Results 1 to 9 of 9

Thread: Windows srvr2k3 DNS and MX configuration for FQDN

  1. #1
    Join Date
    Dec 2008
    Posts
    20
    Rep Power
    7

    Default Windows srvr2k3 DNS and MX configuration for FQDN

    Hello,

    I have Zimbra 5.011GA up and running on an RHEL5 system and ultimately, I'm hoping to migrate users from an Exchange 2003 system to Zimbra in a split-domain configuration. I prefer to have Zimbra as the authoritative server and I've found some documentation for this configuration, but my migration hasn't progressed that far yet. Currently, I'm slightly confused with the DNS configuration, specifically, the MX record. Our LAN is using Win2k3 DNS server with one master zone (FQDN i.e. local.domain.com) which works just fine for Exchange server. I followed the installation documentation and I specified the FQDN of the server in /etc/hosts, and the server name appears to be correct (i.e. zimbraserver.local.domain.com).

    On the Windows DNS server, I created a second MX record with a higher priority just for the Zimbra installation, but I noticed that specifying the FQDN during the Zimbra installation results in the domain being specified as the FQDN once the installation is complete (i.e. user@local.domain.com instead of user@domain.com). Deleting the domain after the installation is completed and adding the correct domain does seem to ostensibly correct the domain naming issue, but I'm concerned that mail will not properly be delivered, especially mail sent to and from the Exchange server and inbound mail from the Internet.

    I realize I could create another master zone on the Windows server (i.e. domain.com), but my understanding is that this is not advisable because our ISP/hosting service (and I suspect most ISPS or hosting services) defines an MX record for our domain (i.e. MX record for domain.com which points to our firewall). Has anyone else run into a similar DNS configuration dilemma?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    I'm not quite sure from your description if you're using the ZImbra server in the same domain as your exchange server. Check both of the following articles and see if they apply to you:

    http://wiki.zimbra.com/index.php?title=Split_Domain
    http://wiki.zimbra.com/index.php?title=Split_dns
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Domain name change.

    During the Zimbra install you are given the chance to change the domain. In fact it should be changed from the FQDN of your server to the domain name only.

    It sounds like your config is correct but for this one change.

  4. #4
    Join Date
    Dec 2008
    Posts
    20
    Rep Power
    7

    Default

    Phoenix & Bill,

    I've read both of the afrometnioned Wiki articles and I'm still not quite clear on the configuration specifics. I believe the configuration that I'm using is refered to as split-dns (we're using local Win2k3 DNS servers with forwarders) and I'd like to incorporate the Zimbra server in a split-domain configuration during the migration. I haven't gotten to the migration yet as my understanding is that the underlying DNS and MX record issues must be resolved before implementing any type of modifications to our internal and external mail routing.

    The Zimbra server does reside in the same domain and subnet as the Exchange 2k3 server. I created MX and A records for the zimbra server in the FQDN's master zone on our Windows 2k3 DNS server. During the installation, an MX record is found so long as I specify the domain as the FQDN (i.e. local.domain.com). However, after the installation completes, the domain, and subsequently, all users reside at local.domain.com (i.e. user@local.domain.com instead of user@domain.com). I know I can change the domain to domain.com instead of local.domain.com, but then there will not be a valid local MX record for the server. I also realize that I can create another master zone domain.com and create an MX record in the new master zone, but I believe mail routing between the FQDN and new master zone may cause problems during the migration. Lastly, I suppose I could also specify a public DNS server and refer the Zimbra server to our ISP's pubic MX record which routes mail to our firewall, but I think this is also incorrect (i.e. MX mail.domain.com). I imagine this is a failry common configuration for users with Win2k3 domains and Exchange 2k3/8 mail platforms. Which approach is correct?

    On a side note, aside from DNS and mail routing configuration, everything else works great including AD/GAL binding for user/mailbox migration.

  5. #5
    Join Date
    Dec 2008
    Posts
    20
    Rep Power
    7

    Default

    I re-read both articles and the NE quick setup guide again. If I understand correctly, it looks like I should:

    - Create the MX and A records in the FQDN master zone for the domain (i.e. local.domain.com) for the installation and routing of email.
    - Once the installation has completed, I should change the FQDN which the install creates to the domain itself (i.e. domain.com).
    - I should use the FQDN for the the server name and /etc/host entries.

    Is this correct?

  6. #6
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Fqdn

    I'm having some trouble understanding the issue and it may be due to terminology.

    I interpret FQDN as the host plus domain name. ie. zimbra.local.domain.com is a FQDN. zimbra is the host and local.domain.com is the domain. With zimbra.domain.com, zimbra is the host and domain.com is the domain. With these two examples local.domain.com is a sub-domain of domain.com. Your zone file will usually be the domain.com.

    Are we on the same page so far?

  7. #7
    Join Date
    Dec 2008
    Posts
    20
    Rep Power
    7

    Default Fqdn

    Bill,

    Thanks for your help. I believe we're on the same page and I am interpreting FQDN as local.domain.com and my Zimbra server resides at zimbra.local.domain.com which is one of our zones residing behind our firewall. This is the same zone where our Exchange server and correspoding Exchnage server MX record resides (i.e. exchangeserver.local.domain.com). Our domain MX record mail.domain.com resides on our WWW hosting service's DNS server which I believe only permits one MX record per domain to exist. I thought about pointing the zimbra server to our root domain on the public server by specifying a public DNS server, but I believe this is not correct for a split-domain configuration which rely on internal DNS for mail routing between the Exchange and Zimbra servers during the migration.

    The MX record for our root domain (i.e. mail.domain.com) points to a static NAT mapping at our firewall which forwards traffic to our mail server - currently the Exchange server. Ideally, I'm hoping to place the Zimbra server infront of the Exchange server and configure the Zimbra server to forward mail to the Exchange server and vice versa until all user accounts can be migrated over to the Zimbra server. This portion of the configuration seems straight forward, but I'm still confused on the MX record configuration. If I create another MX record, with a higher or lower priority in the same manner that our existing MX record is configured, in the FQDN zone on our Win2k3 DNS/server the Zimbra installation creates the domain @local.domain.com and users reside at user@local.domain.com instead of user@domain.com. Is this correct? I suppose I could create another zone for our root domain, but I think this will create additional problems as our root domain's DNS service is hosted off-site.

  8. #8
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Zimbra will complain

    if it doesn't find an MX record equal to the FQDN of the Zimbra server. RFC's require that the MX record should equal the FQDN of the server or the FQDN that the server provides in response to the HELO command. I noticed your exchange server's FQDN is different than your MX record. If DNS checking is setup in Zimbra, it will not like this. It is easy to customize Exchanges response to the HELO command however. And so, if the FQDN of the Zimbra server is zimbra.local.domain.com, there needs to be an MX record in one of your zone files that points to zimbra.local.domain.com and not just mail.domain.com.

    You should have a zone file on a DNS server for domain.com. This is at your hosting provider if I read you correctly. The sub-domain of local.domain.com needs to show a delegation in the domain.com zone file to the DNS server where the local.domain.com zone file exists.

    You are correct in that if you setup Zimbra and use the FQDN zimbra.local.domain.com then Zimbra will see the domain as local.domain.com and users will have an address such as "user@local.domain.com" and not simply "user@domain.com". I doubt this is what you want.

  9. #9
    Join Date
    Dec 2008
    Posts
    20
    Rep Power
    7

    Default DNS Configuration

    Bill,

    I did notice that Zimbra has the option to add secondary email/SMTP addresses for users to catch inbound mail on addresses, similar to how I believe our current Exchange server is operating. In theory I think I could configure secondary addresses for users at the domain (i.e. primary user@local.domain.com secondary user@domain.com), but I'm not sure if this is what you're referring to. My understanding with the EHLO/SMTP configuration is that technically my firewalled ActiveDirectory/Exchange users addresses are currently user@local.domain.com with a masqueraded address of user@tecore.com within the local domain. I've attached an image help elaborate on the current configuration as it pertains to our domain. Hopefully this will help clear up any confusion. Thanks again for assistance.
    Attached Images Attached Images

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •