Recent Posts

Pages: [1]
1
Zimbra Email Issues / Split DNS in Zimbra
« Last post by forum on October 06, 2017, 12:00:24 PM »
Overview

Installations of Zimbra behind a firewall (or NAT Router) often require the creation of some form of split DNS, also called split-horizon or dual-horizon DNS. This is a DNS installation where machines receive different IP address answers to queries depending on whether they are (commonly) inside or outside a firewall and an IP address reply from the DNS server gives a Private Network IP address that is different than the Public IP of your internet connection. For further information on Private Network IP addresses see the following article: http://en.wikipedia.org/wiki/Private_network

This is because the Postfix mail system used by Zimbra performs a DNS MX lookup for the Zimbra server followed by a DNS A lookup when attempting to route email to the back-end message store. Frequently, this is the same physical host as Postfix. The DNS server frequently returns the external address of the mail host, not the internal address. Depending on how the firewall and network are configured, the external address may not even be reachable from the mail host, and mail will not be delivered.

Split DNS avoids this problem by providing an internal DNS server (this example uses bind or dnsmasq) that can be used to resolve the internal address of the server. This guide will detail how to set up a very specific, single-host DNS server (i.e. bind or dnsmasq) that can be installed on the Zimbra host itself so that it can resolve its own address. This should not be used for a multi-node Zimbra installation, and should not be used as the DNS server for any other hosts on your network.

It is possible to use a generalized split-horizon DNS server to perform this function, but it will need to be set up differently, and many people recommend against it because even a couple ms of delay can be too much on a heavily loaded system. If you decide to use another DNS server on your LAN then any functioning DNS server that provides a LAN IP response for the DNS MX lookup of the Zimbra server will do (BIND, Active Directory, PowerDNS etc.), check the 'Verify...' section in this article for details on how to check that your DNS server is configured correctly.

Attention! the use of Bind or dnsmasq are mutually exclusive, you have to setup one OR the other!
Configuring Bind on the Zimbra Server
Install Bind on Red Hat Enterprise Linux

Use up2date to download bind from Red Hat Network.
Install bind9 on Ubuntu/Kubuntu Hardy Heron

apt-get install bind9

You could also make sure it is installed from Synpatic Package Manager or Adept.
Edit the named.conf file

    Substitute your fully-qualified server name for server.example.com
    If named runs in a chroot'ed directory (i.e. /var/named/chroot), named.conf should be placed in

/etc/named/chroot/etc/named.conf and you should create a symbolic link to /etc/named.conf,

    i.e. ln -s /etc/named.conf /etc/named/chroot/etc/named.conf
    or ln -s /etc/bind/named.conf /etc/bind/named/chroot/etc/named.conf

    For Red Hat, edit: /etc/named.conf
    For Ubuntu/Kubuntu, edit: /etc/bind/named.conf.options


// Default named.conf generated by install of bind-9.2.4-2
options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { <address of current DNS server> ; };
};
include "/etc/rndc.key";
// We are the master server for server.example.com
zone "server.example.com" {
    type master;
    file "db.server.example.com";
};

Make sure to set the forwarders to match the DNS servers currently in use on your system. The forwarders setting allows the server to query those DNS servers for any addresses for which it is not authoritative.
Create a /var/named/db.server.example.com zone file

    If named runs in a chroot'ed directory /var/named/chroot, db.server.example.com should be placed in /etc/named/chroot/var/named/db.server.example.com and you should create a symbolic link to /var/named/db.server.example.com

;
;       Addresses and other host information.
;
@       IN      SOA     server.example.com. hostmaster.server.example.com. (
                               10118      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum
;       Define the nameservers and the mail servers
        IN      NS      <internal address of server>
yourdomain.com.         IN      MX      10 mail.yourdomain.com.
mail.yourdomain.com.    IN      A       <internal address of server>

Change /etc/resolv.conf

    Change /etc/resolv.conf to use the Zimbra server as the primary DNS address.
    Also remember to change the search path to be the name of the Zimbra server.

Start named on the zimbra server

/etc/init.d/named start

Enable autostart of named on boot

chkconfig named on

Configuring dnsmasq on the Zimbra Server

dnsmasq is a very powerful tool that can provide basic dns services/caching, act as dhcp server and also as tftp server. It's also easy to setup. So you can use dnsmasq INSTEAD of bind following these instructions.
Install dnsmasq on Debian GNU/Linux

aptitude install dnsmasq

Edit the /etc/dnsmasq.conf file

Let's say that upstream dns are 8.8.8.8 and 208.67.222.222. Put only these lines in the config file:

server=8.8.8.8
server=208.67.222.222
domain=yourdomain.com
mx-host=yourdomain.com,mail.yourdomain.com,5
listen-address=127.0.0.1

Edit the /etc/hosts file

The loopback line should look like this:

127.0.0.1 localhost.localdomain localhost

You need a line to resolve the IP of mail.yourdomain.com to the private IP of the zimbra server, so make sure you have:

192.168.1.30    mail.yourdomain.com mail

Edit the /etc/resolv.conf file

To have the host resolv through dnsmasq, you have to set your localhost (127.0.0.1) as nameserver

search yourdomain.com
nameserver 127.0.0.1

Restart dnsmasq

To have the settings take effect, you have to restart dnsmasq

/etc/init.d/dnsmasq restart

Verify that everything is working

To verify that your configuration of DNS is correct you should run the following commands on the Zimbra server itself (the expected output is in the boxes below the commands).: This is true whatever DNS program you use for this kind of configuration (i.e. dnsmasq instead of bind9).

dig yourdomain.com mx

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> yourdomain.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20907
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;yourdomain.com.                IN      MX

;; ANSWER SECTION:
yourdomain.com. 7200    IN      MX      30 mail.yourdomain.com.

;; ADDITIONAL SECTION:
mail.yourdomain.com. 7200 IN  A       192.168.1.30

;; Query time: 4 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Thu Jul 15 14:38:48 2010
;; MSG SIZE  rcvd: 140

dig yourdomain.com any

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> yourdomain.com any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36845
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;yourdomain.com.                IN      ANY

;; ANSWER SECTION:
yourdomain.com. 7200    IN      NS      ns1.yourdomain.com.
yourdomain.com. 7200    IN      A       192.168.1.30
yourdomain.com. 7200    IN      SOA     yourdomain.com. admin. 2010051304 10800 3600 1814400 7200
yourdomain.com. 7200    IN      MX      10 mail.yourdomain.com.
yourdomain.com. 7200    IN      NS      ns2.yourdomain.com.

;; ADDITIONAL SECTION:
mail.yourdomain.com. 7200 IN     A       192.168.1.30
ns2.yourdomain.com.  7200 IN     A       192.168.1.11
ns1.yourdomain.com.  7200 IN     A       192.168.1.10

;; Query time: 11 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Thu Jul 15 14:38:52 2010
;; MSG SIZE  rcvd: 367

host $(hostname)

mail.yourdomain.com has address 192.168.1.30

NOTE: The host $(hostname) command should be typed exactly as you see, don't change the word "hostname" to anything else.

You should also note that the output on your system may be slightly different than above examples but there should be an A record that points to the LAN IP address of your Zimbra server and an MX record that contains the FQDN (Fully Qualified Domain Name - that's the hostname plus the domain name and it's mail.yourdomain.com in the examples) of your Zimbra server.

You should also make sure that the DNS server that is responding to your dig commands is the one you have configured on your LAN and it's the one that has your Zimbra server DNS records. If you see any IP that is not the correct LAN IP or the correct DNS server then you have entered the wrong information in your DNS configuration files.

If you're asked in the forums to provide the information to confirm your DNS is correct then, in addition to the above information, you should also supply the output of the following commands (run on your Zimbra server):

cat /etc/resolv.conf
cat /etc/hosts

In this article it's assumed that you're installing the DNS server on your Zimbra server so your resolv.conf should look like this:

search yourdomain.com
nameserver 127.0.0.1

Although it's mentioned in other articles it bears repeating that your hosts file should look like this:

127.0.0.1 localhost.localdomain localhost
192.168.1.30 mail.yourdomain.com mail

The line for the loopback adapter (127.0.0.1) should be formatted as shown. The hosts file should also be formatted as shown and have the LAN IP of your Zimbra server (as shown in the DNS records) and contain the hostname (mail) and your domain name (yourdomain.com) which gives you the Fully Qualified Domain Name (FQDN) of your server 'mail.yourdomain.com'.

If you have a number of servers inside the firewall that need to use internal addresses to communicate to each other, you should consider setting up a full internal DNS server that can be authoritative for the whole domain. This example is not suitable for this task.
2
Zimbra Email Issues / Zimbra Email
« Last post by forum on October 06, 2017, 11:57:07 AM »


Why would chose Zimbra as email system

 8) 8)
3
General IT Issue / Advantages Cloud Computing
« Last post by forum on October 06, 2017, 11:49:36 AM »
For start-up businesses the cloud offers an essential differentiator. For the first time, anyone with an idea can start a business and get it up and running quickly on an enterprise-grade IT infrastructure that’s flexible enough to accommodate growth, yet requires minimal up-front capital expenditure.

For small to medium sized businesses that have limited IT resources, the cloud allows you to focus on running your business rather than your IT. You can take advantage of a wide portfolio of compute, storage and network products, then cost effectively scale on-demand as your business grows — often while delivering faster time to market than previously achievable.

Mid to large enterprises often face complex hosting needs, varying departmental and corporate-wide infrastructure requirements, high traffic websites and demanding applications. For them, the cloud can often drive down costs and deliver increased operational efficiency, productivity, agility and flexibility.



Advantages and Disadvantages of Cloud Computing

There is no doubt that businesses can reap huge benefits from cloud computing. However, with the many advantages, come some drawbacks as well. Take time to understand the advantages and disadvantages of cloud computing, so that you can get the most out of your business technology, whichever cloud provider you choose.
Advantages of Cloud Computing
Cost Savings

Perhaps, the most significant cloud computing benefit is in terms of IT cost savings. Businesses, no matter what their type or size, exist to earn money while keeping capital and operational expenses to a minimum. With cloud computing, you can save substantial capital costs with zero in-house server storage and application requirements. The lack of on-premises infrastructure also removes their associated operational costs in the form of power, air conditioning and administration costs. You pay for what is used and disengage whenever you like - there is no invested IT capital to worry about. It’s a common misconception that only large businesses can afford to use the cloud, when in fact, cloud services are extremely affordable for smaller businesses.
Reliability

With a managed service platform, cloud computing is much more reliable and consistent than in-house IT infrastructure. Most providers offer a Service Level Agreement which guarantees 24/7/365 and 99.99% availability. Your organization can benefit from a massive pool of redundant IT resources, as well as quick failover mechanism - if a server fails, hosted applications and services can easily be transited to any of the available servers.
Manageability

Cloud computing provides enhanced and simplified IT management and maintenance capabilities through central administration of resources, vendor managed infrastructure and SLA backed agreements. IT infrastructure updates and maintenance are eliminated, as all resources are maintained by the service provider. You enjoy a simple web-based user interface for accessing software, applications and services – without the need for installation - and an SLA ensures the timely and guaranteed delivery, management and maintenance of your IT services.
Strategic Edge

Ever-increasing computing resources give you a competitive edge over competitors, as the time you require for IT procurement is virtually nil. Your company can deploy mission critical applications that deliver significant business benefits, without any upfront costs and minimal provisioning time. Cloud computing allows you to forget about technology and focus on your key business activities and objectives. It can also help you to reduce the time needed to market newer applications and services.
Disadvantages of Cloud Computing
Downtime

As cloud service providers take care of a number of clients each day, they can become overwhelmed and may even come up against technical outages. This can lead to your business processes being temporarily suspended. Additionally, if your internet connection is offline, you will not be able to access any of your applications, server or data from the cloud.
Security

Although cloud service providers implement the best security standards and industry certifications, storing data and important files on external service providers always opens up risks. Using cloud-powered technologies means you need to provide your service provider with access to important business data. Meanwhile, being a public service opens up cloud service providers to security challenges on a routine basis. The ease in procuring and accessing cloud services can also give nefarious users the ability to scan, identify and exploit loopholes and vulnerabilities within a system. For instance, in a multi-tenant cloud architecture where multiple users are hosted on the same server, a hacker might try to break into the data of other users hosted and stored on the same server. However, such exploits and loopholes are not likely to surface, and the likelihood of a compromise is not great.
Vendor Lock-In

Although cloud service providers promise that the cloud will be flexible to use and integrate, switching cloud services is something that hasn’t yet completely evolved. Organizations may find it difficult to migrate their services from one vendor to another. Hosting and integrating current cloud applications on another platform may throw up interoperability and support issues. For instance, applications developed on Microsoft Development Framework (.Net) might not work properly on the Linux platform.
Limited Control

Since the cloud infrastructure is entirely owned, managed and monitored by the service provider, it transfers minimal control over to the customer. The customer can only control and manage the applications, data and services operated on top of that, not the backend infrastructure itself. Key administrative tasks such as server shell access, updating and firmware management may not be passed to the customer or end user.

It is easy to see how the advantages of cloud computing easily outweigh the drawbacks. Decreased costs, reduced downtime, and less management effort are benefits that speak for themselves.



4
General IT Issue / Emerging Technology
« Last post by forum on October 06, 2017, 11:19:44 AM »


Which is your favorite emerging technology

 8) 8) 8)
Pages: [1]