Zimbra Forums

You have 3 PTR records set up currently:10.100.177.205.hcjbc.org. IN PTR bcldap.hcjbc.org

10.100.177.200.hcjbc.org. IN PTR bcmailbox.hcjbc.org

10.100.177.210.hcjbc.org. IN PTR bcmta.hcjbc.org

The problem with them is that every application when looking up a PTR record for aaa.bbb.ccc.ddd will query the DNS server for "ddd.ccc.bbb.aaa.in-addr.arpa." but the PTR records you have setup only provide information for 10.100.177.200.hcjbc, so these records will never be used and are pointless. You should create the zone in-addr.arpa. similar to what I posted so that you have valid PTR records as a mail server needs them, and most other applications expect it.

(Also if you actually test those queries you are missing the "." at the end so it really returns "bcmta.hcjbc.org.hcjbc.org.", but since it will never get queried it doesn't really matter :rolleyes:)
Another thing which I forgot to mention last time is that MX records are supposed to have the FQDN of the server, not it's IP address. This is why it is showing "10.100.177.200.hcjbc.org." as your mail server. You entered in 10.100.177.200, and bind properly saw there was no terminating "." on there so it added the origin of "hcjbc.org.".
Since you have it split up I believe the MX record should be pointing to the MTA, sohcjbc.org. 380000 IN MX 10 bcmta.hcjbc.org.

Ok, so I have my Forward zone, Reverse zone, and my mx records set to the domain and not the machine. I get answers for all the above requested commands, but when I set up the bcmailbox (store) I get the password not verified. What am I to do now? I see alot of posting on this subject about the name not being verified with dns, but I can ping all three ways.

On bcmailbox what is the output of these:

dig bcmailbox.hcjbc.org. A

dig -x 10.100.177.200

> dig bcmailbox.hcjbc.org. A
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-10.P3.fc11 <<>> bcmailbox.hcjbc.org. A

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:

;bcmailbox.hcjbc.org. IN A
;; ANSWER SECTION:

bcmailbox.hcjbc.org. 38400 IN A 10.100.177.200
;; AUTHORITY SECTION:

hcjbc.org. 38400 IN NS 10.100.177.205.

hcjbc.org. 38400 IN NS 10.100.177.200.
;; Query time: 6 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Thu Feb 11 22:12:59 2010

;; MSG SIZE rcvd: 109


All is well, until ...


> dig -x 10.100.177.200
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-10.P3.fc11 <<>> -x 10.100.177.200

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;200.177.100.10.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:

10.in-addr.arpa. 8820 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800
;; Query time: 2 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Thu Feb 11 22:13:04 2010

;; MSG SIZE rcvd: 122

That "dig -x" causes it to do a reverse lookup of the IP address. The full query as you can see is the "200.177.100.10.in-addr.arpa. IN PTR", just like I mentioned earlier. Simply add the domain like I showed you and that query should return results.
What exactly did you mean by "when I set up the bcmailbox (store) I get the password not verified"? What is giving you that error?

Ok, I am lost, this is the only thing I get back for dig -x 10.100.177.200


; <<>> DiG 9.6.1-P3-RedHat-9.6.1-10.P3.fc11 <<>> -x 10.100.177.205

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;205.177.100.10.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:

10.in-addr.arpa. 10800 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800
;; Query time: 716 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Tue Feb 23 22:40:15 2010

;; MSG SIZE rcvd: 122


and my zone file is pretty much the same way as your example:



$ttl 38400

@ IN SOA bcdc.hcjbc.org. hcjbc.yahoo.com. (

2009091303

3H

1H

1W

1D )

IN NS bcdc.hcjbc.org.

0.177.100.10.in-addr.arpa. IN DNSKEY 257 asdfasdfasdfasdf

0.177.100.10.in-addr.arpa. IN DNSKEY 256 asdfasdfasdfasdf

205.177.100.10.in-addr.arpa. IN PTR bcdc.hcjbc.org.

200.177.100.10.in-addr.arpa. IN PTR bcmailbox.hcjbc.org.

0.177.100.10.in-addr.arpa. 38400 IN RRSIG SOA 3 6 38400 20100326033335 20100224033335 41061 0.177.100.10.in-addr.arpa. asdfasdfasdfasdf

0.177.100.10.in-addr.arpa. 38400 IN RRSIG NS 3 6 38400 20100326032601 20100224032601 41061 0.177.100.10.in-addr.arpa. asdfasdfasdfasdf

0.177.100.10.in-addr.arpa. 86400 IN NSEC 0.177.100.10.in-addr.arpa. NS SOA RRSIG NSEC DNSKEY

0.177.100.10.in-addr.arpa. 86400 IN RRSIG NSEC 3 6 86400 20100326033335 20100224033335 41061 0.177.100.10.in-addr.arpa. asdfasdfasdfasdf

0.177.100.10.in-addr.arpa. 38400 IN RRSIG DNSKEY 3 6 38400 20100319023834 20100217023834 20048 0.177.100.10.in-addr.arpa. asdfasdfasdfasdf

0.177.100.10.in-addr.arpa. 38400 IN RRSIG DNSKEY 3 6 38400 20100319023834 20100217023834 41061 0.177.100.10.in-addr.arpa. asdfasdfasdfasdf

177.100.10.in-addr.arpa. 86400 IN NSEC 0.177.100.10.in-addr.arpa. RRSIG NSEC

177.100.10.in-addr.arpa. 86400 IN RRSIG NSEC 3 5 86400 20100326033335 20100224033335 41061 0.177.100.10.in-addr.arpa. asdfasdfasdfasdf


What am I doing wrong??????

(I did change the bcldap to bcdc)

Hmmm, silly question: Are you sure that you actually added that zone to the zones BIND serves up? :rolleyes:

If it is showing up in the list of zones bind shows when it first starts, then I am not sure what the problem is here...


(Also just wondering: is bcdc behind a WAN link or something? "Query time: 716 msec" is retardedly long for a LAN connection)

My named.conf file:



options {

listen-on {

127.0.0.1;

10.100.177.205;

};

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside . trust-anchor dlv.isc.org.;

notify no;

allow-query {

any;

};

};
logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};


include "/etc/named.rfc1912.zones";
include "/etc/pki/dnssec-keys//named.dnssec.keys";

include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";

controls {

inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndckey; };

};
key rndckey {

algorithm hmac-md5;

//not actual code

secret "asdfghjkl";

};

zone "hcjbc.org" {

type master;

file "/var/named/hcjbc.org.hosts";

notify no;

allow-query {

any;

};

};

zone "0.177.100.10.in-addr.arpa" {

type master;

file "/var/named/10.100.177.0.rev";

notify no;

allow-query {

any;

};

};


and today's results:



[root@bcdc etc]# dig -x 10.100.177.200
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-10.P3.fc11 <<>> -x 10.100.177.200

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;200.177.100.10.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:

10.in-addr.arpa. 10445 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800
;; Query time: 2 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Wed Feb 24 21:49:00 2010

;; MSG SIZE rcvd: 122
[root@bcdc etc]#

Ah ha, there is your problem. The zone should be zone "177.100.10.in-addr.arpa" {
The "0." that you had at the start would be an entry within the file (if it was a valid address to query).

So,.....Where do I send the check?......


It's the simple things in life that matter. Like not ending a statement with a semicolon. Or not escaping quotation marks correctly. Or adding an extra octet to your reverse zone.


[martinezjr@bcdc ~]$ dig -x 10.100.177.205
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-10.P3.fc11 <<>> -x 10.100.177.205

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:

;205.177.100.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:

205.177.100.10.in-addr.arpa. 38400 IN PTR bcdc.hcjbc.org.
;; AUTHORITY SECTION:

177.100.10.in-addr.arpa. 38400 IN NS bcdc.hcjbc.org.
;; ADDITIONAL SECTION:

bcdc.hcjbc.org. 38400 IN A 10.100.177.205
;; Query time: 2 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Thu Feb 25 20:34:58 2010

;; MSG SIZE rcvd: 103
[martinezjr@bcdc ~]$ dig mx hcjbc.org
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-10.P3.fc11 <<>> mx hcjbc.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:

;hcjbc.org. IN MX
;; ANSWER SECTION:

hcjbc.org. 38400 IN MX 100 bcmta.hcjbc.org.
;; AUTHORITY SECTION:

hcjbc.org. 38400 IN NS bcdc.hcjbc.org.
;; ADDITIONAL SECTION:

bcdc.hcjbc.org. 38400 IN A 10.100.177.205
;; Query time: 5 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Thu Feb 25 20:36:52 2010

;; MSG SIZE rcvd: 84
[martinezjr@bcdc ~]$ dig any hcjbc.org

;; Truncated, retrying in TCP mode.
; <<>> DiG 9.6.1-P3-RedHat-9.6.1-10.P3.fc11 <<>> any hcjbc.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:

;hcjbc.org. IN ANY
;; ANSWER SECTION:

hcjbc.org. 38400 IN RRSIG SOA 3 2 38400 20100326033648 20100224033648 47944 hcjbc.org. asdf

hcjbc.org. 38400 IN RRSIG NS 3 2 38400 20100326033648 20100224033648 47944 hcjbc.org. asdf

hcjbc.org. 38400 IN RRSIG MX 3 2 38400 20100319024144 20100217024144 47944 hcjbc.org. asdf

hcjbc.org. 38400 IN NSEC bcdc.hcjbc.org. NS SOA MX RRSIG NSEC DNSKEY

hcjbc.org. 38400 IN RRSIG NSEC 3 2 38400 20100326023305 20100224023305 47944 hcjbc.org. asdf

hcjbc.org. 38400 IN RRSIG DNSKEY 3 2 38400 20100319023426 20100217023426 32861 hcjbc.org. asdfQ=

hcjbc.org. 38400 IN RRSIG DNSKEY 3 2 38400 20100319023426 20100217023426 47944 hcjbc.org. asdf

hcjbc.org. 38400 IN SOA bcdc.hcjbc.org. hcjbc.yahoo.com. 1266377668 10800 3600 604800 38400

hcjbc.org. 38400 IN NS bcdc.hcjbc.org.

hcjbc.org. 38400 IN DNSKEY 257 3 3 asdf7

hcjbc.org. 38400 IN DNSKEY 256 3 3 asdf

hcjbc.org. 38400 IN MX 100 bcmta.hcjbc.org.
;; ADDITIONAL SECTION:

bcdc.hcjbc.org. 38400 IN A 10.100.177.205
;; Query time: 9 msec

;; SERVER: 10.100.177.205#53(10.100.177.205)

;; WHEN: Thu Feb 25 20:36:57 2010

;; MSG SIZE rcvd: 1501
[martinezjr@bcdc ~]$ host `hostname`

bcdc.hcjbc.org has address 10.100.177.205

[martinezjr@bcdc ~]$ host -v hcjbc.org

Trying "hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;hcjbc.org. IN A
;; AUTHORITY SECTION:

hcjbc.org. 38400 IN SOA bcdc.hcjbc.org. hcjbc.yahoo.com. 1266377668 10800 3600 604800 38400
Received 83 bytes from 10.100.177.205#53 in 1 ms

Trying "hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;hcjbc.org. IN AAAA
;; AUTHORITY SECTION:

hcjbc.org. 38400 IN SOA bcdc.hcjbc.org. hcjbc.yahoo.com. 1266377668 10800 3600 604800 38400
Received 83 bytes from 10.100.177.205#53 in 1 ms

Trying "hcjbc.org"

;; ->>HEADER<
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:

;hcjbc.org. IN MX
;; ANSWER SECTION:

hcjbc.org. 38400 IN MX 100 bcmta.hcjbc.org.
;; AUTHORITY SECTION:

hcjbc.org. 38400 IN NS bcdc.hcjbc.org.
;; ADDITIONAL SECTION:

bcdc.hcjbc.org. 38400 IN A 10.100.177.205
Received 84 bytes from 10.100.177.205#53 in 2 ms

[martinezjr@bcdc ~]$