DNS: Difference between revisions

No edit summary
 
No edit summary
(6 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{BC|Community Sandbox}}
__FORCETOC__
<div class="col-md-12 ibox-content">
=DNS=
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}}
{{Archive}}{{WIP}}
Here's a quick overview of what you need:
Here's a quick overview of what you need:


Line 11: Line 17:
Something like this is the file you need. This sets itself up as the SOA for the domain.com domain, sets the NS record to be zcs.domain.com, standard timeout stuff, then adds one MX record, plus the A record that corresponds to the MX record.
Something like this is the file you need. This sets itself up as the SOA for the domain.com domain, sets the NS record to be zcs.domain.com, standard timeout stuff, then adds one MX record, plus the A record that corresponds to the MX record.


 
<tt>
$TTL 3D @ IN SOA zcs.domain.com. zcs.marcmac.com. (  
$TTL 3D @ IN SOA zcs.domain.com. zcs.marcmac.com. (  
                    2005110200
:                    2005110200
                    8H ; refresh, seconds  
:                    8H ; refresh, seconds  
                    2H ; retry, seconds  
:                    2H ; retry, seconds  
                    4W ; expire, seconds  
:                    4W ; expire, seconds  
                    1D ) ; minimum, seconds  
:                    1D ) ; minimum, seconds  
;  
;  
                    NS zcs ; Inet Address of name server  
:                    NS zcs ; Inet Address of name server  
                    MX 10 zcs.domain.com. ; Primary Mail Exchanger  
:                    MX 10 zcs.domain.com. ; Primary Mail Exchanger  
;  
;  
zcs A 1.2.3.4  
zcs A 1.2.3.4
mail CNAME zcs ; CNAME for a common nickname  
 
otherhost A 1.2.3.5 ; another host, for example  
mail       IN CNAME zcs ; CNAME for a common nickname  
www CNAME otherhost ; with a nickname
 
otherhost IN A 1.2.3.5 ; another host, for example  


www        IN CNAME otherhost ; with a nickname


</tt>


So, drop that in the domain.com file in /var/named/data (or /var/named/chroot/var/named/data, depending).
So, drop that in the domain.com file in /var/named/data (or /var/named/chroot/var/named/data, depending).
Line 33: Line 43:
In /etc/named.conf (or /var/named/chroot/etc/named.conf), you'll put:
In /etc/named.conf (or /var/named/chroot/etc/named.conf), you'll put:


<tt>




options {  
options {  
        directory "/var/named";  
:        directory "/var/named";  
        dump-file "/var/named/data/cache_dump.db";  
:        dump-file "/var/named/data/cache_dump.db";  
        statistics-file "/var/named/data/named_stats.txt";  
:        statistics-file "/var/named/data/named_stats.txt";  
};  
};
include "/etc/rndc.key";  
include "/etc/rndc.key";  


zone domain.com {  
zone domain.com {  
        type master;  
:        type master;  
        file "/var/named/data/domain.com";  
:        file "/var/named/data/domain.com";  
};
};


</tt>




Line 58: Line 71:


Another CAVEAT - Run named chrooted, as a non-root user. Bind is known for exploits, and being hacked is a drag. My examples are just to get you going, and aren't intended as a Bind security primer.
Another CAVEAT - Run named chrooted, as a non-root user. Bind is known for exploits, and being hacked is a drag. My examples are just to get you going, and aren't intended as a Bind security primer.
=== Firewall and DNS ===
If you are running a ZCS installation that is behind a firewall and has its IP address masked using NAT, mail delivery may not work correctly if the internal IP address is not listed in DNS.  In order to reconcile the private and public IP addresses in DNS, you may need to set up Split DNS.  More information on Split DNS configuration is available on the [[Incoming_Mail_Problems#Split_DNS|Incoming Mail Problems]] page.
{{Article Footer|Zimbra Collaboration 8.6, 8.0|04/16/2014}}
[[Category:Architecture and Components]]

Revision as of 17:44, 11 July 2015

DNS

   KB 1292        Last updated on 2015-07-11  




0.00
(0 votes)

Here's a quick overview of what you need:

First, remember that you need to set up an MX record for the DOMAIN, which points to the A record for the HOST, which will be the IP ADDRESS of the box running zimbra.

Example: Zimbra is running on zcs.domain.com, IP 1.2.3.4 You send mail to user1@domain.com

Postfix will look up the MX record for domain.com, which will return zcs.domain.com, IP address 1.2.3.4.

Something like this is the file you need. This sets itself up as the SOA for the domain.com domain, sets the NS record to be zcs.domain.com, standard timeout stuff, then adds one MX record, plus the A record that corresponds to the MX record.

$TTL 3D @ IN SOA zcs.domain.com. zcs.marcmac.com. (

2005110200
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
NS zcs ; Inet Address of name server
MX 10 zcs.domain.com. ; Primary Mail Exchanger

zcs A 1.2.3.4

mail IN CNAME zcs ; CNAME for a common nickname

otherhost IN A 1.2.3.5 ; another host, for example

www IN CNAME otherhost ; with a nickname


So, drop that in the domain.com file in /var/named/data (or /var/named/chroot/var/named/data, depending).

In /etc/named.conf (or /var/named/chroot/etc/named.conf), you'll put:


options {

directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";

};

include "/etc/rndc.key";

zone domain.com {

type master;
file "/var/named/data/domain.com";

};


A note about chrooting - most name servers run in a chrooted environment - so, you'll create the files in /var/named/chroot/whatever - but remember, when named is running, it's paths are relative to the chroot - so when you REFER to a file (as I do above in the named.conf snippet) you'll have absolute paths that are relative to the chroot.

Is it chrooted? Check /etc/sysconfig/named for a ROOTDIR value. If it's present, then that's your chroot.

Also, make sure that this nameserver is listed first in resolv.conf. Also, if there are other hosts in this domain, you should add them, too - or you won't be able to resolve them.

CAVEAT - I haven't touched my named config in a while, so more recent bind versions may be pickier than mine - but this should work.

Another CAVEAT - Run named chrooted, as a non-root user. Bind is known for exploits, and being hacked is a drag. My examples are just to get you going, and aren't intended as a Bind security primer.

Firewall and DNS

If you are running a ZCS installation that is behind a firewall and has its IP address masked using NAT, mail delivery may not work correctly if the internal IP address is not listed in DNS. In order to reconcile the private and public IP addresses in DNS, you may need to set up Split DNS. More information on Split DNS configuration is available on the Incoming Mail Problems page.

Verified Against: Zimbra Collaboration 8.6, 8.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=DNS Date Modified: 2015-07-11



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search