I've been getting a lot more spam than normal on my test server at home, and I think I tracked it down to a problem with the caching DNS server (Unbound) that recent versions of Zimbra want you to install. The Zimbra server is on my LAN so Split DNS is setup and the router forwards port 25 and 443. If I do "nslookup 35.93.151.91.zen.spamhaus.org" on the Zimbra server which has resolv.conf setup to point to the DNS caching server listening at 127.0.0.1, I get NXDOMAIN back. If I do the same command on another server, I get the expected 127.0.0.3 back indicating that IP is on their list to block. Oddly, the Zimbra DNS server can resolve normal DNS names like google.com, etc. fine just not the RBL style addresses.
FWIW, my router (opnsense VM) runs Unbound also, and at first, it had this same problem when I tried the nslookup command on it which led me to this link which fixed it.
https://forum.opnsense.org/index.php?topic=9633.0
Unfortunately, the unbound.conf on Zimbra looks totally different though.
My Zimbra server is running 8.8.15 but was having this problem before I upgraded from 8.8.11 recently I'm pretty sure. I kind of think it has been happening since I migrated from 8.6 to 8.8 a while back. I think 8.6 didn't recommend/require you install the DNS cache if I recall. Any ideas?
weird Zimbra DNS caching problem
-
MolallaComm
- Posts: 7
- Joined: Fri Mar 16, 2018 3:07 pm
Re: weird Zimbra DNS caching problem
Turns out it was the opnsense problem. I had made some other DNS related changes on the router earlier in an attempt to fix it before I found that link. Once I applied the recommended fix from the link, and reverted the other changes I had made earlier, the Zimbra server started acting correctly so hopefully my RBLs will start working again!
-
welreiniwe
- Posts: 1
- Joined: Tue Sep 17, 2019 3:45 pm
Re: weird Zimbra DNS caching problem
thanks for the post. It cleared my queryMolallaComm wrote:Turns out it was the opnsense problem. I had made some other DNS related changes on the router earlier in an attempt to fix it before I found that link. Once I applied the recommended fix from the link, and reverted the other changes I had made earlier, the Zimbra server started acting correctly so hopefully my RBLs will start working again!