DNS problem

[rcbrei]

Good day everyone.

I know there are tons of topics already about dns. but i still cant make my dns working. i want to practice installing zimbra and
have it up and working. so i ended up testing FOSS edition.
i hope someone can help me or spot what im missing or did something wrong.
here is my setup.

*i am behind a router/modem - home setup/fiber connection dynamic public IP
*centos 7 installed on vmware
*zimbra ver 8.7.1
*hostname mail.networthsolutions.tech
*public IP - 49.145.171.0
*domain - networthsolutions.tech
*BIND version - BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 (Extended Support Version) <id:7107deb>

machine info.PNG (16.84 KiB) Viewed 1081 times

* /etc/named.conf

Code: Select all

[root@mail ~]# clear
[root@mail ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { 127.0.0.1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        forwarders {
        8.8.8.8;
        8.8.4.4;
        };


        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "NETWORTHSOLUTIONS.TECH" IN {
        type master;
        file "NETWORTHSOLUTIONS.TECH";
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@mail ~]#


* /var/named/NETWORTHSOLUTIONS.TECH

Code: Select all

[root@mail ~]# clear
[root@mail ~]# cat /var/named/NETWORTHSOLUTIONS.TECH
$ORIGIN NETWORTHSOLUTIONS.TECH.
$TTL 38400
NETWORTHSOLUTIONS.TECH. IN SOA NS1 Administrator.NETWORTHSOLUTIONS.TECH (
 2010022801        ; Serial
 10800             ; Refresh
 3600              ; Retry
 604800            ; Expire
 86400             ; Minimum
)
NETWORTHSOLUTIONS.TECH.              IN NS     ns1
ns1                                  IN A      8.8.8.8
NETWORTHSOLUTIONS.TECH.              IN A      192.168.1.222
mail                                 IN A      192.168.1.222
mail.NETWORTHSOLUTIONS.TECH.         IN A      192.168.1.222
mail1.NETWORTHSOLUTIONS.TECH.        IN A      192.168.1.222
webmail                              IN A      192.168.1.222
@                                    IN MX     10 mail
NETWORTHSOLUTIONS.TECH.              IN MX     20 mail1
webmail.NETWORTHSOLUTIONS.TECH       IN MX     30 mail
[root@mail ~]#


* /etc/resolv.conf

Code: Select all

[root@mail ~]#
[root@mail ~]#
[root@mail ~]# clear
[root@mail ~]#
[root@mail ~]#
[root@mail ~]#
[root@mail ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search networthsolutions.tech
nameserver 192.168.1.222
nameserver 8.8.8.8
[root@mail ~]#


* /etc/hosts

Code: Select all

[root@mail ~]# clear
[root@mail ~]#
[root@mail ~]#
[root@mail ~]#
[root@mail ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.222 mail.networthsolutions.tech networthsolutions.tech
[root@mail ~]#


* dig networthsolutions.tech any

Code: Select all

[root@mail ~]# clear
[root@mail ~]#
[root@mail ~]#
[root@mail ~]# dig networthsolutions.tech

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> networthsolutions.tech
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7378
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;networthsolutions.tech.                IN      A

;; AUTHORITY SECTION:
networthsolutions.tech. 1799    IN      SOA     ns1.dns-parking.com. dns.hostinger.com. 2021021307 10000 2400 604800 3600

;; Query time: 289 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 13 14:21:12 PST 2021
;; MSG SIZE  rcvd: 120

[root@mail ~]# dig networthsolutions.tech any
;; Connection to 192.168.1.222#53(192.168.1.222) for networthsolutions.tech failed: connection refused.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> networthsolutions.tech any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 350
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;networthsolutions.tech.                IN      ANY

;; ANSWER SECTION:
networthsolutions.tech. 3788    IN      HINFO   "RFC8482" ""

;; Query time: 66 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 13 14:21:16 PST 2021
;; MSG SIZE  rcvd: 72

[root@mail ~]#


* nmcli device show

Code: Select all

[root@mail ~]#
[root@mail ~]#
[root@mail ~]# clear
[root@mail ~]#
[root@mail ~]#
[root@mail ~]# nmcli device show
GENERAL.DEVICE:                         ens33
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:5B:0E:11
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ens33
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.1.222/24
IP4.GATEWAY:                            192.168.1.1
IP4.ROUTE[1]:                           dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 100
IP4.DNS[1]:                             192.168.1.222
IP4.DNS[2]:                             8.8.8.8
IP6.ADDRESS[1]:                         fe80::548c:85da:7f45:1d70/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]:                           dst = ff00::/8, nh = ::, mt = 256, table=255

GENERAL.DEVICE:                         lo
GENERAL.TYPE:                           loopback
GENERAL.HWADDR:                         00:00:00:00:00:00
GENERAL.MTU:                            65536
GENERAL.STATE:                          10 (unmanaged)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
IP4.ADDRESS[1]:                         127.0.0.1/8
IP4.GATEWAY:                            --
IP6.ADDRESS[1]:                         ::1/128
IP6.GATEWAY:                            --
[root@mail ~]#


* DNS Records

dns records 1.PNG (8.92 KiB) Viewed 1081 times

dns records 2.PNG (8.58 KiB) Viewed 1081 times

mx toolbox.PNG (189.37 KiB) Viewed 1081 times

[phoenix]

The quick answer is your hosts file and resolv.conf are both incorrect. In this scenario you need a split DNS, I'd suggest you review the wiki article on the subject and correct the errors: https://wiki.zimbra.com/wiki/Split_DNS# ... .conf_file

[rcbrei]

The quick answer is your hosts file and resolv.conf are both incorrect. In this scenario you need a split DNS, I'd suggest you review the wiki article on the subject and correct the errors: https://wiki.zimbra.com/wiki/Split_DNS# ... .conf_file

Thanks Bill! It worked, though i can only send internal.

I cannot send outside my domain.

Code: Select all

Feb 13 16:31:38 mail postfix/smtp[93852]: connect to gmail-smtp-in.l.google.com[74.125.204.26]:25: Connection timed out
Feb 13 16:31:38 mail postfix/smtp[93853]: connect to mta5.am0.yahoodns.net[67.195.228.106]:25: Connection timed out
Feb 13 16:31:39 mail postfix/smtp[93853]: connect to mta5.am0.yahoodns.net[98.136.96.74]:25: No route to host


could this be a dns problem still?

[phoenix]

Please post the contents of the hosts & resolv.conf files and check your DNS is OK with the commands from the 'Verify' section of the Split DNS article, that will give a clue about what's going on.

[rcbrei]

Please post the contents of the hosts & resolv.conf files and check your DNS is OK with the commands from the 'Verify' section of the Split DNS article, that will give a clue about what's going on.

Hi Bill,

below are the details

Code: Select all

[zimbra@mail root]$ clear
[zimbra@mail root]$ su root
Password:
[root@mail ~]#
[root@mail ~]#
[root@mail ~]#
[root@mail ~]# cat /etc/hosts
127.0.0.1     localhost.localdomain localhost
192.168.1.222 mail.networthsolutions.tech mail
[root@mail ~]#
[root@mail ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search networthsolutions.tech
nameserver 127.0.0.1
[root@mail ~]#
[root@mail ~]# dig networthsolutions.tech mx

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> networthsolutions.tech mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37955
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;networthsolutions.tech.                IN      MX

;; ANSWER SECTION:
NETWORTHSOLUTIONS.TECH. 38400   IN      MX      10 mail.NETWORTHSOLUTIONS.TECH.
NETWORTHSOLUTIONS.TECH. 38400   IN      MX      20 mail1.NETWORTHSOLUTIONS.TECH.

;; AUTHORITY SECTION:
NETWORTHSOLUTIONS.TECH. 38400   IN      NS      ns1.NETWORTHSOLUTIONS.TECH.

;; ADDITIONAL SECTION:
mail.NETWORTHSOLUTIONS.TECH. 38400 IN   A       192.168.1.222
mail1.NETWORTHSOLUTIONS.TECH. 38400 IN  A       192.168.1.222
ns1.NETWORTHSOLUTIONS.TECH. 38400 IN    A       8.8.8.8

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Feb 13 20:05:56 PST 2021
;; MSG SIZE  rcvd: 182

[root@mail ~]#
[root@mail ~]#
[root@mail ~]# dig networthsolutions.tech any

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> networthsolutions.tech any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14945
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;networthsolutions.tech.                IN      ANY

;; ANSWER SECTION:
NETWORTHSOLUTIONS.TECH. 38400   IN      MX      10 mail.NETWORTHSOLUTIONS.TECH.
NETWORTHSOLUTIONS.TECH. 38400   IN      MX      20 mail1.NETWORTHSOLUTIONS.TECH.
NETWORTHSOLUTIONS.TECH. 38400   IN      SOA     NS1.NETWORTHSOLUTIONS.TECH. Administrator.NETWORTHSOLUTIONS.TECH.NETWORTHSOLUTIONS.TECH. 2010022801 10800 3600 604800 86400
NETWORTHSOLUTIONS.TECH. 38400   IN      NS      ns1.NETWORTHSOLUTIONS.TECH.
NETWORTHSOLUTIONS.TECH. 38400   IN      A       192.168.1.222

;; ADDITIONAL SECTION:
mail.NETWORTHSOLUTIONS.TECH. 38400 IN   A       192.168.1.222
mail1.NETWORTHSOLUTIONS.TECH. 38400 IN  A       192.168.1.222
ns1.NETWORTHSOLUTIONS.TECH. 38400 IN    A       8.8.8.8

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Feb 13 20:06:15 PST 2021
;; MSG SIZE  rcvd: 275

[root@mail ~]#
[root@mail ~]#
[root@mail ~]# host $(hostname)
mail.NETWORTHSOLUTIONS.TECH has address 192.168.1.222
[root@mail ~]#
[root@mail ~]#
[root@mail ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-02-13 20:03:06 PST; 3min 26s ago
  Process: 41559 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 41572 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 41570 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 41574 (named)
   CGroup: /system.slice/named.service
           └─41574 /usr/sbin/named -u named -c /etc/named.conf

Feb 13 20:03:06 mail.networthsolutions.tech named[41574]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
Feb 13 20:03:06 mail.networthsolutions.tech named[41574]: network unreachable resolving './NS/IN': 2001:500:1::53#53
Feb 13 20:03:06 mail.networthsolutions.tech named[41574]: network unreachable resolving './NS/IN': 2001:dc3::35#53
Feb 13 20:03:06 mail.networthsolutions.tech named[41574]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
Feb 13 20:03:06 mail.networthsolutions.tech named[41574]: network unreachable resolving './NS/IN': 2001:500:200::b#53
Feb 13 20:03:06 mail.networthsolutions.tech named[41574]: network unreachable resolving './NS/IN': 2001:500:2::c#53
Feb 13 20:03:06 mail.networthsolutions.tech named[41574]: network unreachable resolving './NS/IN': 2001:7fd::1#53
Feb 13 20:03:06 mail.networthsolutions.tech named[41574]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
Feb 13 20:03:06 mail.networthsolutions.tech named[41574]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Feb 13 20:03:07 mail.networthsolutions.tech named[41574]: resolver priming query complete
[root@mail ~]#
[root@mail ~]# cat /var/named/NETWORTHSOLUTIONS.TECH
$ORIGIN NETWORTHSOLUTIONS.TECH.
$TTL 38400
NETWORTHSOLUTIONS.TECH. IN SOA NS1 Administrator.NETWORTHSOLUTIONS.TECH (
 2010022801        ; Serial
 10800             ; Refresh
 3600              ; Retry
 604800            ; Expire
 86400             ; Minimum
)
NETWORTHSOLUTIONS.TECH.              IN NS     ns1
ns1                                  IN A      8.8.8.8
NETWORTHSOLUTIONS.TECH.              IN A      192.168.1.222
mail                                 IN A      192.168.1.222
mail.NETWORTHSOLUTIONS.TECH.         IN A      192.168.1.222
mail1.NETWORTHSOLUTIONS.TECH.        IN A      192.168.1.222
webmail                              IN A      192.168.1.222
@                                    IN MX     10 mail
NETWORTHSOLUTIONS.TECH.              IN MX     20 mail1
webmail.NETWORTHSOLUTIONS.TECH       IN MX     30 mail
[root@mail ~]#


[phoenix]

You appear not to have a public DNS A record configured for your domain:

Code: Select all

dig networthsolutions.tech

; <<>> DiG 9.16.6 <<>> networthsolutions.tech
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54431
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;networthsolutions.tech.                IN      A

;; AUTHORITY SECTION:
networthsolutions.tech. 3600    IN      SOA     ns1.dns-parking.com. dns.hostinger.com. 2021021307 10000 2400 604800 3600

;; Query time: 187 msec
;; SERVER: 192.168.1.220#53(192.168.1.220)
;; WHEN: Sat Feb 13 12:43:41 GMT 2021
;; MSG SIZE  rcvd: 120


Without that A record you will never receive email.

[rcbrei]

DNS Records from my domain provider

dns record networthsolutions.tech.png (19.93 KiB) Viewed 847 times

A record from whatsmydns.net

a record.PNG (64.08 KiB) Viewed 847 times

dig networthsolutions.tech any

Code: Select all

[root@mail ~]# clear
[root@mail ~]#
[root@mail ~]#
[root@mail ~]#
[root@mail ~]# dig networthsolutions.tech

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> networthsolutions.tech
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 266
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;networthsolutions.tech.                IN      A

;; ANSWER SECTION:
NETWORTHSOLUTIONS.TECH. 38400   IN      A       192.168.1.222

;; AUTHORITY SECTION:
NETWORTHSOLUTIONS.TECH. 38400   IN      NS      ns1.NETWORTHSOLUTIONS.TECH.

;; ADDITIONAL SECTION:
ns1.NETWORTHSOLUTIONS.TECH. 38400 IN    A       8.8.8.8

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 14 09:39:59 PST 2021
;; MSG SIZE  rcvd: 123

[root@mail ~]#


what am i missing, Bill?
or did i set my public A record right?


Best,

RC

[phoenix]

Sorry, I was somewhat distracted yesterday and gave you the wrong answer earlier. Your problem is that there is no connection to your mail server, take a look here:

https://mxtoolbox.com/SuperTool.aspx?action=mx%3anetworthsolutions.tech&run=toolpage# - click on the SMTP test and you should see there's no connection. Do you have a firewall or NAT router blocking access or not forwarding port 25?

[Klug]

I cannot send outside my domain.

Code: Select all

Feb 13 16:31:38 mail postfix/smtp[93852]: connect to gmail-smtp-in.l.google.com[74.125.204.26]:25: Connection timed out
Feb 13 16:31:38 mail postfix/smtp[93853]: connect to mta5.am0.yahoodns.net[67.195.228.106]:25: Connection timed out
Feb 13 16:31:39 mail postfix/smtp[93853]: connect to mta5.am0.yahoodns.net[98.136.96.74]:25: No route to host


could this be a dns problem still?

Looks like there's a firewall (or NAT) rule that blocks your server to connect to servers on the internet.

[rcbrei]

Sorry, I was somewhat distracted yesterday and gave you the wrong answer earlier. Your problem is that there is no connection to your mail server, take a look here:

https://mxtoolbox.com/SuperTool.aspx?action=mx%3anetworthsolutions.tech&run=toolpage# - click on the SMTP test and you should see there's no connection. Do you have a firewall or NAT router blocking access or not forwarding port 25?

Thanks Bill for all the help! very much appreciated!

I cannot send outside my domain.

Code: Select all

Feb 13 16:31:38 mail postfix/smtp[93852]: connect to gmail-smtp-in.l.google.com[74.125.204.26]:25: Connection timed out
Feb 13 16:31:38 mail postfix/smtp[93853]: connect to mta5.am0.yahoodns.net[67.195.228.106]:25: Connection timed out
Feb 13 16:31:39 mail postfix/smtp[93853]: connect to mta5.am0.yahoodns.net[98.136.96.74]:25: No route to host


could this be a dns problem still?

Looks like there's a firewall (or NAT) rule that blocks your server to connect to servers on the internet.

Thanks Klug!


Right now, i am not yet able to send. upon checking my port forwarding, our connection is by default blocked in an ISP level. since it is only residential fiber subscription.
a lot of papers needed to request to open ports and to remove us from cgnat.

anyway, i learned a lot about the installation and DNS, thanks for all the help! i think opening port 25 is the last problem, more or less.