Previous 1 2 3 Next 31 Replies Latest reply: Aug 16, 2005 4:29 PM by Markus Klein1 Go to original post
  • Celia Wessen Level 4 (1,155 points)
    If you have yourself setup as the root server, you may bring down part of your ISP's network. Make sure that your DNS servers do not transfer any data to the
  • Everett Fuller Level 2 (275 points)
    I can't be satisfied with such a hoaky setup... have to figure out correct dns, because I have /27 block of ips, so I have transfer my in-addr.arpo zone to my isp so they can miror it in theirs for reverse lookups to work....

    But, thanks to your valid criticism, I have ammended the method, and derived a new way to get the GUI to work. I'm getting ready to try it out after this posting and report back as soon as I verify that it works, but essentially what I plan to do, is create the zones for

    And still keep this "TLD" structure to my dns... but since this will add "nameserver.tld" to the ends of all the relative names when creating the RRs,--i.e., I will end up with eample1.nameserver.tld, and example2.nameserver.tld

    To fix that. I should just have to create addiontal CNAME records to hide the nameserver part.

    I'll post back soon with my results
  • Everett Fuller Level 2 (275 points)
    Back to square one.

    There just doesn't seem to be a way, without setting myself up as the root nameserver, to get the GUI to create an A or a CNAME record for just the zone name without any "machine" in front of it; i.e., there doesn't seem to be a way to get example and resolving correctly, without manually editing named.conf and zone files.

    I'm giving up on the gui, for now.
  • Celia Wessen Level 4 (1,155 points)
    Since I'm only going off of the Mac OS X 10.4 admin PDFs and Apple's Mac OS X support site, I'm not sure I'm getting all y'all straight.

    When first setting up a master zone, the ServerAdmin GUI will automatically assign the current server you're working on as the SOA, correct? Isn't this exactly what you want? This IS the primary server afterall.

    Also, the manual mentions of a place to type in the IP address of the zone's machine in this same zone creation window - meaning the plane old "" blank hostname host, no?

    Then it automatically creates the first NS record with the hostname of the current server you're working on, correct? Isnt' this exactly what you want also? Afterall, this IS the primary master zone server right (which should be FQDN)? Is there an advantage that I don't know of for not having the SOA listed as one of the NS servers?
  • Everett Fuller Level 2 (275 points)
    It's been a while since responding to Celia, and in the interim, I updated to 10.4.2 just in case they had fixed anything...but I still have some problems:

    Celia wrote: "Also, the manual mentions of a place to type in the IP address of the zone's machine in this same zone creation window - meaning the plane old "" blank hostname host, no? "

    I have tried using the ip address in various configurations, including as the hostname, as a machine name, and as an alias--and each time, it just creates RRs with the ip address -- It hasn't created a "blank host name" yet.

    I have also noticed what I think is a bug in every zone file that it creates in /var/named. I am going to retype here the beginning part of a zone file created by the gui, and point out what I think is the error, to see if you agree, and if you get the same results.

    My zone file, /var/named/ :

    $TTL 86400
    domain.tld. IN SOA machine.domain.tld. email.domain.tld. (
    2005mmdd## ; serial
    3h ; refresh
    1h ; retry
    1w ; expiry
    1h ) ; minimum
    domain.tld. IN NS machine.domain.tld.
    machine IN A ip.ip.ip.ip
    aliasname IN CNAME machine

    So the above is the basic zone file created by the gui. My question, and where I think a bug might be, is why the closing parentheses doesn't come right after "minimum"? Shouldn't it be "1h ; minimum ) " instead of " 1h ) ; minimum"?

    There are other issues with tiger's gui as well, such as nearly no control over ptr records and the zone.

    The conclusion is that the gui must be abandoned for dns... it is editing flat files for dns with tiger. Maybe that's why the "lion" will be king.
  • Celia Wessen Level 4 (1,155 points)
    It's not a bug.

    Everett wrote:
    My question, and where I think a bug might be, is why the closing parentheses doesn't come right after "minimum"? Shouldn't it be "1h ; minimum ) " instead of " 1h ) ; minimum"?

    This is BIND, not C++ or JavaScript. The colon (;) is the single-line-comment character in BIND, like the double slashes (//) for C++ or JavaScript. It is not the end-of-line character. The end-of-line in BIND is just a carriage return.
  • Everett Fuller Level 2 (275 points)
    Thank you very much. That " );" had been bugging me, and now it makes sense...

    I can use the GUI to make resolve to ip, but I have yet to get the GUI to make just (blank hostname) resolve to ip...

    I checked NetworkServices10.4 and WebTechnologies_Admin10.4 and have yet to find the place you mention about entering ip address instead of hostname and having it create a "blank" hostname...

    whenever i use the ip for a hostname, it just makes a machine (A record) for the ip, so that resolves to ip.ip.ip.ip...

    it seems like a common setup... having and "" resolve to the same number... but how is it done with Tiger's GUI?
  • Celia Wessen Level 4 (1,155 points)
    Well, according to some people (not me), the Internet does not revolve around the web - when one types in "" it could connect the user to any service running in that zone. But I think as the zone administrator, we should be able to control which machine and service we connect our users to.

    BTW, nobody replied to me asking if they have tried the "@" notation or "*" wildcard... it was in a different thread but I see the same people here.
  • Everett Fuller Level 2 (275 points)
    I have tried the wildcards, bud didn't mention them because I didn't get the desired results... tiger's gui won't let me type "@" in any of the hostname or alias fields, however, it does accept the "*", which allows you to use any prefix, www, ftp, whatever before -- but it doesn't allow for no prefix at all...sadly. Apple finally gave me a case number about this issue... I don't know if that means anything, but if they give me a workaround, I will share it.
  • mfrog Level 4 (3,125 points)
    All of your problems will be solved if you stop using Server Admin to manage the DNS server and instead download and install Webmin

    don't ask, just do it.
  • Cory Cooper Level 4 (3,495 points)

    I appreciate your post...Webmin is a nice "solution", I have used it myself.

    The problem is...we want to use the GUI...and they have changed it and made it so difficult from the way it was. Personally, I don't want a third-party solution, I want Apple to listen to their users and correct the issue to make it useable again...that's why it's there.

  • Everett Fuller Level 2 (275 points)
    I concur: other than dns, apple's gui meets my needs, and I don't want multiple guis--however, webmin is cool, and I want to use it on a purely darwin server running gnome for it's gui. I can still manually write flat files. My case with Apple about it (granted due to the 90 day support that comes with tiger purchase) resulted in a message that says that the tiger gui cannot accomodate a virtual hosting set up, and that this can only be accomplished by editing BIND manually, and that that isn't covered by the 90 day support, but they would help for $699.

    It can probably be inferred from my previous posts that I am from the school of trial and error--much more than trial and success--and, since I am about to write 30 zone files, I would like clarification about one issue with BIND that has confused me for some time. The only way I have ever successfully had both and resolving to the same IP was with the following lines in my zone file:
 IN A ip.ip.ip.ip
         www IN CNAME

    Is there a way to do this in reverse, and have www as my "A" record, and just the blank hostname "" alias www with the CNAME? I have tried it with and without the trailing period, and never gotten this to work, so I have always had the www as the alias as illustrated above. If there is a more propper way to accomplish this, then I could use a tip before I write 30 zone files incorrectly. The $699 is beyond my budget. Write now I just have the GUI's config, with only reaching my sites, and I need to fix this.
  • Steve Krawcke Level 3 (640 points)
    To work DNS via command line take a look at O'Reilly's "DNS and BIND" book, this will teach what file does what. As for the GUI I gave up on it and hand edit the files.
  • Everett Fuller Level 2 (275 points)
    That book has been recommended enough, I guess I will have to finally give in and get it... it's worth it for understanding DNS...

    As I was editing zone files, I began to dislike the monotony of typing the same things over and over again, and having to run named-checkzone everytime to catch late night omissions of ";" or trailing "." and so decided for the first time to use php on the command line -- I've been using it only as cgi -- and I found it not too difficult to make a script that makes my zone files for me with arguments that are passed in $argv !

    Now adding new zones is automated again! Are there any security risks having php zone "templates"? As long as the php script is owned by root and executable ownly by owner, it should be safe right?
  • Markus Klein1 Level 1 (15 points)
    I had the same Problem with the Server Admin added DNS records and also talked to Apple. They told me, that the solution to this Problem is only available with enterprise support. But I found a solution by myself. Of course you can't user the Server Admin GUI App, but you can Use the XML Interface available at port 311.

    Here is the XML Request for adding a "REAL and FULL" Domain