1 2 Previous Next 15 Replies Latest reply: Jan 6, 2013 7:24 AM by FromOZ
Shai Shefer Level 1 Level 1 (45 points)

I'd like to make sure I'm setting up DNS correctly on a small business network on 10.8.2 server.

 

Basic Assumptions:

Outside Static IP: 10.0.0.0

Server Internal IP: 192.168.1.2

Domain: domain.com

Server Host Name: server.domain.com

Google Apps Services Entries: mail.domain.com, calendar.domain.com

 

Already Done:

server.example.com on our registrar points to External (static) IP

 

We're using an airport extreme and in the internet settings I configured the top DNS server to match my server host name.  Everything is setup nicely and hums along, but any time a user tries to access a google app service at *.domain.com the name can't resolve.  In fact domain.com does not resolve at all.

 

When I change the airport extreme DNS entries to generic settings (let's tale the google 8.8.8.8 and 8.8.4.4) all client machines can access the google apps services but connecting to the server requires them to type in the servers internal IP address.

 

How can I setup the airport and server so that only the server hostname (server.domain.com) resolves to my server but *.domain.com or domain.com get forwarded?

 

Am I completely missing something in doing this?

 

Thank you!

  • 1. Re: Basic DNS Issue and Resolving Addresses
    FromOZ Level 2 Level 2 (405 points)

    I don't think so...

     

    Outside Static IP: 10.0.0.0

    Server Internal IP: 192.168.1.2

    Domain: domain.com

    Server Host Name: server.domain.com

    Google Apps Services Entries: mail.domain.com, calendar.domain.com

     

    1. 10.0.0.0 is one of the private address ranges, it is not routeable on the Internet. Where did you get this address from?
    2. 192.168.1.2 — potentially OK
    3. domain.com — I don't think that whole domain belongs to you... 'domain.com' is owned by some large hosting company, they rent out sub-domains
    4. server.domain.com, mail.domain.com, calendar.domain.com — I don't think so... see point 3. If you don't own 'domain.com' the TLD then each of these will be sub-domains.

     

    In one part of your post you say 'server.domain.com' then here

     

    Already Done:

    server.example.com on our registrar points to External (static) IP

     

    you say 'server.example.com' — which is it? BTW neither of them are valid. Type in 'example.com' into a web browser and see what you get.

     

     

    "Am I completely missing something in doing this?"

     

    Afraid so. Basically you have to throw the whole thing away and do it again properly.

     

    I am guessing you will be asking for pointers?

     

     

    p.s. if you installed OS X Mountain Lion server with those DNS settings above you will likely have to do a total reinstall of the Mountain Lion OS followed by Mountain Lion Server because (I suspect) your DNS & host settings are totally wrong and OS X Server doesn't like you if you go doing things like changing host names etc.

  • 2. Re: Basic DNS Issue and Resolving Addresses
    FromOZ Level 2 Level 2 (405 points)

    Have a look at this posting I did in another thread

     

    https://discussions.apple.com/message/20736528#20736528

     

    it has the basic instructions on installing OS X Mountain Lion Server. I'll add some more specific DNS details for you shortly.

  • 3. Re: Basic DNS Issue and Resolving Addresses
    Shai Shefer Level 1 Level 1 (45 points)

    IP Address are just dummy holders for external...

  • 4. Re: Basic DNS Issue and Resolving Addresses
    FromOZ Level 2 Level 2 (405 points)

    IP Address are just dummy holders for external...

     

    Does not compute — please explain.

  • 5. Re: Basic DNS Issue and Resolving Addresses
    Shai Shefer Level 1 Level 1 (45 points)

    IP address and "domain.com" are just place holders.  I have a registered domain, static IP, etc...  I used generic terms and numbers to make it easier to sort out.

     

    Basically the issue I have is what is the proper way to allow users to connect to my server using "server.domain.com" rather than an IP address?

     

    - Do I setup machines with the server's interal IP as a DNS?

    - Do I setup the airport with the server's interal IP as a DNS?

    - Do I bind all the machines to the server's OD first?

     

    IN SHORT:

    Looking to be able to have the server offer DNS services while still resolving other subdomains to the appropriate address.

     

    Example:

    server.domain.com => internal server

    mail.domain.com => google apps hosted email

  • 6. Re: Basic DNS Issue and Resolving Addresses
    FromOZ Level 2 Level 2 (405 points)

    From the DNS point of view this is basically how you proceed. I will make some assumptions, pls advise if they are not correct. Let's also assume that you have registered the domain "iwantaserver.com" and the domain is under your control.

     

    1. You own/control the domain iwantaserver.com.
    2. You have some external DNS provider, let's say DynDNS, providing external DNS name resolution for you.
    3. You have a broadband Internet connection over say fiberglass, ADSL, cable or something.
    4. Your ISP gives you a dynamic IP address on the Internet and it is (for example) 123.123.123.123
    5. You have infrastructure from your ISP at your location but the Internet legal IP address is bound to the WAN interface of your Airport Extreme. The WAN interface of your Airport Extreme does NOT have a non-routeable IP address (i.e. anything in the 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 address ranges)
    6. Your LAN interface on your Airport Extreme is 192.168.1.1 — it is the gateway for your 192.168.1.0/24 network.
    7. You use the Airport Extreme as your DHCP server
    8. You have public DNS servers listed in the DHCP server in your Airport Extreme. Some examples 8.8.8.8, 4.4.4.4 for Google DNS.

     

    This is setup before installing OS X Server. It all works and people can get to the Internet etc.

     

    Then you start with installing OS X server.

     

    1. Find out your real external Internet IP address - in web browser go to checkip.dyndns.org. Write down the address
    2. Your internal network is 192.168.1.0/24, gateway is 192.168.1.1, server will be static IP address of 192.168.1.2
    3. Before install of server change name & host name of server respectively to 'Server' & 'server.iwantaserver.com'
    4. Set search domain to 'iwantaserver.com'
    5. Install server
    6. Turn on DNS service on server.iwantaserver.com
    7. Point forwarders to previous external DNS servers
    8. Delete the initial domain created by server install (server.iwantaserver.com) and create domain iwantaserver.com
    9. The DNS server on server.iwantaserver.com has to be (for your internal network/clients) authoritative for domain iwantaserver.com
    10. Check the DNS server, only if it is OK proceed
    11. Change DHCP from what it was before (Airport Express?) to the new server, put in entries for DNS server, gateway etc.
    12. Go to your external DNS provider and add/change entry for server.iwantaserver.com to IP address found in step 1

     

    As you can see there are a number of steps, this list is not complete... I don't know which steps you did or didn't do but I can tell you if DNS is messed up on the server then I would be starting from scratch... the whole OS, not just Server app re-install.

     

    I recommend you to buy this book — Apple Pro Training Series: OS X Server Essentials: Using and Supporting OS X Server on Mountain Lion — it has detailed instructions.

  • 7. Re: Basic DNS Issue and Resolving Addresses
    Shai Shefer Level 1 Level 1 (45 points)

    Ok - Thanks.

     

    I've already done everything in the first section with my static IP.

    For the second section, I've done up to step 8.

     

    Some follow questions:

    So the default DNS setup is not correct?  Could you clarify step #9 in regards to making it authoritative?  Does the server have to issue out IP addresses or is that something that the airport can remain in charge of?

     

    Thanks again - I will look into the book.

  • 8. Re: Basic DNS Issue and Resolving Addresses
    FromOZ Level 2 Level 2 (405 points)

    'Authoritative' means that for clients on the network 192.168.1.0/24 (your local LAN) the DNS server on the OS X server machine says I am the authoritative / the final word, source for all DNS records and information for the domain 'iwantaserver.com'. Of course we know that on the Internet (unless you specific that your home office DNS server also serves DNS for your domain — which I wouldn't do) there is another DNS server machine which is official for your domain. The reason to do it this way (which yes is double work) is to control what clients in your LAN do.

     

    To make your server authoritative you simply say in the Server | Services | DNS section that for the zone iwantaserver.com the nameserver is server.iwantaserver.com and the machine record for server.iwantaserver.com is 192.168.1.2 (in the System Preferences | Network section you will see that the DNS server is 127.0.0.1 that's OK, that is the localhost IP. Again have to say that the book I mentioned has all this information in it in much more detail + screenshots, I strongly advise you to get a copy, the Kindle price is cheaper than the printed book.

     

    To check this on the server you can run the Network Utility program and in the 'Lookup' tab type in (again we are using the pseudo domain 'iwantaserver.com' your real one is obviously different, and assuming that server.iwantaserver.com IP is 192.168.1.2) 'iwantaserver.com'. You should see something like this if you have setup DNS correctly. Basically the OS X server has taken over serving DNS queries for the domain — they no longer go to the Internet.

     

     

    Lookup has started…

     

    Trying "iwantaserver.com"

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38381

    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

     

    ;; QUESTION SECTION:

    ;iwantaserver.com.                    IN          ANY

     

    ;; ANSWER SECTION:

    iwantaserver.com.          10800      IN          SOA        iwantaserver.com. admin.iwantaserver.com. 2012122801 3600 900 1209600 86400

    iwantaserver.com.          10800      IN          NS         server.iwantaserver.com.

    iwantaserver.com.          10800      IN          A          192.168.1.2

    iwantaserver.com.          10800      IN          MX         10 server.iwantaserver.com.

     

    ;; ADDITIONAL SECTION:

    server.iwantaserver.com. 10800        IN          A          192.168.1.2

     

    Received 145 bytes from 127.0.0.1#53 in 3 ms

     

     

    Then in Terminal you should issue this command:

     

    sudo changeip -checkhostname

     

    If it does not say something like this (using our examples still) then you have a problem.

     

    Primary address     = 192.168.1.2

     

    Current HostName    = server.iwantaserver.com

    DNS HostName        = server.iwantaserver.com

     

    The names match. There is nothing to change.

    dirserv:success = "success"

     

    I would make the OS X server to be the DHCP server for your network, you just configure server DHCP put in address range, router & DNS IP address of the server and the search domain and turn it on.

  • 9. Re: Basic DNS Issue and Resolving Addresses
    Shai Shefer Level 1 Level 1 (45 points)

    Thanks again - I've already purchased the book and have this all working using the test methods outlined.  My question may be unrelated to DNS and I may have unwittingly asked the wrong question.

     

    Problem on the server:

    Assuming everything is setup as the scenario you descibed above and I am NOT hosting mail on my server or my main domain (iwantaserver.com).

     

    I would like to be able to type in iwantaserver.com on my server and have it go to the correct host rather than my internal machine. When I go to traceroute this comes up as an unknown host.

     

    Problem on the client:

    My client can only recocognize my server using the IP address of 192.168.1.2.  When I run a lookup for server.iwantaserver.com it goes out and returns my STATIC IP address.  I was hoping to catch these requests as they leave the network and direct them to the server.  I would also like to be able to go to Finder > Go > Connect to server... and be able to type in "server.iwantaserver.com" rather than my IP address to connect.

     

    Those are the two issues I am trying to solve, not sure if directly related to DNS on the server itself or on the router / client.

  • 10. Re: Basic DNS Issue and Resolving Addresses
    FromOZ Level 2 Level 2 (405 points)

    I would like to be able to type in iwantaserver.com on my server and have it go to the correct host rather than my internal machine. When I go to traceroute this comes up as an unknown host.

     

    The DNS name iwantaserver.com rather than some_server.iwantaserver.com is kind of a special DNS case. But irrespective of that when you say you want 'it' to go to correct host, 'correct' is subjective - what you mean I believe is you want to to go to an external IP address, not an internal (the OS X Server machine) address.

     

    There are a couple of ways you can do this the way you go depends on, again, what you want to be 'authoritative'. It sounds like to me that you don't want to have your internal server to be authoritative for your DNS records, or not all of them. The thing is now is that if you followed previous examples then your OS X server is now (for your internal clients) answering all queries for the domain 'iwantaserver.com' except one of the servers/services you want is on the Internet. Because that service/server is not defined in your local DNS your computers don't know where to find it.

     

    So you have two (three actually) choices:

     

    1. Don't use local DNS at all, only use external DNS which means external DNS (authoritative for your domain) will reply with IP addresses. Put list of external DNS servers into your internal DHCP setttings
    2. Use local DNS but don't make it authoritative for any domain, including the one you own. So no zone file in your internal OS X DNS server. Setup forwarding servers in your DNS server, local DNS server will cache queries and forward out ones it doesn't (already) know.
    3. Fudge it a bit - have local DNS server be 'authoritative' (internally) for your own domain and put in record for external resource and put in it's real Internet IP address. You have to be careful to change that IP address if the external Internet address changes.

     

    Depends on what you want to achieve.

     

    This will also fix funny things happening on client.

  • 11. Re: Basic DNS Issue and Resolving Addresses
    Shai Shefer Level 1 Level 1 (45 points)

    Again, thank you.

     

    My major question still remaing how can users connect to my server using the host name rather than IP?

     

    When connecting via AFP the server cannot be found using it's host name but when I put the host name into the borwser the website does come up (again, using trace route I saw this was going out to the static IP outside our network).

     

    To take a step back, does this even matter?  Users can still connect to the server using the sidebar (and I can automount shares) but I always felt that connecting to the server using the IP is "dirty" compared to the host name.

  • 12. Re: Basic DNS Issue and Resolving Addresses
    FromOZ Level 2 Level 2 (405 points)

    My major question still remaing how can users connect to my server using the host name rather than IP?

     

    From where? The Internet or your local LAN? And to what server and service?

     

    If you are talking AFP then that is an 'internal' i.e. LAN service for serving up files, that is file servers are usually inside the LAN network, not on the Internet.

     

    If you want to resolve a DNS name for an AFP file sharepoint (inside the LAN) then you need a DNS server (inside the LAN), that DNS server needs to have a DNS record for the server in question — whatever server it is.

     

    The web site you have is a completely different situation.

     

    It comes down to where are the clients? In the LAN or on the Internet?

    And where are the resources they are accessing? In the LAN or on the Internet?

     

    Wherever clients are they need a DNS server to tell them how to get to the resource — whether in the LAN or the Internet.

     

    So it's back to choice 3 above and add a machine DNS entry for the external (Internet) machine and your internal clients will find it. Chapter 3 in the book goes into full detail on setting this up.

  • 13. Re: Basic DNS Issue and Resolving Addresses
    Shai Shefer Level 1 Level 1 (45 points)

    Ok - Option 3 may have to be the way to go.

     

    One last side question, how do my clients know to hit the server without any reference on wither the client machines or the router?  Does ML server just communicate with the router or monitor all local network traffic?

     

    The server is not referenced in any DNS entries on the network and only the external domain redirect of server.mydomain.com point back to the static ip.  So how does a request to intranet.mydomain.com (which would be a hosted site on our local network with no outside references/redirects) get found by clients?

     

    Thanks again for all your help/clarification.

  • 14. Re: Basic DNS Issue and Resolving Addresses
    Shai Shefer Level 1 Level 1 (45 points)

    Quick note here...

     

    You forget to mention in the guide you referenced that all the users set their DNS records to the server's IP.  This fixes the problem. 

     

    Rather than put the DNS under the Airport (and have it filter down to users) setting the DNS Server on the client directly with the Server's IP allows the user computer to connect to "server.domain.com" and will still allow "mail.domain.com" to resolve to the correct location (non-server hosted mail).

1 2 Previous Next