zimbra_logo120px-Dnsmasq_icon.svg

 

Introduction:

Installations of Zimbra behind a firewall (or NAT Router) often require the creation of some form of split DNS, also called split-horizon or dual-horizon DNS. This is a DNS installation where machines receive different IP address answers to queries depending on whether they are (commonly) inside or outside a firewall and an IP address reply from the DNS server gives a Private Network IP address that is different than the Public IP of your internet connection.

This is because the Postfix mail system used by Zimbra performs a DNS MX lookup for the Zimbra server followed by a DNS A lookup when attempting to route email to the back-end message store. Frequently, this is the same physical host as Postfix. The DNS server frequently returns the external address of the mail host, not the internal address. Depending on how the firewall and network are configured, the external address may not even be reachable from the mail host, and mail will not be delivered.

Split DNS avoids this problem by providing an internal DNS server (this example uses bind or dnsmasq) that can be used to resolve the internal address of the server. This guide will detail how to set up a very specific, single-host DNS server (i.e. bind or dnsmasq) that can be installed on the Zimbra host itself so that it can resolve its own address. This should not be used for a multi-node Zimbra installation, and should not be used as the DNS server for any other hosts on your network.

616704_fartemis

 

Configuration: 
Install Bind on Red Hat Enterprise Linux

#yum install bind

Substitute your fully-qualified server name for mail.sathish.com

 
#vi /etc/named/chroot/etc/named.conf
you should create a symbolic link to /etc/named.conf,

 

#ln -s /etc/named.conf /etc/named/chroot/etc/named.conf

 

#vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.31.1; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; 192.168.31.0/24; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;
};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “sathish.com” IN {
type master;
file “/etc/named/chroot/var/sathish.com.zone”;
};
zone “31.168.192.in-addr.arpa” IN {
type master;
file “/etc/named/chroot/var/sathish.com.rev”;
};
include “/etc/named.rfc1912.zones”;

 

 
#vi /etc/named/chroot/var/sathish.com.zone

$TTL 86400
@ IN SOA sathish.com. root.sathish.com. (
20128310
10D
1H
1W
86400 )
@ IN NS http://www.sathish.com.
sathish.com. IN MX 10 mail.sathish.com.
www IN A 192.168.31.1
mail IN CNAME www

 
#vi /etc/named/chroot/var/sathish.com.rev

$TTL 3H
@ IN SOA 31.168.192.in-addr.arpa. root.sathish.com. (
20128310
1D
1H
1W
3H )
IN NS http://www.sathish.com.
;@ IN MX 10 mail.sathish.com.
5 IN PTR http://www.sathish.com.

 
Change /etc/resolv.conf to use the Zimbra server as the primary DNS address.
Also remember to change the search path to be the name of the Zimbra server.
Start named on the zimbra server

#vi /etc/resolv.conf
127.0.0.1

 
#/etc/init.d/named start
Enable autostart of named on boot

#chkconfig named on

 
Configuring dnsmasq on the Zimbra Server

dnsmasq is a very powerful tool that can provide basic dns services/caching, act as dhcp server and also as tftp server. It’s also easy to setup. So you can use dnsmasq INSTEAD of bind following these instructions.
Install dnsmasq on Debian GNU/Linux

 

#yum install dnsmasq
#vi /etc/dnsmasq.conf file

#Let’s say that upstream dns are 8.8.8.8 and 192.168.31.1. Put only these lines in the config file:
server=8.8.8.8
server=192.168.31.1
domain=sathish.com
mx-host=sathish.com,mail.sathish.com,5
listen-address=127.0.0.1

 
You need a line to resolve the IP of http://www.sathish.com to the private IP of the zimbra server, so make sure you have:

#vi /etc/hosts file

127.0.0.1 localhost.localdomain localhost
192.168.1.30 mail.sathish.com mail

 

To have the host resolv through dnsmasq, you have to set your localhost (127.0.0.1) as nameserver

#vi/etc/resolv.conf file

search sathish.com
nameserver 127.0.0.1

 

To have the settings take effect, you have to restart dnsmasq

#/etc/init.d/dnsmasq restart
#chkconfig dnsmasq on

To verify that your configuration of DNS is correct you should run the following commands on the Zimbra server itself (the expected output is in the boxes below the commands).: This is true whatever DNS program you use for this kind of configuration (i.e. dnsmasq instead of bind9).
#dig sathish.com mx

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el6_4.2 <<>> sathish.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20907
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;sathish.com. IN MX

;; ANSWER SECTION:
sathish.com. 7200 IN MX 30 mail.sathish.com.

;; ADDITIONAL SECTION:
mail.sathish.com. 7200 IN A 192.168.31.1

;; Query time: 4 msec
;; SERVER: 192.168.31.1#53(192.168.31.1)
;; WHEN: Thu SEP 15 14:38:48 2013
;; MSG SIZE rcvd: 140

 
#dig sathish.com any
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el6_4.2 <<>> sathish.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36845
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;sathish.com. IN ANY

;; ANSWER SECTION:
sathish.com. 7200 IN NS ns1.sathish.com.
sathish.com. 7200 IN A 192.168.31.1
sathish.com. 7200 IN SOA sathish.com. root. 2010051304 10800 3600 1814400 7200
sathish.com. 7200 IN MX 10 mail.sathish.com.

;; ADDITIONAL SECTION:
mail.sathish. 7200 IN A 192.168.31.1
;; Query time: 11 msec
;; SERVER: 192.168.31.1#53(192.168.31.1)
;; WHEN: Thu SEP 15 14:38:52 2013
;; MSG SIZE rcvd: 367

Split

 

#host $(hostname)
mail.sathish.com has address 192.168.31.1
NOTE: The host $(hostname) command should be typed exactly as you see, don’t change the word “hostname” to anything else.
You should also note that the output on your system may be slightly different than above examples but there should be an A record that points to the LAN IP address of your Zimbra server and an MX record that contains the FQDN (Fully Qualified Domain Name – that’s the hostname plus the domain name and it’s mail.yourdomain.com in the examples) of your Zimbra server.