DNS - Tiger Server 10.4.1

I can't be satisfied with such a hoaky setup... have to figure out correct dns, because I have /27 block of ips, so I have transfer my in-addr.arpo zone to my isp so they can miror it in theirs for reverse lookups to work....

But, thanks to your valid criticism, I have ammended the method, and derived a new way to get the GUI to work. I'm getting ready to try it out after this posting and report back as soon as I verify that it works, but essentially what I plan to do, is create the zones for

mynameserver.com
mynameserver.net
mynameserver.org
mynameserver.info
mynameserver.biz

And still keep this "TLD" structure to my dns... but since this will add "nameserver.tld" to the ends of all the relative names when creating the RRs,--i.e., I will end up with eample1.nameserver.tld, and example2.nameserver.tld

To fix that. I should just have to create addiontal CNAME records to hide the nameserver part.

I'll post back soon with my results

Back to square one.

There just doesn't seem to be a way, without setting myself up as the root nameserver, to get the GUI to create an A or a CNAME record for just the zone name without any "machine" in front of it; i.e., there doesn't seem to be a way to get example and www.example.com resolving correctly, without manually editing named.conf and zone files.

I'm giving up on the gui, for now.

Since I'm only going off of the Mac OS X 10.4 admin PDFs and Apple's Mac OS X support site, I'm not sure I'm getting all y'all straight.

When first setting up a master zone, the ServerAdmin GUI will automatically assign the current server you're working on as the SOA, correct? Isn't this exactly what you want? This IS the primary server afterall.

Also, the manual mentions of a place to type in the IP address of the zone's machine in this same zone creation window - meaning the plane old "example.com" blank hostname host, no?

Then it automatically creates the first NS record with the hostname of the current server you're working on, correct? Isnt' this exactly what you want also? Afterall, this IS the primary master zone server right (which should be FQDN)? Is there an advantage that I don't know of for not having the SOA listed as one of the NS servers?

It's been a while since responding to Celia, and in the interim, I updated to 10.4.2 just in case they had fixed anything...but I still have some problems:

Celia wrote: "Also, the manual mentions of a place to type in the IP address of the zone's machine in this same zone creation window - meaning the plane old "example.com" blank hostname host, no? "

I have tried using the ip address in various configurations, including as the hostname, as a machine name, and as an alias--and each time, it just creates RRs with the ip address -- It hasn't created a "blank host name" yet.

I have also noticed what I think is a bug in every zone file that it creates in /var/named. I am going to retype here the beginning part of a zone file created by the gui, and point out what I think is the error, to see if you agree, and if you get the same results.

My zone file, /var/named/domain.tld.zone :

$TTL 86400
domain.tld. IN SOA machine.domain.tld. email.domain.tld. (
2005mmdd## ; serial
3h ; refresh
1h ; retry
1w ; expiry
1h ) ; minimum
domain.tld. IN NS machine.domain.tld.
machine IN A ip.ip.ip.ip
aliasname IN CNAME machine

So the above is the basic zone file created by the gui. My question, and where I think a bug might be, is why the closing parentheses doesn't come right after "minimum"? Shouldn't it be "1h ; minimum ) " instead of " 1h ) ; minimum"?

There are other issues with tiger's gui as well, such as nearly no control over ptr records and the in-addr.arpa zone.

The conclusion is that the gui must be abandoned for dns... it is editing flat files for dns with tiger. Maybe that's why the "lion" will be king.

It's not a bug.

Everett wrote:

My question, and where I think a bug might be, is why the closing parentheses doesn't come right after "minimum"? Shouldn't it be "1h ; minimum ) " instead of " 1h ) ; minimum"?

This is BIND, not C++ or JavaScript. The colon (;) is the single-line-comment character in BIND, like the double slashes (//) for C++ or JavaScript. It is not the end-of-line character. The end-of-line in BIND is just a carriage return.

Thank you very much. That " );" had been bugging me, and now it makes sense...

I can use the GUI to make www.example.com resolve to ip, but I have yet to get the GUI to make just example.com (blank hostname) resolve to ip...

I checked Network Services10.4 and Web Technologies_Admin10.4 and have yet to find the place you mention about entering ip address instead of hostname and having it create a "blank" hostname...

whenever i use the ip for a hostname, it just makes a machine (A record) for the ip, so that ip.ip.ip.ip.example.com resolves to ip.ip.ip.ip...

it seems like a common setup... having example.com and "www.example.com" resolve to the same number... but how is it done with Tiger's GUI?

Well, according to some people (not me), the Internet does not revolve around the web - when one types in "example.com" it could connect the user to any service running in that zone. But I think as the zone administrator, we should be able to control which machine and service we connect our users to.

BTW, nobody replied to me asking if they have tried the "@" notation or "*" wildcard... it was in a different thread but I see the same people here.

I have tried the wildcards, bud didn't mention them because I didn't get the desired results... tiger's gui won't let me type "@" in any of the hostname or alias fields, however, it does accept the "*", which allows you to use any prefix, www, ftp, whatever before .example.com -- but it doesn't allow for no prefix at all...sadly. Apple finally gave me a case number about this issue... I don't know if that means anything, but if they give me a workaround, I will share it.

All of your problems will be solved if you stop using Server Admin to manage the DNS server and instead download and install Webmin

http://www.webmin.com

don't ask, just do it.

I concur: other than dns, apple's gui meets my needs, and I don't want multiple guis--however, webmin is cool, and I want to use it on a purely darwin server running gnome for it's gui. I can still manually write flat files. My case with Apple about it (granted due to the 90 day support that comes with tiger purchase) resulted in a message that says that the tiger gui cannot accomodate a virtual hosting set up, and that this can only be accomplished by editing BIND manually, and that that isn't covered by the 90 day support, but they would help for $699.

It can probably be inferred from my previous posts that I am from the school of trial and error--much more than trial and success--and, since I am about to write 30 zone files, I would like clarification about one issue with BIND that has confused me for some time. The only way I have ever successfully had both example.com and www.example.com resolving to the same IP was with the following lines in my zone file:

example.com. IN A ip.ip.ip.ip
www IN CNAME example.com.

Is there a way to do this in reverse, and have www as my "A" record, and just the blank hostname "example.com" alias www with the CNAME? I have tried it with and without the trailing period, and never gotten this to work, so I have always had the www as the alias as illustrated above. If there is a more propper way to accomplish this, then I could use a tip before I write 30 zone files incorrectly. The $699 is beyond my budget. Write now I just have the GUI's config, with only www.example.com reaching my sites, and I need to fix this.

To work DNS via command line take a look at O'Reilly's "DNS and BIND" book, this will teach what file does what. As for the GUI I gave up on it and hand edit the files.

That book has been recommended enough, I guess I will have to finally give in and get it... it's worth it for understanding DNS...

As I was editing zone files, I began to dislike the monotony of typing the same things over and over again, and having to run named-checkzone everytime to catch late night omissions of ";" or trailing "." and so decided for the first time to use php on the command line -- I've been using it only as cgi -- and I found it not too difficult to make a script that makes my zone files for me with arguments that are passed in $argv !

Now adding new zones is automated again! Are there any security risks having php zone "templates"? As long as the php script is owned by root and executable ownly by owner, it should be safe right?

I had the same Problem with the Server Admin added DNS records and also talked to Apple. They told me, that the solution to this Problem is only available with enterprise support. But I found a solution by myself. Of course you can't user the Server Admin GUI App, but you can Use the XML Interface available at port 311.

Here is the XML Request for adding a "REAL and FULL" Domain

http://85.10.238.66/download/dnsconfig.txt

Cna you explain a bit more how you would use the XML Interface on port 311 to accomplish this?