zimbra installation on centos step by step guide - part3 centos dns setup
DESCRIPTION
zimbraTRANSCRIPT
-
CentOS Linux Server Guide
CentOS Mail Server
Installing Zimbra Collaboration Server on CentOS(Part 3: Configuring CentOS Split DNS behind firewall ) Zimbra Collaboration Server(ZCS) setup is very sensitive to hostname and DNS, many of the people facingdifficulties when setting up the ZCS is mainly due to DNS setting. You might need to pay attention for the following
Step1: Change the host file
First, we need to add in our internal IP in host file.
# vi /etc/hosts
The host file shall look like the following screen capture. The format of the configuration file shall look likethis.
internal ipaddress yourhostname.yourdomain.com yourhostname
Note: We are Not discussing NAT in this topic. However, in this scenario, we assume that the ZCSserver resides behind a firewall, the IP address is the internal IP address (IP that is used behind the
firewall).
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.142.7 mail.1a-centosserver.local mail
Step2: Configure the DNS Bind Server
A split DNS needs to be set up so that when Zimbra tries to perform a nslookup for the server, the SplitDNS which is behind-the-firewall IP address replied back to Zimbra.
We are now configuring our DNS Bind Server as Split DNS server to server the ZCS.
First, we need to start the DNS server services#chkconfig named on
Step3 : Edit named.conf file Configure the named.conf . This is the main configuration files for our Split DNS.# vi /etc/named.conf
Here is my name.conf file setup, take note on listening port. We also enable our DNS to perform forwardDNS query to google.//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//
-
// See /usr/share/doc/bind*/sample/ for example named configuration files.//
options {listen-on port 53 { 192.168.142.7; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { any; };recursion yes;
dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;
/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";forwarders {8.8.8.8; 8.8.4.4; };
};
logging {channel default_debug {file "data/named.run";severity dynamic;};};
zone "1a-centosserver.local" in {type master;file "1a-centosserver.local.ns";allow-update { none; };};
zone "142.168.192.in-addr.arpa" in {type master;file "142.168.192.in-addr.arpa.ns";allow-update { none; };};
zone "." IN {type hint;file "named.ca";};
include "/etc/named.rfc1912.zones";include "/etc/named.root.key";
Next let us create the following our forward zone.vi /var/named/1a-centosserver.local.ns This is the forward zone file, you might amend it to your need. The following just focus on MX and Nameserver (NS)
$ORIGIN 1a-centosserver.local.
-
$TTL 1d@ IN SOA ns.1a-centosserver.local. support.1a-centosserver.local. ( 2010031500 ; se = serial number 3h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 3h ; min = minimum)
IN A 192.168.142.7 IN NS ns IN MX 10 mail.1a-centosserver.local.
ns IN A 192.168.142.7mail IN A 192.168.142.7
Next, let us add the reverse zone.vi /var/named/142.168.192.in-addr.arpa.ns
Add the following lines to the file.$ORIGIN 142.168.192.in-addr.arpa.$TTL 1d
@ IN SOA ns.1a-centosserver.local. support.1a-centosserver.local. ( 2010031500 ; se = serial number 3h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 3h ; min = minimum)
IN NS ns.1a-centosserver.local.
7 IN PTR ns.1a-centosserver.local.7 IN PTR mail.1a-centosserver.local. Step3 : Start the DNS serverLet us start the DNS server.service named start
chkconfig named on
Step4: Verify the DNS settingCheck the resolv.conf file for DNS server cat /etc/resolv.conf
nameserver 192.168.142.7nameserver 8.8.8.8search 1a-centosserver.local
Let us perform the lookup internally. The following screen show the lookup is successfully performed viaANSWER SECTION. #dig 1a-centosserver.local
; DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 1a-centosserver.local;; global options: +cmd
- ;; Got answer:;; ->>HEADERHEADER
- ;; global options: +cmd;; Got answer:;; ->>HEADER