[SOLVED] dig does not return anything

martinezjr · Postby **martinezjr** » Sat Jan 30, 2010 2:01 pm

I am having a problem with my DNS. I followed the instructions with the splitDNS, but I get nothing with dig. What can I do?



[martinezjr@bcldap ~]$ cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.100.177.205	bcldap.hcjbc.org	bcldap


[martinezjr@bcldap ~]$ cat /etc/resolv.conf

# Generated by NetworkManager

nameserver 10.100.177.205

nameserver 10.100.177.5

I just saw the REFUSED:



[martinezjr@bcldap ~]$ dig hcjbc.org mx
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-9.P3.fc11 <<>> hcjbc.org mx

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; WARNING: recursion requested but not available
;; QUESTION SECTION:

;hcjbc.org.			IN	MX
;; Query time: 3 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Sat Jan 30 13:58:12 2010

;; MSG SIZE  rcvd: 27



[martinezjr@bcldap ~]$ dig hcjbc.org any
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-9.P3.fc11 <<>> hcjbc.org any

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; WARNING: recursion requested but not available
;; QUESTION SECTION:

;hcjbc.org.			IN	ANY
;; Query time: 2 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Sat Jan 30 13:58:15 2010

;; MSG SIZE  rcvd: 27



[martinezjr@bcldap ~]$ host `hostname`

bcldap.hcjbc.org has address 10.100.177.205



[martinezjr@bcldap ~]$ host -v bcldap.hcjbc.org

Trying "bcldap.hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:

;bcldap.hcjbc.org.		IN	A
;; ANSWER SECTION:

bcldap.hcjbc.org.	0	IN	A	10.100.177.205
Received 50 bytes from 10.100.177.5#53 in 2 ms

Trying "bcldap.hcjbc.org"

;; ->>HEADER<
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:

;bcldap.hcjbc.org.		IN	AAAA
Received 34 bytes from 10.100.177.5#53 in 91 ms

Trying "bcldap.hcjbc.org"

;; ->>HEADER<
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:

;bcldap.hcjbc.org.		IN	MX
Received 34 bytes from 10.100.177.5#53 in 570 ms

[martinezjr@bcldap ~]$

ArcaneMagus · Postby **ArcaneMagus** » Mon Feb 01, 2010 12:43 pm

You have two DNS servers listed in your resolv.conf, I'm guessing that 10.100.177.5 is your company DNS server while 10.100.177.205 is the Zimbra server address. You need to remove the 10.100.177.5 line. On to the next problem that you are seeing...
10.100.177.205 is refusing the recursive request for hcjbc.org, this means that it didn't have a record for hcjbc.org setup so it tried to do a recursive query but it was denied by configuration.
You need to verify that the server has it's domain configured correctly on it's internal DNS server, and that if it can't find a record it is able to do a recursive query to your company DNS server.

martinezjr · Postby **martinezjr** » Mon Feb 01, 2010 5:00 pm

[quote user="ArcaneMagus"]You have two DNS servers listed in your resolv.conf, I'm guessing that 10.100.177.5 is your company DNS server [/quote] actually the internal address of the firewall [quote user="ArcaneMagus"]while 10.100.177.205 is the Zimbra server address [/quote] actual internal DNS server that I am trying to set up for the whole network.
[quote user="ArcaneMagus"]10.100.177.205 is refusing the recursive request for hcjbc.org, this means that it didn't have a record for hcjbc.org setup so it tried to do a recursive query but it was denied by configuration.
You need to verify that the server has it's domain configured correctly on it's internal DNS server, and that if it can't find a record it is able to do a recursive query to your company DNS server.[/QUOTE]

A record for the domain? How to I do that on Fedora 11 with BIND9?

martinezjr · Postby **martinezjr** » Mon Feb 01, 2010 9:09 pm

OK, I got it. I changed "Allow queries from:10.100.177.200;" to "10.100.177.200;any;", but I am not getting my mx record to show up.
Any hints?

ArcaneMagus · Postby **ArcaneMagus** » Tue Feb 02, 2010 3:19 pm

Could you post the output from a dig command again?
And by record I was talking about a zone configuration file, something like this:

$TTL 2D

@               IN SOA          ns1.domain.com.       admin.domain.com. (

                                2010020200      ; serial

                                3H              ; refresh

                                1H              ; retry

                                1W              ; expiry

                                1D )            ; minimum
domain.com.          IN NS   ns1.domain.com.

domain.com.          IN NS   ns2.domain.com.

domain.com.          IN MX   0 mail.domain.com.

domain.com.          IN TXT  "v=spf1 mx ~all"

_xmpp-server._tcp    IN SRV  10 100 5269 mail.domain.com.

_xmpp-client._tcp    IN SRV  10 100 5222 mail.domain.com.

domain.com.          IN A    192.168.1.4

ns1                  IN A    192.168.1.2

ns2                  IN A    192.168.1.3

www                  IN A    192.168.1.4

mail                 IN A    192.168.1.6

martinezjr · Postby **martinezjr** » Tue Feb 02, 2010 3:38 pm

Ok, As soon I get to work I will post the results.

martinezjr · Postby **martinezjr** » Wed Feb 03, 2010 6:38 pm

Sorry about the delay. I had another computer lose its mind.

Oh, and this is internal only. No external access. It's hard to explain. Long story short, I need to give an alternative to M$ Exchange. And its behind two nat'd firewalls, both with dynamic ip's.
Here is the most recent results



[martinezjr@bcmailbox ~]$ dig mx hcjbc.org
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-9.P3.fc11 <<>> mx hcjbc.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;hcjbc.org.			IN	MX
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	SOA	bcldap.hcjbc.org.hcjbc.org. hcjbc.yahoo.com. 1264874187 10800 3600 604800 38400
;; Query time: 2 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Wed Feb  3 18:24:08 2010

;; MSG SIZE  rcvd: 95



[martinezjr@bcmailbox ~]$ dig any hcjbc.org

;; Truncated, retrying in TCP mode.
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-9.P3.fc11 <<>> any hcjbc.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:

;hcjbc.org.			IN	ANY
;; ANSWER SECTION:

hcjbc.org.		38400	IN	RRSIG	SOA 3 2 38400 20100304045837 20100202045837 59949 hcjbc.org. !@(*&$^!*&@^(*&!@#=

hcjbc.org.		38400	IN	RRSIG	NS 3 2 38400 20100304014145 20100202014145 59949 hcjbc.org. !@(*&$^!*&@^(*&!@#=

hcjbc.org.		38400	IN	NSEC	10.100.177.200.hcjbc.org. NS SOA RRSIG NSEC DNSKEY

hcjbc.org.		38400	IN	RRSIG	NSEC 3 2 38400 20100301180544 20100130180544 59949 hcjbc.org. C!@(*&$^!*&@^(*&!@#=

hcjbc.org.		38400	IN	RRSIG	DNSKEY 3 2 38400 20100301165617 20100130165617 58505 hcjbc.org. CDP/m!@(*&$^!*&@^(*&!@#=

hcjbc.org.		38400	IN	RRSIG	DNSKEY 3 2 38400 20100301165617 20100130165617 59949 hcjbc.org. !@(*&$^!*&@^(*&!@#=

hcjbc.org.		38400	IN	SOA	bcldap.hcjbc.org.hcjbc.org. hcjbc.yahoo.com. 1264874187 10800 3600 604800 38400

hcjbc.org.		38400	IN	NS	10.100.177.200.

hcjbc.org.		38400	IN	NS	10.100.177.205.

hcjbc.org.		38400	IN	NS	10.100.177.5.hcjbc.org.

hcjbc.org.		38400	IN	DNSKEY	256 3 3 !@(*&$^!*&@^(*&!@#

hcjbc.org.		38400	IN	DNSKEY	257 3 3 !@(*&$^!*&@^(*&!@#
;; Query time: 9 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Wed Feb  3 18:24:14 2010

;; MSG SIZE  rcvd: 1477



[martinezjr@bcmailbox ~]$ ping bcldap

PING bcldap.hcjbc.org (10.100.177.205) 56(84) bytes of data.

64 bytes from 10.100.177.205: icmp_seq=1 ttl=64 time=0.221 ms

64 bytes from 10.100.177.205: icmp_seq=2 ttl=64 time=0.445 ms

64 bytes from 10.100.177.205: icmp_seq=3 ttl=64 time=0.288 ms

^Z

[1]+  Stopped                 ping bcldap

[martinezjr@bcmailbox ~]$ ping bcldap.hcjbc.org

PING bcldap.hcjbc.org (10.100.177.205) 56(84) bytes of data.

64 bytes from 10.100.177.205: icmp_seq=1 ttl=64 time=0.264 ms

64 bytes from 10.100.177.205: icmp_seq=2 ttl=64 time=0.244 ms

64 bytes from 10.100.177.205: icmp_seq=3 ttl=64 time=0.235 ms

64 bytes from 10.100.177.205: icmp_seq=4 ttl=64 time=0.254 ms

^Z

[2]+  Stopped                 ping bcldap.hcjbc.org



[martinezjr@bcmailbox ~]$ cat '/etc/hosts'

127.0.0.1	localhost.localdomain	localhost

10.100.177.200	bcmailbox.hcjbc.org bcmailbox



[martinezjr@bcmailbox ~]$ host `hostname`

bcmailbox.hcjbc.org has address 10.100.177.200

bcmailbox.hcjbc.org mail is handled by 1 10.100.177.200.hcjbc.org.



[martinezjr@bcmailbox ~]$ cat /etc/resolv.conf

# Generated by NetworkManager

nameserver 10.100.177.205

nameserver 10.100.177.200



[martinezjr@bcmailbox ~]$ host -v bcldap.hcjbc.org

Trying "bcldap.hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;; QUESTION SECTION:

;bcldap.hcjbc.org.		IN	A
;; ANSWER SECTION:

bcldap.hcjbc.org.	38400	IN	A	10.100.177.205
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	NS	10.100.177.200.

hcjbc.org.		38400	IN	NS	10.100.177.5.hcjbc.org.

hcjbc.org.		38400	IN	NS	10.100.177.205.
Received 133 bytes from 10.100.177.205#53 in 3 ms

Trying "bcldap.hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;bcldap.hcjbc.org.		IN	AAAA
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	SOA	bcldap.hcjbc.org.hcjbc.org. hcjbc.yahoo.com. 1264874187 10800 3600 604800 38400
Received 102 bytes from 10.100.177.205#53 in 1 ms

Trying "bcldap.hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;bcldap.hcjbc.org.		IN	MX
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	SOA	bcldap.hcjbc.org.hcjbc.org. hcjbc.yahoo.com. 1264874187 10800 3600 604800 38400
Received 102 bytes from 10.100.177.205#53 in 1 ms



[martinezjr@bcmailbox ~]$ host -v bcmailbox.hcjbc.org

Trying "bcmailbox.hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;; QUESTION SECTION:

;bcmailbox.hcjbc.org.		IN	A
;; ANSWER SECTION:

bcmailbox.hcjbc.org.	38400	IN	A	10.100.177.200
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	NS	10.100.177.5.hcjbc.org.

hcjbc.org.		38400	IN	NS	10.100.177.205.

hcjbc.org.		38400	IN	NS	10.100.177.200.
Received 136 bytes from 10.100.177.205#53 in 2 ms

Trying "bcmailbox.hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;bcmailbox.hcjbc.org.		IN	AAAA
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	SOA	bcldap.hcjbc.org.hcjbc.org. hcjbc.yahoo.com. 1264874187 10800 3600 604800 38400
Received 105 bytes from 10.100.177.205#53 in 3 ms

Trying "bcmailbox.hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;; QUESTION SECTION:

;bcmailbox.hcjbc.org.		IN	MX
;; ANSWER SECTION:

bcmailbox.hcjbc.org.	380000	IN	MX	1 10.100.177.200.hcjbc.org.
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	NS	10.100.177.5.hcjbc.org.

hcjbc.org.		38400	IN	NS	10.100.177.205.

hcjbc.org.		38400	IN	NS	10.100.177.200.
Received 151 bytes from 10.100.177.205#53 in 2 ms

and the zone file (the keys have been changed to protect the innocent)



$ttl 38400

hcjbc.org.	IN	SOA	bcldap.hcjbc.org hcjbc.yahoo.com. (

			1264874188

			10800

			3600

			604800

			38400 )

hcjbc.org.	IN	NS	10.100.177.205.

hcjbc.org.	IN	NS	10.100.177.200.

hcjbc.org.	IN	DNSKEY	257 3 3 !@!@#$&^()*!&@)(*^)(*&!@#^$

hcjbc.org.	IN	DNSKEY	256 3 3 !@!@#$&^()*!&@)(*^)(*&!@#^$

bcmailbox.hcjbc.org.	380000	IN	MX	10 10.100.177.200

bcmta.hcjbc.org.	380000	IN	MX	1 10.100.177.210

bcldap.hcjbc.org.	IN	A	10.100.177.205

10.100.177.205.hcjbc.org.	IN	PTR	bcldap.hcjbc.org

bcmailbox.hcjbc.org.	IN	A	10.100.177.200

bcmta.hcjbc.org.	IN	A	10.100.177.210

10.100.177.200.hcjbc.org.	IN	PTR	bcmailbox.hcjbc.org

10.100.177.210.hcjbc.org.	IN	PTR	bcmta.hcjbc.org

hcjbc.org.	IN	NS	10.100.177.5

hcjbc.org.	38400	IN	RRSIG	SOA 3 2 38400 20100304045837 20100202045837 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

hcjbc.org.	38400	IN	RRSIG	NS 3 2 38400 20100304014145 20100202014145 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

hcjbc.org.	38400	IN	NSEC	10.100.177.200.hcjbc.org. NS SOA RRSIG NSEC DNSKEY

hcjbc.org.	38400	IN	RRSIG	NSEC 3 2 38400 20100301180544 20100130180544 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

hcjbc.org.	38400	IN	RRSIG	DNSKEY 3 2 38400 20100301165617 20100130165617 58505 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

hcjbc.org.	38400	IN	RRSIG	DNSKEY 3 2 38400 20100301165617 20100130165617 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

10.100.177.200.hcjbc.org.	38400	IN	RRSIG	PTR 3 6 38400 20100301180544 20100130180544 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

10.100.177.200.hcjbc.org.	38400	IN	NSEC	10.100.177.205.hcjbc.org. PTR RRSIG NSEC

10.100.177.200.hcjbc.org.	38400	IN	RRSIG	NSEC 3 6 38400 20100301180544 20100130180544 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

10.100.177.210.hcjbc.org.	38400	IN	RRSIG	PTR 3 6 38400 20100301180647 20100130180647 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

10.100.177.210.hcjbc.org.	38400	IN	NSEC	bcldap.hcjbc.org. PTR RRSIG NSEC

10.100.177.210.hcjbc.org.	38400	IN	RRSIG	NSEC 3 6 38400 20100304014145 20100202014145 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

10.100.177.205.hcjbc.org.	38400	IN	RRSIG	PTR 3 6 38400 20100301170513 20100130170513 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

10.100.177.205.hcjbc.org.	38400	IN	NSEC	10.100.177.210.hcjbc.org. PTR RRSIG NSEC

10.100.177.205.hcjbc.org.	38400	IN	RRSIG	NSEC 3 6 38400 20100301180647 20100130180647 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

bcldap.hcjbc.org.	38400	IN	RRSIG	A 3 3 38400 20100301170039 20100130170039 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$U=

bcldap.hcjbc.org.	38400	IN	NSEC	bcmailbox.hcjbc.org. A RRSIG NSEC

bcldap.hcjbc.org.	38400	IN	RRSIG	NSEC 3 3 38400 20100301170039 20100130170039 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$k=

bcmailbox.hcjbc.org.	38400	IN	RRSIG	A 3 3 38400 20100301180130 20100130180130 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

bcmailbox.hcjbc.org.	380000	IN	RRSIG	MX 3 3 380000 20100304021217 20100202021217 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

bcmailbox.hcjbc.org.	38400	IN	NSEC	bcmta.hcjbc.org. A MX RRSIG NSEC

bcmailbox.hcjbc.org.	38400	IN	RRSIG	NSEC 3 3 38400 20100301180130 20100130180130 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

bcmta.hcjbc.org.	38400	IN	RRSIG	A 3 3 38400 20100301180238 20100130180238 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

bcmta.hcjbc.org.	380000	IN	RRSIG	MX 3 3 380000 20100304021301 20100202021301 59949 hcjbc.org. C!@!@#$&^()*!&@)(*^)(*&!@#^$=

bcmta.hcjbc.org.	38400	IN	NSEC	hcjbc.org. A MX RRSIG NSEC

bcmta.hcjbc.org.	38400	IN	RRSIG	NSEC 3 3 38400 20100301180238 20100130180238 59949 hcjbc.org. !@!@#$&^()*!&@)(*^)(*&!@#^$=

phoenix · Postby **phoenix** » Thu Feb 04, 2010 1:55 am

The problem would appear to be the fact you have two DNS server and one of them does not have DNS records for your domain You can see the server it's using in the following response:

;; Query time: 9 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Wed Feb  3 18:24:14 2010

;; MSG SIZE  rcvd: 1477

You should only have one DNS server (at 10.100.177.200) in your hosts file and that should be the one on your Zimbra server, you can check the records with the following:

dig @10.100.177.200  hcjbc.org mx

dig @10.100.177.200  hcjbc.org any

If that returns valid records then you should remove the second DNS server (10.100.177.205) from your resolv.conf file.
Can you also update your forum profile with the output of the following command (do not post it in this thread):



zmcontrol -v

ArcaneMagus · Postby **ArcaneMagus** » Thu Feb 04, 2010 12:47 pm

Are you trying to setup the Zimbra server to be it's own DNS server, with recursive queries going out to the 10.100.177.205 one? Or are you trying to setup the Zimbra server to use the 10.100.177.205 server as it's only DNS server and have that server work for all internal queries?
Also just as a note:

In your record file you are missing the "." at the end of the primary DNS server part of the SOA, that is why it is returning "bcldap.hcjbc.org.hcjbc.org." rather then "bcldap.hcjbc.org.". Also you currently have your MX records setup for the servers FQDN. This is fine if your email addresses will be in the form of user@bcmailbox.hcjbc.org, however it is a problem if you are trying to do addresses like user@hcjbc.org. If you want addresses like that you need to set the MX record on just hcjbc.org, not bcmailbox.hcjbc.org. So the lines would look like this (if you are going with the internal dns server not split dns):

hcjbc.org.	380000	IN	MX	10 10.100.177.200

hcjbc.org.	380000	IN	MX	1 10.100.177.210

With how it is currently setup you have 1 MX record for addresses like user@bcmta.hcjbc.org. that has a priority of 1 (out of the 1 record), and then you have another record for addresses like user@bcmailbox.hcjbc.org. that has a priority of 10 (out of the 1 record). Addresses like user@hcjbc.org have no MX record associated with them right now.
Also your PTR records that you have in there are useless and will never be used unless you manually query for them. The proper way to do PTR records would be to create another zone file for the 177.100.10.in-addr.arpa zone. It should look something like the following:

$TTL 2D

@               IN SOA          bcldap.hcjbc.org. hcjbc.yahoo.com. (

                                2009091300      ; serial

                                3H              ; refresh

                                1H              ; retry

                                1W              ; expiry

                                1D )            ; minimum
          IN NS   bcldap.hcjbc.org.

200       IN PTR  bcmailbox.hcjbc.org.

205       IN PTR  bcldap.hcjbc.org.

210       IN PTR  bcmta.hcjbc.org.

You also have your firewall (10.100.177.5) in there as an authoritative NS for your domain... is that meant to be there?

martinezjr · Postby **martinezjr** » Fri Feb 05, 2010 6:22 pm

[quote user="ArcaneMagus"]Are you trying to setup the Zimbra server to be it's own DNS server, with recursive queries going out to the 10.100.177.205 one? Or are you trying to setup the Zimbra server to use the 10.100.177.205 server as it's only DNS server and have that server work for all internal queries?

[/quote]

I have split Zimbra into different servers as I only have low end desktops:

3 Dell GX240's

-each

--1.6G CPU

--1.2G RAM

--Fedora11

-1 with ldap and BIND9 as DNS master (bcldap)

-1 with store, logger, snmp, apache and BIND9 DNS slave (bcmailbox)

-1 with mta (bcmta)

[quote]

Also just as a note:

In your record file you are missing the "." at the end of the primary DNS server part of the SOA, that is why it is returning "bcldap.hcjbc.org.hcjbc.org." rather then "bcldap.hcjbc.org.".

[/quote]

ok done
[quote]

Also you currently have your MX records setup for the servers FQDN. This is fine if your email addresses will be in the form of user@bcmailbox.hcjbc.org, however it is a problem if you are trying to do addresses like user@hcjbc.org. If you want addresses like that you need to set the MX record on just hcjbc.org, not bcmailbox.hcjbc.org. So the lines would look like this (if you are going with the internal dns server not split dns):

hcjbc.org.	380000	IN	MX	10 10.100.177.200

hcjbc.org.	380000	IN	MX	1 10.100.177.210

With how it is currently setup you have 1 MX record for addresses like user@bcmta.hcjbc.org. that has a priority of 1 (out of the 1 record), and then you have another record for addresses like user@bcmailbox.hcjbc.org. that has a priority of 10 (out of the 1 record). Addresses like user@hcjbc.org have no MX record associated with them right now.

[/quote]

Done

[quote]

Also your PTR records that you have in there are useless and will never be used unless you manually query for them. The proper way to do PTR records would be to create another zone file for the 177.100.10.in-addr.arpa zone. It should look something like the following:

$TTL 2D

@               IN SOA          bcldap.hcjbc.org. hcjbc.yahoo.com. (

                                2009091300      ; serial

                                3H              ; refresh

                                1H              ; retry

                                1W              ; expiry

                                1D )            ; minimum
          IN NS   bcldap.hcjbc.org.

200       IN PTR  bcmailbox.hcjbc.org.

205       IN PTR  bcldap.hcjbc.org.

210       IN PTR  bcmta.hcjbc.org.

[/quote]

You lost me on this section. I do not remember setting up PTR records.
[quote]

You also have your firewall (10.100.177.5) in there as an authoritative NS for your domain... is that meant to be there?[/QUOTE]

For some reason, if I do not have this as one of the ns, I will not have external access from the machines. I use IPCop as my router/firewall/proxy/urlfilter/dhcp/ntp server. I disabled the DHCP, and now I can access the internet. I will be changing bcldap to bcdc as it will have to be the DHCP and DNS and NTP server now. And making a new bcldap.
I can now get dig to respond for my mx records.



[martinezjr@bcldap ~]$ host -v hcjbc.org

Trying "hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;hcjbc.org.			IN	A
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	SOA	bcldap.hcjbc.org. hcjbc.yahoo.com. 1264874199 10800 3600 604800 38400
Received 85 bytes from 10.100.177.205#53 in 8 ms

Trying "hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;hcjbc.org.			IN	AAAA
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	SOA	bcldap.hcjbc.org. hcjbc.yahoo.com. 1264874199 10800 3600 604800 38400
Received 85 bytes from 10.100.177.205#53 in 1 ms

Trying "hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:

;hcjbc.org.			IN	MX
;; ANSWER SECTION:

hcjbc.org.		380000	IN	MX	10 10.100.177.200.hcjbc.org.
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	NS	10.100.177.205.

hcjbc.org.		38400	IN	NS	10.100.177.200.
Received 114 bytes from 10.100.177.205#53 in 1 ms
[martinezjr@bcldap ~]$ dig mx hcjbc.org
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-9.P3.fc11 <<>> mx hcjbc.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:

;hcjbc.org.			IN	MX
;; ANSWER SECTION:

hcjbc.org.		380000	IN	MX	10 10.100.177.200.hcjbc.org.
;; AUTHORITY SECTION:

hcjbc.org.		38400	IN	NS	10.100.177.200.

hcjbc.org.		38400	IN	NS	10.100.177.205.
;; Query time: 2 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Fri Feb  5 18:23:08 2010

;; MSG SIZE  rcvd: 114
[martinezjr@bcldap ~]$

Who is online