Results 1 to 10 of 10

Thread: MTA Sub-Domain to Domain Translation

  1. #1
    Join Date
    Aug 2007
    Location
    Vienna/Austria
    Posts
    15
    Rep Power
    8

    Default MTA Sub-Domain to Domain Translation

    Greetings,

    And apologies for yet another post addressing DNS issues, but what looked like a straightforward setup is turning into a major headache.

    I'd like to integrate a new Zimbra installation into a private LAN setup. DNS is provided with local authority only (i.e., 192.168.2.0/24 <-> sub-domain.mydomain.com). NS and other public services for mydomain.com are currently handled by an outside provider.

    Bucking the current trend to sign away control over data and interface, I decided to take mail services for mydomain.com in-house using port forwarding from/to the filtering gateway serving my (private) sub-domain. 'Public' NS for mail services will still be handled by my ISP, with A records and MX for 'mail.mydomain.com' and 'webmail.mydomain.com' pointing to the gateway's WAN address. For the sake of consistency, and sanity, I'd like the mail server to become part of my (private) sub-domain with a corresponding entry into my (private) DNS server's zone file.

    Obviously, some kind of translation between the two worlds will be needed. According to the documentation, Zimbra requires a resolvable local address for communication between the MTA and mail store; my users (and my ISP's smart relay host) require a globally visible domain name.

    I've looked into the proposed 'split DNS' solution. However, this runs contrary to what I had in mind. If I understand correctly, I'd be pretending to run a public machine from within a private address space with the help of duplicate, albeit separate, authorities!? To add complexity to non standard behavior, I would need to throw in a third authority for 'mail.sub-domain.mydomain.com' to complement both the ISP's public and the machine's limited zone file. This decidedly goes against both the consistency and sanity requirements ;-)

    Apart from split DNS personalities, is there any other way to handle this (surely not too uncommon) situation? I'm no Postfix buff, but I assume that some kind of user, user group, and domain name translation must be possible. However, I'm afraid that this might break communication among the different parts of the Zimbra suite.

    Any pointers greatly appreciated.

    Mike

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Welcome to the forums.

    Split DNS is the answer to your problems and is a well accepted solution to this type of requirement. Your Zimbra (postfix) server needs to have an address that can be resolved by DNS, that is your private lan IP. There's no more to it than that.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Aug 2007
    Location
    Vienna/Austria
    Posts
    15
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    Welcome to the forums.
    Thanks for having me.

    Quote Originally Posted by phoenix View Post
    Split DNS is the answer to your problems and is a well accepted solution to this type of requirement. Your Zimbra (postfix) server needs to have an address that can be resolved by DNS, that is your private lan IP.
    For testing purposes, I simply pasted the WIKI approach into my existing DNS setup (separate zone for 'server.mydomain.com'); and, well, it ain't pretty, but it sure works! How would I set up aliases (mail, webmail, etc) for that machine though? Plus, there are assorted other public services for 'mydomain.com' that are still being handled, and resolved, by an outside provider, so simply becoming authorative for the whole shebang (view or no) won't work.

    I realize that this is beyond the scope of this forum; but I figured while we're at it, I might as well ;-) I'm a bit out of my league bind9-wise here, so any pointers will be greatly appreciated.

    Bests,

    Mike

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    If you want to add a records for your www then just add an A record (in your local bind) pointing to your server. From your point of view (on the LAN) you just want to be able to resolve the IP for the various services (including Zimbra) and there's no problem running a local DNS server to do that. The external DNS records will point to your public IP and external users will still resolve those addresses correctly.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Aug 2007
    Location
    Vienna/Austria
    Posts
    15
    Rep Power
    8

    Default

    Bill,

    Thanks a lot for your lightning-fast reply. Much appreciated!

    Quote Originally Posted by phoenix View Post
    If you want to add a records for your www then just add an A record (in your local bind) pointing to your server.
    Well, there's the rub. I will have mobile users wandering hither and fro between the big wide world and our private sub-domain, expecting to always find 'mail.mydomain.com' and 'webmail.mydomain.com' no matter where they are.

    Again, local DNS is authorative for 192.168.2.0/24 only, so 'sub-domain.mydomain.com' only exists within the confines of our LAN. Currently, all services and NS for our *public* incarnation, 'mydomain.com', are being handled by a third party. For now, I only want to move mail services inside the LAN. Our ISP will update his records to have A and MX point to our gateway machine, and simply tacking zone authority for 'zcs.mydomain.com' on to my existing bind implementation does the trick--for that particular host name. If I simply added A records for 'mail' and 'webmail' to my existing implementation, those would resolve to 'sub-domain.mydomain.com' and not 'mydomain.com' as intended.

    What I'll need to make it work for my users who've become used to 'mail' and 'webmail' aliases for our mail services is a split DNS solution that will resolve *internal* queries for 'mail.mydomain.com' and 'webmail.mydomain.com' to 'zcs.mydomain.com' with its private address, and nothing more. All other internal queries for services within 'mydomain.com' (e.g., 'www', 'mysql') need to be served by our ISP's NS.

    If I simply assumed (local) authority over 'mydomain.com' on top of 'sub-domain.mydomain.com', I'd be forced to keep track of all public services and corresponding addresses my ISP feels like throwing my way just for two measly host aliases. On the other hand, I can't for the life of me figure out how to patch them into the split-DNS zone file example?

    Again, this decidedly is a DNS issue which probably owes too much to my stubborn refusal to see the forest for the trees. The more so I appreciate your continued input.

    Bests,

    Mike

  6. #6
    Join Date
    Aug 2007
    Posts
    3
    Rep Power
    8

    Thumbs up Split-DNS sounds like my cure--Can you Help A Rookie Out? :)

    oops, see below heh
    Last edited by DannyH; 08-19-2007 at 02:38 AM.

  7. #7
    Join Date
    Aug 2007
    Posts
    3
    Rep Power
    8

    Thumbs up Split-DNS sounds like my cure--Can you Help A Rookie Out? :)

    Quote Originally Posted by rmike View Post
    Bill,



    Well, there's the rub. I will have mobile users wandering hither and fro between the big wide world and our private sub-domain, expecting to always find 'mail.mydomain.com' and 'webmail.mydomain.com' no matter where they are.


    Bests,

    Mike
    Mike and Bill,

    I cannot believe I finally found a topic directly proportionate to the situation I am in currently! Let me give you guys as brief a detailed overview as I can....

    I would definately like to know the resolution to your questions Mike, and to go tenatively a step further, I'd love some information or link to some "Rookie friendly, How-To" material to set a "split-dns" solution on my linux servers for the business my Father and I are starting, a Wireless ISP, about 60 miles from our home office. We are wanting to offer Web and Email hosting, Calender Sharing, Centrally located Document sharing/publishing, Messaging etc for ourselves internally on the LAN, our employees out of town via WAN/HTTP etc, and to our WISP customers over there as well via WAN/HTTP access. Shared calenders, messaging, document sharing, some application sharing and our CRM are our main needs right now to provide accessibility to everyone in both locations as affordably as possible with intentions of extending services to our customer base there in the near future.

    I'm no Linux guru, nor a DNS/Hosting expert by far but am what I'd say an upper-level Intermediate Linux/Network admin, self-taught in the Red Hat environment and learn pretty quickly, provided I know where to look for the information. Our LAN Servers will be here at my home office at my disposal for local administration.

    We will be hosting our www's and email internally here. My public domain(s) are parked at Network Solutions and we use their Name Servers, if you say it's do-able, while using Zimbra for our LAN/WAN hosting solutions. I would like to leave my "mail.ourdomain.com" with them on their Name Servers and simply point things to my Public IP's so as not to have to host the Name Servers myself internally; The "split-DNS" scenario you're working through, Mike.
    We have been very blessed with this opportunity over there, as we will be the only game in about a 300 square mile area and it's already taking off so fast now and we're not even set up over there yet so I need to move forward as fast as I can to get my infrastructure and services put together correctly on my LAN so we can get the doors open over there and the services up and going and our needs met. Any advice or help you guys could throw my way; links, documents, How-To's etc I would so greatly appreciate it and anything I could do to return the favor, I'd be more than happy. Thanks you guys, and God Bless you! Oh, I'm moving to Ubuntu from FC5 on the 3 servers I've got dedicated to this project; good move or bad one? Thanks again!


    Danny Hatten
    SpeedLine Voice and Wireless LLC

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by rmike View Post
    Again, local DNS is authorative for 192.168.2.0/24 only, so 'sub-domain.mydomain.com' only exists within the confines of our LAN. Currently, all services and NS for our *public* incarnation, 'mydomain.com', are being handled by a third party. For now, I only want to move mail services inside the LAN. Our ISP will update his records to have A and MX point to our gateway machine, and simply tacking zone authority for 'zcs.mydomain.com' on to my existing bind implementation does the trick--for that particular host name. If I simply added A records for 'mail' and 'webmail' to my existing implementation, those would resolve to 'sub-domain.mydomain.com' and not 'mydomain.com' as intended.
    I don't understand why you're using a subdomwain on your LAN. You need external DNS A & MX records and you've got those for your domain.com pointing to your external IP - correct? All you need to do is replicate that structure on your local DNS with the obvious difference that your IP will point to 192.168.x.x. That's exactly what I have on my own server and that's what the Split DNS article describes. From the wiki:

    Code:
                   IN      A       
                   IN      MX      10 server.example.com.
    
    would be
    
                   IN      A       192.168.1.10
                   IN      MX      10 server.domain.com.
    Note that the MX record is the FQDN (Fully Qualified Domain Name) of your server, it's not a sub-domain.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    Join Date
    Aug 2007
    Posts
    3
    Rep Power
    8

    Default

    Bill,
    Thanks for that link to the Split DNS topic. It makes a little more sense now. Would I need a seperate DNS server, or could I run DNS for my local domain on the same machine that I'll be running Zimbra and some type of Groupware or ERP on? I'm still reviewing the features and functions of Zimbra and trying to figure out what all software I'm going to need to accomplish all of this....too bad noone's found a magic software bean yet heh




    Danny

  10. #10
    Join Date
    Aug 2007
    Location
    Vienna/Austria
    Posts
    15
    Rep Power
    8

    Default

    Bill & Danny,

    I apologize for making this sound more complicated than it probably is. It's the first time I'm setting up a public service that's not directly facing the Internet, and all that DNS shuffling back and forth apparently has gotten to me. (At least it's listed under 'advanced topics' with the bind folks, so there...)

    Just to clarify my current situation, the WIKI split-dns solution works. It even works when I verbatim shift both zone declaration and zone file from a machine (i.e., zcs host) bind implementation to my LAN bind, which until now was authorative for my sub-domain only. I don't know whether this is the sanest approach; but, again, it works.

    Now, taking this setup a step further, I need to throw in assorted aliases for my zcs server. If I understand correctly, I have just told my local bind to become authorative for 'zcs.mydomain.com' (machine) in addition to 'sub-domain.mydomain.com' (network)?

    What I need now are either A or CNAME records pointing to 'zcs.mydomain.com' from my local bind. Example: mail.mydomain.com -> zcs.mydomain.com. I cannot, or won't, drop the sub-domain spiel (geographically disparate locations, security-by-obscurity, etc); nor do I want to entirely grap NS for mydomain.com and set up a split-dns solution using views.

    I've toyed around with various settings in both zone files (db.zcs.my-domain.com, db.sub-domain.mydomain.com), but nothing seems to work. Queries for 'mail' and 'webmail' still return my ISP's server address and not the internal address.

    Bests,

    Mike

Similar Threads

  1. Daily mail report always reports "No messages found"
    By McPringle in forum Installation
    Replies: 42
    Last Post: 06-13-2011, 09:57 AM
  2. domain coexistence
    By marcmac in forum Administrators
    Replies: 14
    Last Post: 06-30-2006, 02:19 PM
  3. Server Stats Cont...
    By DMRDave in forum Administrators
    Replies: 15
    Last Post: 02-16-2006, 01:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •