Firstly, can I just say that Zimbra is excellent, and I've got it up and running and sending and receiving mail... so why am I posting this thread? Well, I suspect the way I've set it up is a bit of a kludge... it doesn't seem particularly ellegant to me anyway. I've looked at other threads and some are similar, but not exactly this scenario.
I, like most people, have set up the Zimbra server behind a firewall in a DMZ. The server has got an internal address of 10.0.1.192 and the zone file looks like:
127.0.0.1 localhost.localdomain localhost
10.0.1.192 zimbra.ourdomain.net zimbra
Now, we have only one set of DNS servers, which are used for resolution by the outside world (we have delegation for a number of domains) and also the servers in the DMZ. I added the entry for zimbra.ourdomain.net in our zone file and pointed the MX and above A record to the external IP address, which is in turn NAT'ed by our firewall to point to 10.0.1.192.
Using this method, I can only receive mails when DNS lookups are switched off, but can only send when DNS lookups are switched on.
So, I added another A record and MX record in the zone file for zimbra-ext.ourdomain.net pointing to the external IP address and changed zimbra.ourdomain.net record in the zone file to point to the internal address (10.0.1.192). This all works, but it doesn't seem great.
So my question is, other than having internal and external DNS servers and/or using a relay MTA, is there any other way of solving this problem?
Cheers
John
DNS resolution and firewalls.
-
14319KevinH
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
DNS resolution and firewalls.
Seems you got it. Postfix must use DNS to send and thus needs to be able to look itself up and get an internal IP. So there was 2 options:
1) Setup two DNS servers. (Like a simple local bind for Zimbra)
2) Use a relay host with DNS look-ups off
Now there is a 3rd
3) You new method.
1) Setup two DNS servers. (Like a simple local bind for Zimbra)
2) Use a relay host with DNS look-ups off
Now there is a 3rd
3) You new method.
DNS resolution and firewalls.
Here is a link to configure a named server with two different zone files. this will allow you to use one dns server for both external and internal domains. I currently have this set up which allows me to run zimbra with dns. Just a quick note i do use my internal IP for the hosts file. I am only running a caching name server as my domain name is registered with a seperate domain registration company that allows me to circumvent the port 25 blocking done by all good ISPs. I would also advise if you are going to run an authoritative server that you do a lot of research on how to secure it. I have no less than 50 probes a day on port 53. The good thing about a caching name server is i don't have to open the port in order for it to work.
Here is the link to the site i was talking about.
http://www.linuxhomenetworking.com/linux-hn/dns-static.htm
Here is the link to the site i was talking about.
http://www.linuxhomenetworking.com/linux-hn/dns-static.htm
DNS resolution and firewalls.
I've just finished using the info on
http://sysadmin.oreilly.com/news/views_0501.html
to setup views with bind9. Its a really nice simple document to follow.
http://sysadmin.oreilly.com/news/views_0501.html
to setup views with bind9. Its a really nice simple document to follow.
Who is online
Users browsing this forum: JDunphy and 19 guests