I thought this would solve my problem. It didn't.
Unfortunately, on my hunt last night for the answer, I found another post that said nslookup was nearly useless and that dig should be used.
My problem is that when installing Zimbra, the the Zimbra installer needs to see my internal MX record and it's not able to. Using dig shows me why:
Code:
# dig ptest.us +trace
; <<>> DiG 9.3.4-P1 <<>> ptest.us +trace
;; global options: printcmd
. 517575 IN NS I.ROOT-SERVERS.NET.
. 517575 IN NS J.ROOT-SERVERS.NET.
. 517575 IN NS K.ROOT-SERVERS.NET.
. 517575 IN NS L.ROOT-SERVERS.NET.
. 517575 IN NS M.ROOT-SERVERS.NET.
. 517575 IN NS A.ROOT-SERVERS.NET.
. 517575 IN NS B.ROOT-SERVERS.NET.
. 517575 IN NS C.ROOT-SERVERS.NET.
. 517575 IN NS D.ROOT-SERVERS.NET.
. 517575 IN NS E.ROOT-SERVERS.NET.
. 517575 IN NS F.ROOT-SERVERS.NET.
. 517575 IN NS G.ROOT-SERVERS.NET.
. 517575 IN NS H.ROOT-SERVERS.NET.
;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
us. 172800 IN NS I.GTLD.BIZ.
us. 172800 IN NS J.GTLD.BIZ.
us. 172800 IN NS K.GTLD.BIZ.
us. 172800 IN NS A.GTLD.BIZ.
us. 172800 IN NS B.GTLD.BIZ.
us. 172800 IN NS C.GTLD.BIZ.
;; Received 294 bytes from 192.36.148.17#53(I.ROOT-SERVERS.NET) in 81 ms
ptest.us. 7200 IN NS NS07.DOMAINCONTROL.COM.
ptest.us. 7200 IN NS NS08.DOMAINCONTROL.COM.
;; Received 81 bytes from 156.154.96.126#53(I.GTLD.BIZ) in 92 ms
ptest.us. 3600 IN A 66.43.220.149
ptest.us. 3600 IN NS ns07.domaincontrol.com.
ptest.us. 3600 IN NS ns08.domaincontrol.com.
;; Received 97 bytes from 216.69.185.4#53(NS07.DOMAINCONTROL.COM) in 80 ms
The above output shows that I'm going outside (somehow) for my resolution. I checked my resolve.conf to see why:
Code:
# cat /etc/resolv.conf
domain ptest.us
search ptest.us
If no ip-address is specified it should use 127.0.0.1. The above output shows that it is:
";; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms"
So, I removed the forwarders line from my named.conf and restarted the services:
Code:
# cat named.conf
// Allow queries from the corporate subnet
acl "corpnets" { localhost; localnets; };
options {
directory "/var/named"; // Working directory
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-query { corpnets; };
};
# service named restart
# service network restart
# dig ptest.us +trace
I received the same output from dig again. What I need to do is keep resolution internal until there can be no resolution, then go outside for all requests that cannot be satisfied internally.
What am I doing wrong?