Install NTP and DNS for Zimbra mail server

This entry is part 2 of 7 in the series Install Zimbra Mail Server 8.8.12

SystemMen - In this article, I will show you how to install NTP and DNS for Zimbra mail server.

As in the previous article, you have prepared a server to install Zimbra. Now, we will continue to prepare NTP and DNS for mail servers.

Install and set up NTP service

There is a service that quite a lot of people ignore when installing the server is NTP. Although when you install CentOS 7, it also asks you to select the time zone for the server.

However, that may not work exactly as you want.

You type the following command to install the NTP package.

[root@mail ~]# yum install ntp -y

Next, we enable and start NTP service.

[root@mail ~]# systemctl enable ntpd && systemctl start ntpd

You can now check whether the NTP service is working by typing the following command.

[root@mail ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
*  2 u  718 1024  377   12.599    0.500   1.271

Install and set up DNS for Zimbra mail server

I have encountered many errors when installing Zimbra, the main reason is due to DNS.

install-ntp-and-dns-for-zimbra-mail-server Install NTP and DNS for Zimbra mail server
Install NTP and DNS for Zimbra mail server.

In Zimbra, it has Zimbra-DNSCache package, which Zimbra will install local DNS on your MTA server. This helps queries out the internet faster.

However, we are installing single server, so the MTA is in a single server. Therefore, before installing Zimbra, we need to install the DNS server and it will be right on the Zimbra mail server.

You type the following command to install DNS packages.

[root@mail ~]# yum install bind bind-utils -y

Configure /etc/named.conf file

Next, you edit the /etc/named.conf file as follows.

// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 {;; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { localhost;; };

	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable
	 - If your recursive DNS server has a public IP address, you MUST enable access
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/";
	session-keyfile "/run/named/session.key";

	forwarders {; };

logging {
        channel default_debug {
                file "data/";
                severity dynamic;

zone "." IN {
	type hint;
	file "";

zone "" {
	type master;
	file "";

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Please note the following in /etc/named.conf.

  • listen-on port 53 {;; }; : Add your server’s IP to this line
  • allow-query { localhost;; }; : Add your server’s IP to this line
  • forwarders {; }; : Add this line at the end of the options block
  • Add zone for your domain.
zone "" {
	type master;
	file "";

Create domain zone file

Now, you create the file zone for your domain using the following command.

[root@mail ~]# nano /var/named/

After that, you add the following content to the file and save it, note the edit information for matching your server and domain.

; BIND data file for local loopback interface
$TTL    86400
@       IN      SOA (
		10118	  ; Serial
		604800    ; Refresh
		86400     ; Retry
		2419200   ; Expire
		604800 )  ; Negative Cache TTL

; name servers - NS records

@       IN      NS
@               MX	10

; name servers - A records

ns1	IN	A
mail	IN	A

Start the DNS service and check the record

You type the following command to enable and start the DNS service.

[root@mail ~]# systemctl enable named && systemctl start named

You can then check the record with the following 2 commands.

[root@mail ~]# dig -t A
[root@mail ~]# dig -t MX

Or with this command.

[root@mail ~]# dig yourdomain any


So, you have finished preparing NTP and DNS for your Zimbra mail server. Next article, we will install Zimbra on this server.

Continue reading the series«« Previous part: Prepare to install Zimbra mail server 8.8.12Next part: Install Zimbra mail server in CentOS 7 »»

«« »»