Matt Gibson » microsoft

Setting up Split-Split DNS with Windows SBS 2003 DNS Services, easily.

Matt G — Sun, 13 Jul 2008 09:23:33 +0000

Have you ever wondered how you could access your external hostnames, internal to your network connected via wifi, mobile devices or just plain old desktops? Today we found out we needed to. Our mobile devices require the use of external hostnames to sync data against. And it’s nice being able to use our external hostname for Outlook Web Access, and debugging internally.

For example:

Billy wants to visit http://www.mycompanyname.com
Billy can’t because that particular site is hosted off the external IP of the network he’s on. Gosh, what to do?
Billy Reads the Howto Setup SPLIT-SPLIT DNS with SBS 2003 DNS Server below
Billy can now visit http://www.mycompanyname.com because it’s mapped to the internal ip of 192.168.1.1 or whatever your networking scheme is.
Billy is now happy.

Off we went to Google, to try and find out what we needed; DNS Redirection? No, IP Port Redirection? No, Redirect External IP to Local IP, No. Tiresom it was, searching for this.

Then we decided to try and jump right in to figuring it out. First, we tried doing it at the router level, but none of us are IOS guru’s so this quickly became out of the question. Next we tried running a secondary DNS server on the SBS2K3 Server, and transferring the domain from our live server at the Datacenter in Seattle. This also didn’t work because once the domain was transferred into our secondary DNS on the Windows 2003 Server we weren’t able to edit any of the records. Pitty.

So, on we were to IRC. Ahhh, IRC. Not too many people use it anymore, but usually really cool people are available to help out. After asking in a couple channels we figured out that what we needed to do was set up something called Split-Split DNS. Basically all this is, is the method of running two DNS Servers. One inside your network, and one external to your network. Here’s a Microsoft Article on the subject of Enterprise DNS Design which involves Split-Split DNS. This allows for internal hosts behind NAT networks to see external hostnames as if they are on the internal network.

With a bit more searching we came across this excellent post by Ginger Lime. Using their instructions we have created a simple howto for doing the same thing on your internal domain.

With our little howto, you’ll be able to get this done quickly and easily on your internal windows sbs 2003 domain name server. Please readon for the howto.

First, we’ll have to open the DNS control panel. This is in the main server management console, under the computer management box. Here’s a screenshot. Make sure you enter into the Forward Lookup Zones box.

Now, right click on “Forward Lookup Zones” and click on “Add New Zone“. Like This.

Now you’ll be presented with the New Zone Wizard window. Click Next.

Now, Select a primary Zone for this tutorial.

Disable the storage of the information in Active Directory. Click Next.

Now type in your domain name that you want to resolve internally. Some common ones might be dev.yourdomain.com or www.yourdomain.com or similar. Click Next.

This window will be automatically filled out for you. Just click Next.

Now, make sure you don’t allow dynamic updates. This record is something you should be manually updating only. Click Next.

Your new zone is complete. Click Finish.

Now, Right Click your new zone (external.hostname.com), and select to “New Host (A)”. Let go of your mouse button now.

Now, add your internal IP address to the host, but leave the Name blank. Like this. Also leave the PTR record one un-checked since we don’t need it. Click Add Host.

You should see a message like this pop up.

Click on the Done button to leave this window.

Now you should see a blank host, with the internal IP address you specified during the last section of this tutorial.

Now you’re finished setting up a SPLIT-SPLIT DNS server using SBS2k3.

Go over to a different computer on your network that uses the Windows 2003 SBS Server as it’s DNS Controller, and try a nslookup or ping against the external hostname you’ve just added. If you get ping returns you’re good to go.

Using SSL POP3 (Google Apps/Gmail) with Kayako SupportSuite

Matt G — Fri, 20 Jun 2008 04:02:25 +0000

Many of us need to run Support Software to keep on top of client needs and requests, as well as remove some of the burden from our support staff.

Because of this need, we are using Kayako SupportSuite for our helpdesk application. While setting it up, we noticed that the latest release has a little bit of an issue with fetching mail using google’s pop3 service.

We haven’t looked into the problem too much, but we have noted that there is mention of it on the Kayako Forums that other users are experiencing the same difficulties.

Of course, we made sure our PHP installation was indeed compiled with SSL and IMAP and IMAP-SSL support, but this still did not fix the problem. So far, this is the only “solution” given by the Kayako support representatives.

Well, we actually wanted it to work, so we dug a little furthur into it. As it turns out, it’s not actually Kayako’s fault that this doesn’t work, but merely a not-so-great implementation of SSL/POP3 in PHP. Kayako could work around this, and are aware of the problem so we assume it will get fixed in future releases.

We did get IMAP SSL working using the Kayako fetching script, but IMAP is not perfect for support queues. So, we still wanted to get POP3 working. No matter what was tried, we could not get it to work.

Then, an ephinany hit – we also use Microsoft Small Business Server on our Intranet, and we ran into this problem previously with Exchange server not being able to communicate with SSL enabled mail hosts.

So, we introduced the same hack that we did on the Microsoft Exchange Server, to our Kayako SupportSuite Linux Server.

We used Stunnel.

Elegant? No. Best Solution Ever? No. Does it work? So far, flawlessly.

It’s very easy to setup, and get going. Here is what we had to do under Gentoo Linux.

First we made sure our use flags were proper

# emerge -pv stunnel

Which outputs this

net-misc/stunnel-4.21-r1 USE=”ssl tcpd -ipv6 (-selinux)”

This looks fine, we need tcpd, and ssl. Now we install stunnel.

# emerge stunnel

Then we have to configure some options, which are very straight forward

# nano /etc/stunnel/stunnel.conf

Now we make the file look like this

setuid = stunnel
setgid = stunnel
pid = /var/run/stunnel/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
output = stunnel.log
client = yes
debug = 7

[pop3s]
accept = 127.0.0.1:1109
connect = pop.gmail.com:995

[smtps]
accept = 127.0.0.1:259
connect = smtp.gmail.com:465

Save and exit the file. These lines will make the SMTP-SSL server listen on localhost port 259, and connect out to gmail at port 465. The POP-SSL will be listening on localhost port 1109, connecting out to gmail on port 995.

That’s it for the stunnel configuration. You can start it up like so.

# /etc/init.d/stunnel start

Now add it to your defaults so it will auto start

# rc-update add stunnel default

So, we’re done with the stunnel configuration. Now we’ll need to configure Kayako so make use of this.

Login to your Kayako Administration Interface
Click on Settings on the left menu
Click on CPU Optimization & Server
Scroll down to “SMTP Settings” and make sure it’s the following:Enable SMTP: Yes
SMTP Host: 127.0.0.1
SMTP Port: 259
Use SMTP Authentication: Yes
SMTP Username: youraddress@gmail.com (or youraddress@yourdomain.com)
SMTP Password: yourpassword
Click Update Settings.

Now we’re done with the SMTP setup, so we’ll have to setup your email queues with the proper information. We’ll assume you’ve already read the Kayako documentation on email queues and will not go into them here.

Still in the Kayako Administration Interface Click Mail Parser on the left menu
Now click on Manage E-mail Queues from the dropdown menu
Click on your Email Queue (for example: support@yourdomain.com) or create a new one
Scroll down to Login Information and ensure these settings are configured:Host: 127.0.0.1
Port: 1109
Username: youraddress@gmail.com (or youraddress@yourdomain.com)
Password: yourpassword
Configure any other options for your email queue.
Scroll down and click on Update to save your changes.
Repeat with any other email queues changing the email address/password for each account.

Now you are finished the Kayako configuration. You should be able to run your administrative cron script to check for new mail. Check the Scheduled Tasks -> Task Log to verify that your mail is being fetched. If you don’t know what we’re talking about here, you haven’t read the Kayako documentation, and should do so now.

We’ve been using this for a few weeks now and haven’t had an issue. It’s cronned to check mail every 2 minutes, and we have the added benefit of Google Apps archiving all incoming mail for us automatically before Kayako picks it up for delivery.

Hope you like the tutorial, we welcome feedback in the comments.