Thanks will test and reply so that all can learn from it.
Thanks ...hold thumbs
Sorry for delay, you know how it goes.
The final result of the testing and configuring is as follow:
If you want to run two Zimbra servers in the same DMZ then do the following:
1.First read the Split DNS as per the WIKI
2. What is split DNS? It is the Zimbra mail server that has got Bind installed and act as its own DNS server and only using the forwarders for sending mail out.
3. Setup both domains/mail servers with it's own Zimbra server and split DNS.
4. Setup your firewall with DNS/Bind installed. (Your firewall will act as your DNS server)
5. Configure your DNS/Firewall server with the two zones of the two domains you want to use.(If you struggle with command line then use Webmin to assist you; please see on the Webmin website howto install it on your distribution of Linux etc.)
6. Setup your forwarders on both mail servers to point to your Firewall/DNS server.
7. You should now be able to run a dig command on both mail servers and the result should point to each others DMZ IP address as a resolve.
8. At this stage you should be able to send mail between each other and to any other email address on the internet.
9. To get mail to your mail servers you have to have your DNS settings correct at your ISP side and they have to point to your static IP address on your Firewall side.
10. In your Firewall you have to NAT/MAP your external IP to your internal DMZ IP
This worked for me and thus far we do not seem to have any problems.
Should there be any mistakes above, then please feel free to correct me, after all we are all still human or so they say
Thanks for posting the update.
One point about something you mentioned earlier:
Hi Bill & Other
So when you say to the root DNS servers, you mean the firewall DNS root DNS as cashing server?
If that is the case, the current mail servers does query the firewall/dns combination first as their root DNS server.
Am I understanding it correctly?
What I'm saying is that your firewall DNS server should not forward DNS requests (I'm assuming this is BIND?) to your ISPs DNS server, what you should do is forward DNS requests to the root DNS servers for anything that it isn't authoritative.