Results 1 to 2 of 2

Thread: bind9 DNS configuration for Zimbra - advice?

  1. #1
    Join Date
    Dec 2011
    Posts
    1
    Rep Power
    3

    Default bind9 DNS configuration for Zimbra - advice?

    Hello all...

    I am configuring a Ubuntu 10.04 LTS server to run Zimbra mail client, which will be the primary MX server for our domain. The business has an ADSL broadband account with a single static IP address, however the ISP offers a shadow primary DNS service where we can host our our MX record once we have configured our own DNS server.

    Unfortunately, I have never tried to configure a DNS server before so could use some help. Before I make the DNS server live (and ask the ISP to make the necessary changes), would anyone be able to have a look at my configuration files for any possible errors? Thanks in advance!

    The ISP is demon.co.uk who have provided us with a static IP address of 83.104.42.xxx and a domain name of target.demon.co.uk. The server is called leeds2 and has an internal static IP address of 192.168.2.10 - all ports from the ADSL router (192.168.2.1) are forwarded to the server. It provides notes for specific DNS configs at Demon Shadow Primary DNS - Server Hosting

    leeds2 will host the Zimbra email server and is therefore a MTA. The business is only a small operation (around 20 users or so), hence the single IP address adsl configuration.

    The ISP asks that my DNS...
    The NS records you use must show all the nameservers the domain is delegated to. In most cases these will be Demon's nameservers only.

    Your NS records should look like this:
    3D IN NS ns0.demon.co.uk.
    3D IN NS ns1.demon.co.uk.
    3D IN NS ns2.demon.net.
    You will next need to add host entries. You must add the following hosts:
    localhost A 127.0.0.1
    demon-gw A 192.168.1.1

    If the authoritative name server and primary MX record point to hosts of the domain you are serving, you will need the following resource records:
    ns A 192.168.1.2
    mailgate A 192.168.1.3
    Users of Demon's Shadow Primary DNS service can expect zone transfers from any of the following hosts.
    You must allow zone transfers from these servers to use the service.

    ns0.demon.net. 158.152.1.65
    ns1.demon.net. 158.152.1.193
    ns2.demon.net. 209.246.126.109
    finch-staff-1.server.demon.net. 193.195.224.1
    finch-staff-1.server.demon.net. 193.195.224.4
    admin.hm.demon.net. 194.217.90.200
    My bind9 configuration files follow... Thanks for your help and comments!

    Code:
    paulh@leeds2:~$ cat /etc/hosts
    127.0.0.1    localhost.localdomain localhost
    192.168.2.10    leeds2.target.demon.co.uk leeds2
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     localhost ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    Code:
    paulh@leeds2:~$ cat /etc/resolv.conf 
    nameserver 127.0.0.1
    nameserver 192.168.2.1
    # the following are Demon nameservers
    nameserver 212.69.220.10
    nameserver 212.69.221.10
    domain target.demon.co.uk
    search target.demon.co.uk
    Code:
    paulh@leeds2:~$ cat /etc/hostname
    leeds2.target.demon.co.uk
    Code:
    paulh@leeds2:~$ cat /etc/bind/named.conf
    include "/etc/bind/named.conf.options";
    include "/etc/bind/named.conf.local";
    Code:
    paulh@leeds2:~$ cat /etc/bind/named.conf.options
    options {
        directory "/var/cache/bind";
    
        query-source address * ; // was port 53
        forwarders {
            # Demon ISP DNS servers
            158.152.1.65;
            158.152.1.193;
            209.246.126.109;
        };
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
    };
    Code:
    paulh@leeds2:~$ cat /etc/bind/named.conf.local 
    acl slaves {
        // demon DNS zone transfer
        158.152.1.65;    // ns0.demon.net
        158.152.1.193 ;  // ns1.demon.net
        209.246.126.109; // ns2.demon.net
        193.195.224.1;   // finch-staff-1.server.demon.net
        193.195.224.4;   // finch-staff-1.server.demon.net
        194.217.90.200;  // admin.hm.demon.net
    };
    
    acl internals {
        127.0.0.0/8;
        192.168.2.0/24;
    };
    
    view "internal" {
        match-clients { internals; };
        recursion yes;
        zone "target.demon.co.uk" {
            type master;
            file "/etc/bind/internal/db.target.demon.co.uk";
        };
    };
    view "external" {
        match-clients { any; };
        recursion no;
        zone "target.demon.co.uk" {
            type master;
            file "/etc/bind/external/db.target.demon.co.uk";
            allow-transfer { slaves; };
        };
    
    // prime the server with knowledge of the root servers
    zone "." {
        type hint;
        file "/etc/bind/db.root";
    };
    
    zone "localhost" {
        type master;
        file "/etc/bind/db.local";
    };
    
    zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
    };
    
    zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
    };
    
    zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
    };
    
    };
    Code:
    paulh@leeds2:~$ cat /etc/bind/internal/db.target.demon.co.uk 
    
    $include "/etc/bind/external/db.target.demon.co.uk"
    @       IN      A       192.168.2.10
    leeds2  IN      A       192.168.2.10
    localhost IN    A       127.0.0.1
    demon-gw  IN    A       192.168.2.1
    Code:
    paulh@leeds2:~$ cat /etc/bind/external/db.target.demon.co.uk 
    ; target.demon.co.uk
    $TTL    6H
    @   1D  IN      SOA     leeds2.target.demon.co.uk. admin.target.demon.co.uk. (
                         2011120601 ; Serial
                                 3H ; Refresh
                                30M ; Retry
                                 1W ; Expire
                                 2H); Negative Cache TTL
    ;
    @       IN      NS      leeds2
         3D IN      NS      ns0.demon.co.uk.
         3D IN      NS      ns1.demon.co.uk.
         3D IN      NS      ns2.demon.net.
            IN      MX  10  leeds2.target.demon.co.uk.
            IN      MX  50  relay-1.mail.demon.net.
            IN      MX  50  relay-2.mail.demon.net.
            IN      A       83.104.42.xxx
    leeds2  IN      A       83.104.42.xxx
    How does it look??? I would very much appreciate any comments.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by paulh12992 View Post
    How does it look??? I would very much appreciate any comments.
    There are a couple of problems with your configuration. As you're behind a NAT router you should not have any references in you resolv.conf to external DNS servers, you only need the one on your Zimbra server(?) listed. Before we go any further, is this ZCS installation on any sort of virtualisation platform? Take a look at the Split DNS article to see how you should configure your LAN DNS server and, obviously, your external DNS servers should point to your Public IP address. You can also run all the commands in the 'Verify....' section of that article and see how your current configuration is set-up and if it's correct.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. Replies: 7
    Last Post: 02-15-2009, 09:08 PM
  2. Replies: 1
    Last Post: 02-21-2008, 11:36 PM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. Configuration issues DNS and fetchmail
    By Stew in forum Installation
    Replies: 0
    Last Post: 08-24-2006, 11:13 AM
  5. Configuration advice: test deployment
    By taupehat in forum Installation
    Replies: 2
    Last Post: 02-07-2006, 03:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •