DNS and mail setup for multiple network zones

jolentes · November 8, 2017, 12:12pm

Hi all,
I am new to UCS but have 18 years of experience with Linux/UNIX.

For a customer I currently plan a UCS implementation with office network with separated subnets for office, development and servers and a second server room in a different location.
NetworkOverview

In the DMZ a mail server shall handle in coming and out going mails. I would prefer to have a minimalistic installation on this server in the DMZ.
Would you use a UCS Member for that? PROS and CONS?

Can I manage the DNS for multiple sub-networks with a single UCS Master?

Thanks for your remarks in advance.
BR,
Jörn

ollikaa · December 14, 2017, 9:39am

Hi Jörn,
yes you can manage multiple subnets with one master.

It is also possible to use a member server in your DMZ as mail-gateway, but then you have to assure that LDAP is available, when emails are incomming. If not, the receiver can’t be authenticated and the mail goes back to the sender. So setup a redundant LDAP (DC + BDC) in your internal network, or use a Slave DC instead of a member server.

jolentes · December 15, 2017, 9:14am

Hi ollikaa,
thanks for your reply.

Why does it have to authenticate each user? The mail server can be configured to accept all mails for our domain.

BTW, I figured out the multi-zone DNS setup, even with DHCP-Relay from the inner networks to the UCS master.

BR,
Jörn

ollikaa · December 20, 2017, 8:31am

Hi Jörn,
sorry, “authenticate” was the wrong word. I meant if the addressed user is not known, because of an unavailable LDAP.