Split dns for zimbra. overview

Installations of Zimbra behind a firewall (or NAT Router) often require the creation of some form of split DNS, also called split-horizon or dual-horizon DNS. This is a DNS installation where machines receive different IP address answers to queries depending on whether they are (commonly) inside or outside a firewall and an IP address reply from the DNS server gives a Private Network IP address that is different than the Public IP of your internet connection. For further information on Private Network IP addresses see the following article: http://en. wikipedia. org/wiki/Private_network
This is because the Postfix mail system used by Zimbra performs a DNS MX lookup for the Zimbra server followed by a DNS A lookup when attempting to route email to the back-end message store. Frequently, this is the same physical host as Postfix. The DNS server frequently returns the external address of the mail host, not the internal address. Depending on how the firewall and network are configured, the external address may not even be reachable from the mail host, and mail will not be delivered.
Split DNS avoids this problem by providing an internal DNS server (this example uses bind or dnsmasq) that can be used to resolve the internal address of the server. This guide will detail how to set up a very specific, single-host DNS server (i. e. bind or dnsmasq) that can be installed on the Zimbra host itself so that it can resolve its own address. This should not be used for a multi-node Zimbra installation, and should not be used as the DNS server for any other hosts on your network.
It is possible to use a generalized split-horizon DNS server to perform this function, but it will need to be set up differently, and many people recommend against it because even a couple ms of delay can be too much on a heavily loaded system. If you decide to use another DNS server on your LAN then any functioning DNS server that provides a LAN IP response for the DNS MX lookup of the Zimbra server will do (BIND, Active Directory, PowerDNS etc.), check the ‘Verify…’ section in this article for details on how to check that your DNS server is configured correctly.
Attention! the use of Bind or dnsmasq are mutually exclusive, you have to setup one OR the other!



Split dns for zimbra. overview