jabraham

Q: DNS settings for intranet server not being a DNS

I have an OS X server that provides some local services on the local subnet (behind a NAT).  We moved to a new office and installed a new firewall / local DNS, and all the other machines can resolve local machine names.  But the OS X Server just resolves them all to the gateway/firewall machine, instead of resolving them to local machines.

 

If I turn off the Server App DNS, the names resolve.  But I seem to remember that I'm not supposed to turn off the OS X server's DNS, rather set it up to forward requests to the Gateway.  Sadly the Google Machine isn't helping me, because every google phrase I can think of about OS X Server and DNS settings explain how to use your OS X Server as a DNS server for the machines on your network -- which is not what I want to do!

 

What I think should work is listing the Gateway as a forwarding server, and then telling the OS X machine to "Perform lookups for only some clients" and selecting "The Server Itself" in the "Edit Lookup Clients" dialog.  But that doesn't work.

 

Any help appreciated, thanks.

Posted on Sep 13, 2016 4:11 PM

Close

Q: DNS settings for intranet server not being a DNS

  • All replies
  • Helpful answers

  • by chattphotos,

    chattphotos chattphotos Sep 14, 2016 6:00 AM in response to jabraham
    Level 4 (2,442 points)
    Desktops
    Sep 14, 2016 6:00 AM in response to jabraham

    Two things you must do:

    You need to setup the host/domain name on the server and/or point the DNS address in Network Preferences to 127.0.0.1

     

    Once you tell the server to do lookups in it's own cache/internet recursive to 8.8.8.8 *or your public dns server here* then it will stop forwarding requests to the gateway.

    Then set your DHCP server to serve the IP address(es) of the DNS servers (10.0.0.5) to clients.


    Example:

    *Client DHCP address request*
    10.0.0.10 -IP
    255.255.255.0 -Mask
    10.0.0.1 - Gateway
    10.0.0.5 - DNS


  • by jabraham,

    jabraham jabraham Sep 14, 2016 7:06 AM in response to chattphotos
    Level 1 (14 points)
    Servers Enterprise
    Sep 14, 2016 7:06 AM in response to chattphotos

    chattphotos wrote:

     

    Once you tell the server to do lookups in it's own cache/internet recursive to 8.8.8.8 *or your public dns server here* then it will stop forwarding requests to the gateway.

    Hmm, but I want the requests to go to the gateway, that's the machine that knows the local IP addresses of the local machines.  If I'm on the OSX server machine and type "ping a_local_machine" it just pings the Gateway, but what it should do is lookup the local IP address of a_local_machine on the gateway, and then ping the IP address of a_local_machine.

  • by chattphotos,

    chattphotos chattphotos Sep 14, 2016 7:22 AM in response to jabraham
    Level 4 (2,442 points)
    Desktops
    Sep 14, 2016 7:22 AM in response to jabraham

    Lets start with project goals:

    What is your main DNS server?
    Which server do you want to be your main DNS server? (to handle LAN hostnames and internet URL queries)

     

    Also, replace 8.8.8.8 with *gateway IP*

    This will have the server lookup in it's cache for computer hostnames.

     

    Lastly, can you post some screenshots?

    It sounds like there's a proxy server in the mix...

  • by John Lockwood,Helpful

    John Lockwood John Lockwood Sep 15, 2016 7:10 AM in response to jabraham
    Level 6 (9,349 points)
    Servers Enterprise
    Sep 15, 2016 7:10 AM in response to jabraham

    jabraham wrote:

     

    chattphotos wrote:

     

    Once you tell the server to do lookups in it's own cache/internet recursive to 8.8.8.8 *or your public dns server here* then it will stop forwarding requests to the gateway.

    Hmm, but I want the requests to go to the gateway, that's the machine that knows the local IP addresses of the local machines.  If I'm on the OSX server machine and type "ping a_local_machine" it just pings the Gateway, but what it should do is lookup the local IP address of a_local_machine on the gateway, and then ping the IP address of a_local_machine.

    What you appear to be describing here is doing DNS lookups of client computers. The Apple DNS server is intended only for doing DNS for the equivalent of servers that is devices with static IP addresses.

     

    For clients a different type of DNS system is normally used which Apple called 'Bonjour' but is also known as multicast DNS aka. mDNS. This uses the special domain name of .local so to lookup a local client Mac called 'Bills-Mac' you would do a DNS query for Bills-Mac.local this would not actually go via the gateway nor would it go via the Mac server, it uses 'multicast' network traffic and the Mac called Bills-Mac would answer itself.

     

    Another different approach is 'dynamic DNS'. With this a client computer gets a TCP/IP address via DHCP as normal, however the DHCP server then tells the DNS server the TCP/IP address for that computer. The DNS server then automatically i.e. 'dynamically' updates its record for that computer. As standard Apple's DNS server does not support this 'dynamic DNS' method. In theory it is possible to manually configured and enable this but Apple's own DHCP server also does not support this. This setup is far more common when you use Active Directory with a Microsoft server, in fact Active Directory requires this. Microsoft's DHCP and DNS servers therefore do of course support this and use it as standard since Active Directory requires it.

  • by jabraham,

    jabraham jabraham Sep 15, 2016 7:12 AM in response to John Lockwood
    Level 1 (14 points)
    Servers Enterprise
    Sep 15, 2016 7:12 AM in response to John Lockwood

    That all makes sense John, but I don't want to use Bonjour or dynamic DNS or anything like that.  I just want the DNS service on OSX Server to resolve only one IP address, the IP address of the OSX Server box itself.  I want all other DNS requests to go out to the gateway box, to be resolved to IP addresses by that box. It only has to resolve requests coming from within the same machine.  All other machines are already sending their DNS requests to the gateway, and resolving correctly.

     

    I really appreciate the information on mDNS and the info on Active Directory integration, it may come in very handy soon, for the next problem.  But it doesn't help me with my current problem: setting up my OSX server to only do DNS for one machine (itself), and forwarding all other DNS requests to the linux gateway box, which knows how to resolve local machines IPs, since it has assigned those IPs.

  • by dwbrecovery,

    dwbrecovery dwbrecovery Sep 15, 2016 8:13 AM in response to jabraham
    Level 3 (596 points)
    Servers Enterprise
    Sep 15, 2016 8:13 AM in response to jabraham

    Hi jabraham,

    Suggest:

    - Check that you have the DNS service in the "ON" state within the Server app

    - Under DNS -> Lookups, select "Perform lookups for:" "the Server itself", and "Clients on the local network"

    - Configure DNS -> Forwarding Servers to the ip's of the machine to handle external resolution.

     

    - The clients need to have a DNS Server setting to the ip of the OS X Server running the DNS Service.

     

    hope this helps, dwbrecovery