Results 1 to 6 of 6

Thread: Still fighting with Split DNS

  1. #1
    Join Date
    Sep 2007
    Posts
    18
    Rep Power
    8

    Default Still fighting with Split DNS

    Hi, have been fighting with having to setup Split DNS. I am probably making it more difficult than it should be however I am now following the Zimbra help document Making Bind Work and I can get as far as Part 2 where it starts to discuss the named.conf file. It states that I should have a named.conf located in the /etc folder however I don't. I have verified that all packages needing to be installed are installed as described in Part 1. I have searched my system and have found a named.conf file in the following locations:

    /usr/share/doc/bind-9.3.3/sample/etc/named.conf
    /usr/share/logwatch/default.conf/services/named.conf
    /etc/dbus-1/system.d/named.conf

    I am using a fully upgraded CentOS 5 64 bit distro and "hopefully" the latest 64 bit version of Zimbra for RHEL 5.

    I have looked at the sample file located /usr/share/doc/bind-9.3.3/sample/etc/named.conf and the first steps in Part 2 of the help document talks about editing the localhost zone and provides how the file should be formated. This sample named.conf is not formated like that. It has sections with slave zones and ddns internal zone which are not referenced in the help document at all.

    What should I do?? Is there a named.conf sample somewhere that goes with the help document referenced above??

    HELP!!!
    Frank

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Do you have chroot installed?
    If so, go ahead and remove it.

  3. #3
    Join Date
    Sep 2007
    Posts
    18
    Rep Power
    8

    Default No Chroot Installed

    Hi,

    Well I have gotten a little farther. What I have done is used the help document referenced above but used the sample named.conf and db.server.example.com from the Split DNS help document and I can get DNS locally. However I have 2 problems. First off I believe that I am setting it up to receive mail at mail.servername.com instead of just servername.com (and I want it to only be servername.com) and my 2nd issue is that my Zimbra install fails on loading ldap. Please see my log file below:

    Getting installed packages
    checking isEnabled zimbra-core
    zimbra-core not in enabled cache
    enabled packages
    Newinstall enabling all installed packages
    Enabling zimbra-core
    Enabling zimbra-ldap
    Enabling zimbra-store
    Enabling zimbra-mta
    Enabling zimbra-snmp
    Enabling zimbra-logger
    Enabling zimbra-apache
    Enabling zimbra-spell
    Setting defaults...
    Setting local config zimbra_java_home to /opt/zimbra/java
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_java_home='/opt/zimbra/java'
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-ldap
    zimbra-ldap is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-mta
    zimbra-mta is enabled
    MX: mail.velocitaonline.com (192.168.0.52)

    Interface: 192.168.0.52
    Interface: 127.0.0.1
    Done
    checking isEnabled zimbra-ldap
    zimbra-ldap is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-mta
    zimbra-mta is enabled
    checking isEnabled zimbra-mta
    zimbra-mta is enabled
    checking isEnabled zimbra-spell
    zimbra-spell is enabled
    Checking for port conflicts
    checking isEnabled zimbra-ldap
    zimbra-ldap is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-logger
    zimbra-logger is enabled
    checking isEnabled zimbra-mta
    zimbra-mta is enabled
    checking isEnabled zimbra-ldap
    zimbra-ldap is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    Global config attribute retrieved from ldap: zimbraSpamIsSpamAccount=
    Global config attribute retrieved from ldap: zimbraSpamIsNotSpamAccount=
    Global config attribute retrieved from ldap: zimbraNotebookAccount=
    checking isEnabled zimbra-mta
    zimbra-mta is enabled
    checking isEnabled zimbra-snmp
    zimbra-snmp is enabled
    checking isEnabled zimbra-spell
    zimbra-spell is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-ldap
    zimbra-ldap is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-mta
    zimbra-mta is enabled
    checking isEnabled zimbra-snmp
    zimbra-snmp is enabled
    checking isEnabled zimbra-spell
    zimbra-spell is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-ldap
    zimbra-ldap is enabled
    checking isEnabled zimbra-store
    zimbra-store is enabled
    checking isEnabled zimbra-mta
    zimbra-mta is enabled
    checking isEnabled zimbra-snmp
    zimbra-snmp is enabled
    checking isEnabled zimbra-spell
    zimbra-spell is enabled
    Saving config in /opt/zimbra/config.3439...
    Done
    Operations logged to /tmp/zmsetup.log.3439
    Setting local config values...
    Setting local config zimbra_server_hostname to mail.velocitaonline.com
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_server_hostname='mail.velocitaonline.com'
    Setting local config ldap_master_url to ldap://mail.velocitaonline.com:389
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_master_url='ldap://mail.velocitaonline.com:389'
    Setting local config ldap_url to ldap://mail.velocitaonline.com:389
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_url='ldap://mail.velocitaonline.com:389'
    Setting local config ldap_port to 389
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_port='389'
    Setting local config ldap_host to mail.velocitaonline.com
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ldap_host='mail.velocitaonline.com'
    Setting local config zimbra_uid to 500
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_uid='500'
    Setting local config zimbra_gid to 503
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_gid='503'
    Setting local config zimbra_user to zimbra
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e zimbra_user='zimbra'
    Setting local config tomcat_truststore_password to changeit
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e tomcat_truststore_password='changeit'
    Setting local config tomcat_keystore_password to PyzJizkBNO
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e tomcat_keystore_password='PyzJizkBNO'
    Setting local config av_notify_user to admin@mail.velocitaonline.com
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e av_notify_user='admin@mail.velocitaonline.com'
    Setting local config ssl_allow_untrusted_certs to TRUE
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ssl_allow_untrusted_certs='TRUE'
    Setting local config mysql_memory_percent to 30
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e mysql_memory_percent='30'
    Setting local config tomcat_java_heap_memory_percent to 40
    *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e tomcat_java_heap_memory_percent='40'
    Done
    Setting up CA...
    *** Running as zimbra user: cd /opt/zimbra; zmcreateca
    ** Creating CA private key

    Generating a 1024 bit RSA private key
    ..++++++
    ........++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
    -----
    ** Creating CA cert

    Signature ok
    subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
    Getting Private key
    unable to write 'random state'
    Done
    Creating SSL certificate...
    checking isEnabled zimbra-store
    zimbra-store is enabled
    *** Running as zimbra user: cd /opt/zimbra; zmcreatecert
    ** Importing CA

    Certificate was added to keystore
    ** Creating keystore

    ** Creating server cert request

    Generating a 1024 bit RSA private key
    .................................................. ...........++++++
    ...................++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    ** Signing cert request

    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    Check that the request matches the signature
    Signature ok
    Certificate Details:
    Serial Number:
    11:95:51:08:64
    Validity
    Not Before: Nov 19 22:21:07 2007 GMT
    Not After : Nov 18 22:21:07 2008 GMT
    Subject:
    countryName = US
    stateOrProvinceName = N/A
    organizationName = Zimbra Collaboration Suite
    commonName = mail.velocitaonline.com
    X509v3 extensions:
    X509v3 Basic Constraints:
    CA:FALSE
    Netscape Comment:
    OpenSSL Generated Certificate
    X509v3 Subject Key Identifier:
    32:F7:6B:8A:23:20:3B:49:91:C81:78:CD:F5:F7:3B:C7:A1:F4:3B
    X509v3 Authority Key Identifier:
    DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
    serial:C3:49:68:18:92:B4:B6:A7

    X509v3 Key Usage:
    Digital Signature, Non Repudiation, Key Encipherment
    Certificate is to be certified until Nov 18 22:21:07 2008 GMT (365 days)

    Write out database with 1 new entries
    Data Base Updated
    unable to write 'random state'
    Signature ok
    subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=mail.velocitaonline.com
    Getting CA Private Key
    unable to write 'random state'
    checking isEnabled zimbra-ldap
    zimbra-ldap is enabled
    checking isEnabled zimbra-mta
    zimbra-mta is enabled
    *** Running as zimbra user: cd /opt/zimbra; zmcreatecert
    ** Importing CA

    Certificate was added to keystore
    ** Creating keystore

    ** Creating server cert request

    Generating a 1024 bit RSA private key
    ............................++++++
    .....++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    ** Signing cert request

    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    Check that the request matches the signature
    Signature ok
    Certificate Details:
    Serial Number:
    11:95:51:08:68
    Validity
    Not Before: Nov 19 22:21:11 2007 GMT
    Not After : Nov 18 22:21:11 2008 GMT
    Subject:
    countryName = US
    stateOrProvinceName = N/A
    organizationName = Zimbra Collaboration Suite
    commonName = mail.velocitaonline.com
    X509v3 extensions:
    X509v3 Basic Constraints:
    CA:FALSE
    Netscape Comment:
    OpenSSL Generated Certificate
    X509v3 Subject Key Identifier:
    99:6E6:EF:22:27:201:98:BB:2B:2F:84:C2:70:06:1C:57:FE:92
    X509v3 Authority Key Identifier:
    DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
    serial:C3:49:68:18:92:B4:B6:A7

    X509v3 Key Usage:
    Digital Signature, Non Repudiation, Key Encipherment
    Certificate is to be certified until Nov 18 22:21:11 2008 GMT (365 days)

    Write out database with 1 new entries
    Data Base Updated
    unable to write 'random state'
    Signature ok
    subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=mail.velocitaonline.com
    Getting CA Private Key
    unable to write 'random state'
    Done
    checking isEnabled zimbra-ldap
    zimbra-ldap is enabled
    Initializing ldap...
    *** Running as zimbra user: /opt/zimbra/libexec/zmldapinit
    FAILED (1)


    ERROR



    Configuration failed

    Please address the error and re-run /opt/zimbra/libexec/zmsetup.pl to
    complete the configuration.

    Errors have been logged to /tmp/zmsetup.log.3439

    Thanks for your assistance!!!!!!!!!!!!!!

  4. #4
    Join Date
    Sep 2007
    Posts
    18
    Rep Power
    8

    Default Also my config files

    Here also some of my config file for your review:

    named.conf
    // Default named.conf generated by install of bind-9.2.4-2
    options {
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    forwarders { 192.168.0.1 ; };
    };
    include "/etc/rndc.key";
    // We are the master server for mail.velocitaonline.com
    zone "mail.velocitaonline.com" {
    type master;
    file "db.mail.velocitaonline.com";
    };

    My db.mail.velocitaonline.com zones file
    ;
    ; Addresses and other host information.
    ;
    @ IN SOA mail.velocitaonline.com. hostmaster.mail.velocitaonline.com. (
    10118 ; Serial
    43200 ; Refresh
    3600 ; Retry
    3600000 ; Expire
    2592000 ) ; Minimum
    ; Define the nameservers and the mail servers
    IN NS 192.168.0.52
    IN A 192.168.0.52
    IN MX 10 mail.velocitaonline.com.


    my resolve.conf file

    search velocitaonline.com
    nameserver 192.168.0.52

    my hosts file
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1 localhost.localdomain localhost
    192.168.0.52 mail.velocitaonline.com mail


    I hope this extra info helps!!!!!!!!!!!!!!!!!!
    Frank

  5. #5
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    I think you may be running into some of the differences in syntax and file conventions between bind (which is mostly documented in the docs you're referencing) and bind9, which you are obviously using. Some stuff has changed. This wiki, although mostly about installing on Ubuntu, starts with a step-by-step config that is specific to bind9, and it has some of the options in different places than you do.

    Specifically I see a difference in the latter part of your db file:
    ; Define the nameservers and the mail servers
    IN NS 192.168.0.52
    IN A 192.168.0.52
    IN MX 10 mail.velocitaonline.com.
    In order to get my setup to work, I had to have the IN NS line refer to the hostname, not the ip, and then the ip was in an IN A record, like this:
    ;
    @ IN NS mail
    IN MX 10 mail
    IN A xxx.xxx.xxx.xxx
    mail IN A xxx.xxx.xxx.xxx
    I also see that some of the things you have in named.conf I have in named.conf.options, but whether that is optional (so to speak ) or not is more than I can say.

  6. #6
    Join Date
    Mar 2006
    Location
    Massachusetts
    Posts
    965
    Rep Power
    10

    Default

    First off I believe that I am setting it up to receive mail at mail.servername.com instead of just servername.com (and I want it to only be servername.com)
    To fix this change the zone in your named.conf file from mail.servername.com to servername.com

    Just a tip. When you post config files and log files it's best to put them inside a 'code' tag. I know I find it easier to follow, and others have mentioned the same thing in other threads.

Similar Threads

  1. rpath and split DNS
    By Jas in forum Installation
    Replies: 4
    Last Post: 06-10-2007, 07:00 AM
  2. split dns isn't working for me....
    By lucidblue in forum Installation
    Replies: 5
    Last Post: 06-02-2007, 10:24 PM
  3. vmware split dns
    By marcxroma in forum Installation
    Replies: 2
    Last Post: 04-13-2007, 07:57 AM
  4. DNS in a nutshell part two (For dummies)
    By daimer77 in forum Installation
    Replies: 4
    Last Post: 12-18-2006, 06:28 PM
  5. DNS Strategies and Best Practices, and a SLES10 Request
    By LMStone in forum Administrators
    Replies: 4
    Last Post: 10-14-2006, 08:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •