local

//
// Do any local configuration here
//

// We are the master server for mail.forexmgr.com
zone "mail.forexmgr.com.com" {
type master;
file "db.mail.forexmgr.com";
};

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

3. named.conf.options

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.

// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
65.170.44.10;
208.6.232.10;
};

auth-nxdomain no; # conform to RFC1035

// By default, name servers should only perform recursive domain
// lookups for their direct clients. If recursion is left open
// to the entire Internet, your name server could be used to
// perform distributed denial of service attacks against other
// innocent computers. For more information on DDoS recursion:
// http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-0987

allow-recursion { localnets; };

// If you have DNS clients on other subnets outside of your
// server's "localnets", you can explicitly add their networks
// without opening up your server to the Internet at large:
// allow-recursion { localnets; 192.168.0.0/24; };

// If your name server is only listening on 127.0.0.1, consider:
// allow-recursion { 127.0.0.1; };

};

4. db.mail.forexmgr.com

;
; Addresses and other host information.
;
@ IN SOA mail.forexmgr.com. hostmaster.mail.forexmgr.com. (
10118 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
; Define the nameservers and the mail servers
IN NS 192.168.1.15
IN A 192.168.1.15
IN MX 10 mail.forexmgr.com.

Whats next?