Pierre Froelicher1

Q: access server within domain not working

When I am within my domain I want to access my server.

However its hostname server.mydomain.com does not work.

 

In Terminal hostname gives server.mydomain.com

 

nslookup server.mydomain.com

give the right IP

 

nslookup 10.0.xxx.xx ..the IP number reverses to server.mydomain.com.

 

But if I put in afp://server.mydomain.com

it does not work.

 

I have to put in the ip number..

 

This worries me because it is not expected behavior.

 

WHY?

Pierre

Mac mini Server (Mid 2010), OS X Server

Posted on Feb 3, 2016 4:18 PM

Close

Q: access server within domain not working

  • All replies
  • Helpful answers

Page 1 Next
  • by Storm89161,

    Storm89161 Storm89161 Feb 3, 2016 4:58 PM in response to Pierre Froelicher1
    Level 1 (9 points)
    Feb 3, 2016 4:58 PM in response to Pierre Froelicher1

    Maybe you're ssl certs arent certified. You can buy one from a certification authority or be your own and use openssl and many other methods.

     

    You see the internet wants to be safe so they want to make sure someone will never fake as your domain. This means certs must be used to show another device that you are who you say you are.

  • by SBeattie2,

    SBeattie2 SBeattie2 Feb 3, 2016 6:17 PM in response to Pierre Froelicher1
    Level 2 (185 points)
    Servers Enterprise
    Feb 3, 2016 6:17 PM in response to Pierre Froelicher1

    When you say "put in afp://server.mydomain.com" are you referring to using the Go - Connect to Server menu item in Finder - or are you trying to enter the afp://server.mydomain.com in some other location where it is expecting a hostname and not a URL?  Basically - if nslookup is giving you the correct results - both forward and backward - then your DNS is probably working.  I can give a better answer if I know exactly where you are trying to enter the server host name.

     

    Also - on the client Mac - make sure that your 10.0.x.x server IP is listed as the first DNS server in Network settings on the client side as well (if your router isn't already automatically handing out 10.0.x.x as the first DNS server.

     

    The default self-signed server certificates should work for all functionality - and I don't believe an AFP file share uses a certificate.

     

    ~Scott

  • by Pierre Froelicher1,

    Pierre Froelicher1 Pierre Froelicher1 Feb 4, 2016 2:47 AM in response to Storm89161
    Level 1 (118 points)
    Servers Enterprise
    Feb 4, 2016 2:47 AM in response to Storm89161

    STorm, thanks for the reply...

    no...it can't be that because above all we have a valid certificate. Also I think it would not interfere diferently if you accssed the server via IP or hostname.

    pierre

  • by Pierre Froelicher1,

    Pierre Froelicher1 Pierre Froelicher1 Feb 4, 2016 2:59 AM in response to SBeattie2
    Level 1 (118 points)
    Servers Enterprise
    Feb 4, 2016 2:59 AM in response to SBeattie2

    SCott, thank you for the reply,

     

    Yes, I try to access in the finder with the GO command. But also in other places like defining the directoy server for network access the hostname would not work.

    for my domain I have given the serve s IP as Nameserver, I think in the Router I give some outside Servers, for VPN I give the routers address as dns server.

     

    Do you think I should put the internal server IP as first choice in the router?? 

    I Already give there mydomain.con as searchdomain.

    YOurs Pierre

  • by Pierre Froelicher1,

    Pierre Froelicher1 Pierre Froelicher1 Feb 4, 2016 5:35 AM in response to Pierre Froelicher1
    Level 1 (118 points)
    Servers Enterprise
    Feb 4, 2016 5:35 AM in response to Pierre Froelicher1

    Scott,

    I just looked it up.

     

    My router is at 10.0.xx.1 (he is the gateway to internet, has two dns entries 8.8.8.8 and some local brazilian one

    My host is at 10.0.xx.10 (he is the NS for my domain.com, he as as forwarding server two outside server

    If I put 10.0.xx.10 as the DNS server in client machines it works.

    Clients all have 10.0.xx.1 (the router) as DNS server.

     

    My router is at 10.0.xx.1 (he is the gateway to internet, has two dns entries 8.8.8.8 and some local brazilian one

    My host is at 10.0.xx.10 (he is the NS for my domain.com, he as as forwarding server two outside server

     

    The clients all pull the Router as dns server.

     

    I do not want to go to each client and pt 10.0.xx.10 in the DNS field.

    Can I make it centrally in the Router (which is a AEBS)?

    Yours

    Pierre

  • by SBeattie2,Solvedanswer

    SBeattie2 SBeattie2 Feb 4, 2016 8:26 AM in response to Pierre Froelicher1
    Level 2 (185 points)
    Servers Enterprise
    Feb 4, 2016 8:26 AM in response to Pierre Froelicher1

    Yes - you want to put the local OS X Server IP as the first server in the router's DHCP settings - so that every client will receive the correct list of DNS servers.  In this case you would set the router's DHCP DNS settings to 10.0.x.x, 8.8.8.8  (don't worry about the Brazilian DNS server here).  This will result in every client computer/device receiving the correct two DNS server IP addresses.

     

    On the client computer(s) - you don't need to change anything - other than maybe they need to renew their DHCP leases or have them reboot.

     

    On the network settings of the OS X Server Mac - make sure that you specify 127.0.0.1, 8.8.8.8 as the DNS.  The OS X Server itself (will use its own loopback address).  Theoretically you should just use 127.0.0.1 (and only have the local loopback here).  You can try both ways.

     

    In the DNS Setup screen of Server.app - for forwarding servers you can specify 8.8.8.8 and your (brazilian DNS).  Keep in mind that forwarding servers are not required.  See below how resolution works when one or more forwarders are specified>

     

    With no forwarders:  The OS X Server DNS server will look in its cache - if the cache does not return a result - OS X server will determine if it is authoritative for the requested domain - if so - it will get the answer locally.  For any other domain - OS X Server will resolve the query by actually going to the root servers and will provide a response - which it will then cache.  Depending on your typical DNS queries - it could be more efficient than using a forwarder.

     

    With forwarders specified: The OS X Server DNS server will look in its cache - if the cache does not return a result - OS X server will determine if it is authoritative for the requested domain - if so - it will get the answer locally.  For any other domain - OS X Server will consult the first forwarder to resolve the query.  If the forwarder is responding - it will return a success or fail result.  If first forwarder not responding - the second server will be consulted.  Resolution stops when one of the servers provides a success or fail response.

     

    The important thing to realize with the forwarders - is that "if forwarders are specified - only the forwarders are used to resolve external names - the local OS X Server DNS Server will not consult the root servers.  If the forwarders aren't accessible or if they don't don't the answer - the query terminates.

     

    My description of the resolution process may not be 100% correct - but the concept of what happens with forwarders was the point I was trying to make.

     

    Basically - you should experiment by using forwarders and not using forwarders - to determine which is more efficient - it may not be immediately obvious.

     

    One last thing:  You should make sure that port 53 (the DNS port) is closed on your router.  You don't want your private DNS server accessible to the public - as this can cause problems.  (if you believe you have a need to open port 53 on your router - please explain the reasoning for doing so).

     

    ~Scott

  • by Pierre Froelicher1,

    Pierre Froelicher1 Pierre Froelicher1 Feb 4, 2016 11:52 AM in response to SBeattie2
    Level 1 (118 points)
    Servers Enterprise
    Feb 4, 2016 11:52 AM in response to SBeattie2

    Scott

    thanks a lot. This solved all my problems. No forward servers. In the router the ip of the NS of my domain.

     

    I always thought (split horizon) that the router should only point outside the domain. But having the NS as first entry solved all my problems.

    Thank you soooo much :-)

    Pierre

  • by Pierre Froelicher1,

    Pierre Froelicher1 Pierre Froelicher1 Feb 10, 2016 10:00 AM in response to SBeattie2
    Level 1 (118 points)
    Servers Enterprise
    Feb 10, 2016 10:00 AM in response to SBeattie2

    Scott..

    ..it solved nearly all of my problems.

    IF in the router AEBS I put the NS as a DNS server.... the "guest network" cannot connect to the internet anymore.

     

    An AEBS gives you the option to offer an 'guest network" with another Ip pool so people can access internet but do not see all your devices on you internal net.

     

    However they use the same router (the aEBS).. If in that router I name an DNS server with an internal ip of my network...their DNS does not work.

    Even if I put first 8.8.8.8 and the 10.0.xxx.xx (my internal NS) it would not work.

    Any suggestions?

  • by MrHoffman,

    MrHoffman MrHoffman Feb 10, 2016 2:48 PM in response to Pierre Froelicher1
    Level 6 (15,637 points)
    Mac OS X
    Feb 10, 2016 2:48 PM in response to Pierre Froelicher1

    I'd leave off all references to all DNS servers located off your NAT'd network — reference just your local DNS server(s) — in static IP configurations, as well as in DHCP configurations.    The order of DNS servers used by DHCP clients is not deterministic, not particularly standardized, and the behavior and processing of a list of DNS servers acquired with a DHCP-provided IP address has changed across (among other platforms) OS X.

  • by khaled80024059,

    khaled80024059 khaled80024059 Feb 10, 2016 3:11 PM in response to MrHoffman
    Level 1 (0 points)
    Feb 10, 2016 3:11 PM in response to MrHoffman

    Problem is not solved and I Beltgarat I do not know you change the iPhone several times and his mis Followers Please edit the port and fix bugs me scared cause danger in the future

  • by khaled80024059,

    khaled80024059 khaled80024059 Feb 10, 2016 3:14 PM in response to khaled80024059
    Level 1 (0 points)
    Feb 10, 2016 3:14 PM in response to khaled80024059

    Give all the powers to amend the system please.

  • by khaled80024059,

    khaled80024059 khaled80024059 Feb 10, 2016 3:28 PM in response to Pierre Froelicher1
    Level 1 (0 points)
    Feb 10, 2016 3:28 PM in response to Pierre Froelicher1

    I work in a telecommunications company Is this causes me a problem. Please explain the problem and how to modify Is my observer from someone or a competent authority Can I amend the rules of how it works and what are the risks of service

  • by Pierre Froelicher1,

    Pierre Froelicher1 Pierre Froelicher1 Feb 11, 2016 4:12 AM in response to MrHoffman
    Level 1 (118 points)
    Servers Enterprise
    Feb 11, 2016 4:12 AM in response to MrHoffman

    MR hoffmann

    Do you mena that in the router I give only the local NS and there I give some outside Servers...or nothing

     

    YOu di understand that everything worked EXEPT the guest network, when I put the local NS ip and 8.8.8.8 in the DNS setting of the router.

     

     

    ROuter 10. 0.117.1, dns 10.0.117.10

    NS 10.0.117.10, forwarding server..? some outsider? or nothing?

     

    guest network 172.0.1./24

    thanks for your reply!

    PIerre

  • by MrHoffman,Helpful

    MrHoffman MrHoffman Feb 11, 2016 11:54 AM in response to Pierre Froelicher1
    Level 6 (15,637 points)
    Mac OS X
    Feb 11, 2016 11:54 AM in response to Pierre Froelicher1

    The only widget on your network that should be contacting other DNS servers is your own DNS server(s).  If other boxes are picking from the list of DNS servers, some may be be picking from the list of servers and getting a DNS server that won't resolve local DNS names. 

     

    Guest networks are somewhat more complex, I usually prefer to isolate those via physical switch or VLAN or DMZ, and in these configurations, vending only the addresses of public DNS servers or of a DNS resolver that might be available in your gateway box can be entirely appropriate.  This unless you have local devices in the guest network, or want some way to refer to the gateway or other devices that guest might want or need to access; guest printers, for instance.

     

    FWIW (and I don't know what you're using for the guest network), the Apple AirPort and Apple Time Capsule do not do work very well with a guest network when local servers are involved.   Those devices — at least in all of the firmware versions I've checked — don't have any way to differentiate DNS services between guest and non-guest networks.  I much prefer a slightly higher-end box as the gateway, in any case.   (I haven't looked to see whether the OS X Server DHCP server can vend different DNS addresses, but I suspect it can.   But you probably don't want to allow access to your server from the DNS server — as that tends to open up rather more access than just DHCP — and which then means using some other DHCP server that is accessible within the guest network.)

     

    I'd probably park the guest network in another subnet of the 10.0.0.0/8 block, but that's personal preference.   FWIW, 172.0.1.0/24 is a public IP block and (based on a quick look) assigned to sbcglobal.net, and is not a private IP address block.   You were undoubtedly aiming for 172.16.0.0/16 here, which is a private address block.

     

    My preference here is the ZyXEL ZYWALL USG series, which are comparatively inexpensive and quite capable and consistent, though the USG series are not "introductory" networking devices, and do expect the gateway administrator to have some familiarity with IP and subnets and routing, with VPNs, and with DMZs.  (I have no financial links with ZyXEL here, beyond having purchased various products.)

     

    khaled80024059, I do not understand your question or your concern, nor whether your question is related to OS X Server and its associated DNS server configurations.   If you were seeking to ask a question or to raise a concern with DNS or with iPhone devices, I'd suggest starting your own topic here in the Apple discussion forums, and please consider providing some more background information and a longer description of the problem(s) or issue(s) you are encountering.   Thanks!

Page 1 Next