DNS resolution and firewalls.

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
jeg1972
Posts: 37
Joined: Fri Sep 12, 2014 10:03 pm

DNS resolution and firewalls.

Postby jeg1972 » Thu Feb 02, 2006 9:58 am

Firstly, can I just say that Zimbra is excellent, and I've got it up and running and sending and receiving mail... so why am I posting this thread? Well, I suspect the way I've set it up is a bit of a kludge... it doesn't seem particularly ellegant to me anyway. I've looked at other threads and some are similar, but not exactly this scenario.
I, like most people, have set up the Zimbra server behind a firewall in a DMZ. The server has got an internal address of 10.0.1.192 and the zone file looks like:
127.0.0.1 localhost.localdomain localhost

10.0.1.192 zimbra.ourdomain.net zimbra
Now, we have only one set of DNS servers, which are used for resolution by the outside world (we have delegation for a number of domains) and also the servers in the DMZ. I added the entry for zimbra.ourdomain.net in our zone file and pointed the MX and above A record to the external IP address, which is in turn NAT'ed by our firewall to point to 10.0.1.192.
Using this method, I can only receive mails when DNS lookups are switched off, but can only send when DNS lookups are switched on.
So, I added another A record and MX record in the zone file for zimbra-ext.ourdomain.net pointing to the external IP address and changed zimbra.ourdomain.net record in the zone file to point to the internal address (10.0.1.192). This all works, but it doesn't seem great.
So my question is, other than having internal and external DNS servers and/or using a relay MTA, is there any other way of solving this problem?
Cheers
John


14319KevinH
Ambassador
Ambassador
Posts: 4558
Joined: Fri Sep 12, 2014 9:52 pm

DNS resolution and firewalls.

Postby 14319KevinH » Thu Feb 02, 2006 11:36 am

Seems you got it. Postfix must use DNS to send and thus needs to be able to look itself up and get an internal IP. So there was 2 options:
1) Setup two DNS servers. (Like a simple local bind for Zimbra)

2) Use a relay host with DNS look-ups off
Now there is a 3rd

3) You new method.
239brad
Posts: 6
Joined: Fri Sep 12, 2014 10:02 pm

DNS resolution and firewalls.

Postby 239brad » Fri Feb 03, 2006 10:29 am

Here is a link to configure a named server with two different zone files. this will allow you to use one dns server for both external and internal domains. I currently have this set up which allows me to run zimbra with dns. Just a quick note i do use my internal IP for the hosts file. I am only running a caching name server as my domain name is registered with a seperate domain registration company that allows me to circumvent the port 25 blocking done by all good ISPs. I would also advise if you are going to run an authoritative server that you do a lot of research on how to secure it. I have no less than 50 probes a day on port 53. The good thing about a caching name server is i don't have to open the port in order for it to work.
Here is the link to the site i was talking about.

http://www.linuxhomenetworking.com/linux-hn/dns-static.htm
Tarkin
Posts: 26
Joined: Fri Sep 12, 2014 10:02 pm

DNS resolution and firewalls.

Postby Tarkin » Sat Feb 04, 2006 12:20 am

I've just finished using the info on

http://sysadmin.oreilly.com/news/views_0501.html

to setup views with bind9. Its a really nice simple document to follow.

Return to “Administrators”

Who is online

Users browsing this forum: JDunphy and 19 guests