Results 1 to 7 of 7

Thread: ZCS installation(private IP) with DNS(public IP) on same system

  1. #1
    Join Date
    May 2008
    Location
    Taiwan
    Posts
    296
    Rep Power
    7

    Default ZCS installation(private IP) with DNS(public IP) on same system

    Dear all,

    I did an installation for customer this week, and the network environment is as follows:

    ZCS is put in DMZ , and use 192.168.10.100 IP
    Firewall will bind a public IP, e.g. 60.100.20.100 for ZCS.

    We also install a DNS server in ZCS to host the 60.100.20 public zone and provide DNS server for outside connection.
    (by the way, DNS doesn't define the internal 192.168.10 zone)

    However, after we'd done all the setting, we found ZCS can not receive incoming mails, all mails are queue and the error is something like :

    connect to zcs.domain.com[60.100.20.100] connection time out
    (something like that)


    At last, I made change to DNS server to create the 192.168.10 zone and remove the 60.100.20 zone solved the issue. however, I still have no idea why it has such error, and you know, there's no DNS server for this public zone right now.

    any advice? Thanks.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by tiger2000 View Post
    At last, I made change to DNS server to create the 192.168.10 zone and remove the 60.100.20 zone solved the issue. however, I still have no idea why it has such error, and you know, there's no DNS server for this public zone right now.

    any advice? Thanks.
    Split DNS - Zimbra :: Wiki
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Dec 2008
    Posts
    15
    Rep Power
    6

    Default

    the same problem as my, we don't speak about split dns config
    we speak about situation where dns server and ZCS server are on the same machine with private IP
    so as all external dns requests are forwarded to this machine we need to configure dns-zone with public IP. But in this case ZCS unable to receive mail.
    From other side if we create a zone with private IP - ZCS will able to receive mail, but all internet world will can to see our local structure plus all dns checkers will tell about error in DNS configuration.
    any another advice? Thanks)

  4. #4
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Two DNS servers.

    I believe you will need a DNS server that the outside world will hit resolving to your public IP and an internal DNS server for Zimbra to use that resolves to your internal private IP.

  5. #5
    Join Date
    Dec 2008
    Posts
    15
    Rep Power
    6

    Default

    not any external servers needed)
    Лust ыtop shaving and washing, get some beer, and your red eyes in mirror will help you to resolve any problem)

    in real:
    we can resolve the problem with "views"

    Let's get tiger2000 and split-dns wiki example.
    We have internal IP 192.168.10.100 and external 60.100.20.100 and need to show private address for local hosts and public for all other internet world.
    Now I change split-dns wiki example for tiger2000 zone:

    Code:
    // Default named.conf generated by install of bind-9.2.4-2
    options {
           directory "/var/named";
           dump-file "/var/named/data/cache_dump.db";
           statistics-file "/var/named/data/named_stats.txt";
    forwarders { 
    ; }; }; include "/etc/rndc.key"; // For now we configure access list for local queries acl "internal" { 192.168.10.10/24; 127.0.0.1; }; // For now we configure zone for local dns calls and allow recursive queries and zone transfers to any local host view "internal" { match-clients { internal; }; recursion yes; zone "zcs.domain.com" { type master; file "db.zcs.domain.com.int"; allow-transfer { any; }; }; }; // For now we configure zone for external dns calls and disable recursive queries and zone transfers to any host view "external" { match-clients { any; }; recursion no; zone "zcs.domain.com" { type master; file "db.zcs.domain.com.ext"; allow-transfer { none; }; }; };
    as you can see we used one zone file (db.zcs.domain.com.int) for local queries, in it we use private server IP's
    Code:
    ;
    ;       Addresses and other host information.
    ;
    @       IN      SOA     zcs.domain.com. hostmaster.zcs.domain.com. (
                                   10118      ; Serial
                                   43200      ; Refresh
                                   3600       ; Retry
                                   3600000    ; Expire
                                   2592000 )  ; Minimum
    ;       Define the nameservers and the mail servers
                   IN      NS      192.168.10.100
                   IN      A       192.168.10.100
                   IN      MX      10 zcs.domain.com.
    and another zone file (db.zcs.domain.com.ext) for external servers, in it, as you understand, we use public server IP's.

    Code:
    ;
    ;       Addresses and other host information.
    ;
    @       IN      SOA     zcs.domain.com. hostmaster.zcs.domain.com. (
                                   10118      ; Serial
                                   43200      ; Refresh
                                   3600       ; Retry
                                   3600000    ; Expire
                                   2592000 )  ; Minimum
    ;       Define the nameservers and the mail servers
                   IN      NS      60.100.20.100
                   IN      A       60.100.20.100
                   IN      MX      10 zcs.domain.com.
    That works, that secure and only one DNS server. For sure in db.zcs.domain.com.int you can use any another internal servers and don't show them for all other world.

    P.S. sorry for my english, if something is not clear for you, I'll try to explain

    P.P.S. if that post helped you, you can wish me "happy new year!"

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    You must point your DNS records to the internal IP address of your Zimbra server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Dec 2008
    Posts
    15
    Rep Power
    6

    Default

    yes and i did it in my example
    ZCS get my internal IP from DNS, to internet I show my external IP. Check my previous message once again, there are two zones in it, internal and external, ZCS workes like a charm

Similar Threads

  1. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 04:52 AM
  2. zmclamdctl is not running after upgrade
    By Darren in forum Installation
    Replies: 24
    Last Post: 10-10-2008, 09:10 AM
  3. Replies: 4
    Last Post: 08-04-2008, 06:17 PM
  4. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 11:44 AM
  5. Replies: 2
    Last Post: 02-12-2008, 10:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •