Thanx but this is the perfect example of what I don't want ...
I want a server.company.local domain for the private addresses
and a server.company.tld for the internet addresses.
I don't think this is necessary if your firewall doing the NAT-ing is smart enough to just pass traffic from the LAN port right back down the same Ethernet to the Zimbra server.
If your firewall isn't so smart, perhaps you could just set up two zones in BIND on the Zimbra server, and edit the /etc/hosts file accordingly? (Never tested this.)
Postfix will live only on one IP address BTW, and the Zimbra installer does a DNS check to make sure there are appropriate zone records for your intended base domain.
If my guess about dual-homing is wrong , please explain the workflows you are trying to accomplish.
All the best,
My thing is, that I wan't to use nameservers the right way.
You shouldn't have two masters for one domain giving different answers.
What about clients caching lookups and that way trying to connect to the wrong address.
Yes you could use a short ttl but that's not the way.
The zimbra-server should be able to work right despite the hostname.
It shouldn't use links in which the hostname is "hardcoded".
The links used should be relative to the hostname and not (absolute) depending on the hostname.
The developers sure know what I mean.
That's what I want ...
That way you could create a .local domain and a .tld domain both working well without tricks.
I know there are lots, lots, lots of issue's but it would be very welcome.
btw ... talking to the developers it would be handy if it was possible to choose the domainname for the certificate during the installation.
RJB -- Documentation
Yes, Zimbra is "hard-coded" to use a public IP address, so if you want to use a private IP you need to "trick" Zimbra with a mix of DNS, /etc/hosts and other hacks.
OTOH, Wietse Venema (Postfix's author) from time to time comments on the Postfix mailing list that he is a firm believer that no legitimate mail server should have a private IP address, because there are too many hacks required to make it work properly (among other reasons).
That makes it tough for those of us used to configuring public servers with NAT, especially when we have, say, ten public servers to configure but can only afford five public IP addresses from our ISP.
Since we are now finding public IP blocks are easier and cheaper to get, we plan later this year to change how we chunk our public IP address space on our firewall, enabling us to build future Zimbra servers "the Zimbra way" with public IPs and no NAT.
I hear what you are saying about wanting zone files to be consistent across all DNS servers, but that's hard to do when you are mixing private and public IPs--especially when you are trying to use non-RFC-compliant '.local' domains instead of '.site' domains!
In this case I think your best option is to choose the compromise you are more comfortable with.
I give up
RJB -- Documentation