1 Topic by ee (edited by ee 2020-07-16 15:04:31)

  • ee
  • Member
  • Offline
  • Registered: 2020-07-16
  • Posts: 2

Topic: What FQDN to give a virtual machine within Internet-facing host?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version: any (1.3.1 planned)
- Deployed with downloadable installer
- Debian 10
- MariaDB
- Nginx
====

Thanks for the amazing work you do!

I want to install iRedMail in a virtual machine within an internet-facing host. I am not sure whether/what FQDN name to give to the VM. 

Let's say the host is named host.mydomain.com and has one single IP, 1.2.3.4. The PTR record for 1.2.3.4 is set to host.mydomain.com
iptables/NAT will be used to forward the necessary ports to the VM running iRedMail on 172.16.1.1

The problem:
- If I name the VM "host.mydomain.com", the VM's and host's DNS resolver will get confused: is host.mydomain.com 127.0.0.1, 172.16.1.1, or 1.2.3.4 ?
- If I give the VM another FQDN, the PTR record for the IP will not match the VM name.

Can I give the VM a local name (non-FQDN) and simply change a configuration file to "fake" the mailer name as host.mydomain.com?

Or should I give the VM a FQDN and change the PTR accordingly? But what other DNS records do I need to create/change in this case, and can this create problems for other services?

I have full control of my DNS so if you have any other suggestions, I'm open. Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,796

Re: What FQDN to give a virtual machine within Internet-facing host?

- If this VM doesn't need to communicate with other servers, e.g. Gmail, Hotmail, Outlook, it's ok to use any FQDN you like because it's likely isolated. you can use fake FQDN like "mail.abc.com", "mail.example.com", whatever.
- If this VM will exchange messages with others, then it should be "host.mydomain.com". its /etc/hosts should be updated to include this name in the "127.0.0.1" line.

About 172.16.1.1 or 1.2.3.4, it totally depends on the DNS servers the clients use. If client uses an internal DNS server which resolves host.mydomain.com to 172.16.1.1, then it gets 172.16.1.1. If client uses a public DNS server (e.g. Google public DNS server 8.8.8.8 and 8.8.4.4), it gets the public IP address 1.2.3.4.