Setting up Zimbra using a dynamic IP
This article discusses a procedure for preparing a Zimbra environment with a dynamic IP address. It is assumed that the basic hardware and operating system requirements to run Zimbra have been met. It is also assumed that a domain name has been purchased prior to following this document. NOTE: It is vital that this preparation is done before setting up Zimbra on the server. Otherwise, the software might fail to install correctly or may not be capable of sending or receiving emails.
This document will use 192.168.1.2 as the private IP address, domain.org as the domain, mail as the server name and mail.domain.org as the FQDN hostname.
Configuring server hostnames
First, it is important to make sure that the hostname of the server and the fully-qualified domain name (FQDN) hostname match. For instance, on a Debian system, the output from running commands hostname and hostname -f should be the same.
$user@mail:~$ hostname mail.domain.org
$user@mail:~$ hostname -f mail.domain.org
If they are not, then ensure that the hostname file includes an entry for the FQDN hostname of the server pointing to its own private IP address.
Setting up split DNS
If the server is behind a firewall or uses a NAT address, it will need a Split DNS for Zimbra to install properly. The Split DNS allows the server to resolve the domain name to its own internal address, while allowing everyone outside of the firewall to resolve the domain name to its public IP (or WAN) address. There are several tutorials for configuring split DNS, such as this one.
Final result: Upon performing a DNS lookup using nslookup or dig on the server, one should receive output similar to that shown below:
$user@server:~$ nslookup domain.org Server: 192.168.1.2 Address: 192.168.1.2#53 Name: domain.org Address: 192.168.1.2
user@mail:~$ dig domain.org ; <<>> DiG 9.4.2-P2 <<>> domain.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18664 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;domain.org. IN A ;; ANSWER SECTION: domain.org. 604800 IN A 192.168.1.2 ;; AUTHORITY SECTION: domain.org. 604800 IN NS mail.domain.org. ;; ADDITIONAL SECTION: domain.org. 604800 IN A 192.168.1.2 ;; Query time: 7 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Wed May 20 11:59:49 2009 ;; MSG SIZE rcvd: 86
Configuring a dynamic DNS service
Since dynamic IP addresses are unreliable and change throughout the day, a dynamic DNS name will be required to make sure that the server can be reached at all times. Fortunately, these services are usually free and are easy to maintain, with the caveat that the top-level domain (TLD) name is pre-assigned. Some popular dynamic DNS services are DynDNS and No-IP.
First, set up a dynamic DNS name and have it point to your current IP address. This will change later, but we want to ensure that it works. Afterwards, ping the DNS name and make sure that it points to the IP address specified during registration. If it does not, then consult with the service provider to fix.
Afterwards, download a dynamic DNS client on the server so that it can sync changes in the IP address to the DNS name on-the-fly. Some routers also provide built-in dynamic DNS updaters; these are required for recognizing the DNS name behind the firewall (provided that the router's WAN address is also not behind a firewall).
For this document, assume that mail.dns-domain.org' is the dynamic DNS name for this server.
Configuring CNAME and MX records
In most cases, the owner of a domain will have a static IP dedicated to that domain. This means that the domain can have a HOST (A) record, which will allow the Internet to point the domain name to the IP address AND the IP address back to the domain name (round resolving). However, since a dynamic IP is used in this scenario, configuring an A record is not possible. Instead, we will have to create an ALIAS (CNAME) from the MAIL sub-domain (and all other desired subdomains) to the dynamic DNS service. Following this step correctly is crucial to binding the selected domain name to the dynamic DNS service.
mail.domain.org CNAME mail.dns-domain.org
Additionally, MX records will need to be configured so that other mail servers know where to send mails to. In this case, we will cheat a bit and set the MX record for the domain to point to the mail CNAME AND the dynamic DNS name.
;the number is the priority of the record @ 0 MX mail.domain.org @ 5 MX mail.dns-domain.org
NOTE. Technically, MX records are not allowed to point to CNAMEs on a domain. However, since there is no A record for the domain in this scenario, there is no other choice but to do this.
NOTE 2. Do not edit the nameservers on the domain. These are the DNS servers that drive your domain, and are needed for it to function properly.
Important to note is that this configuration willl NOT round resolve. That is, when a reverse DNS check is done on whatever IP address the DNS name has at the time, it will point to whomever hosts the IP address, which will not be the domain. Unfortunately, since mails from zombies and botnets also fail to round resolve, most mail servers will reject mail coming from such a domain. This implies that mail sent out from the Zimbra server will need to be relayed either through an ISP or an external SMTP server.
To learn how to set this up in Zimbra, please click here.
Final result: Upon running a DNS check from outside of the firewall, these or similar results should turn up:
dig mail.domain.org ANY:
; <<>> DiG 9.3.2 <<>> @localhost mail.domain.org ANY ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16564 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.domain.org. IN ANY ;; ANSWER SECTION: mail.domain.org. 2759 IN CNAME mail.dns-domain.org. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed May 20 18:35:15 2009 ;; MSG SIZE rcvd: 77
dig domain.org MX:
; <<>> DiG 9.3.2 <<>> @localhost domain.org MX ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37956 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;domain.org. IN MX ;; ANSWER SECTION: domain.org. 3600 IN MX 0 mail.domain.org. domain.org. 3600 IN MX 5 mail.dns-domain.org. ;; Query time: 107 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed May 20 18:36:54 2009 ;; MSG SIZE rcvd: 95
Setting up the Zimbra Server
After the successful completion of these steps, the server should be ready to install Zimbra and work "out of the box." Good luck!