User profile for user: Brandon Moseley
Brandon Moseley Author
User level: Level 1
20 points

DNS setup with mail server.

rookie question.

Currently I have a single server domain. I am setting up the open directory master and its not entirely new to me, since I come from a windows 2003 server environment I do know a few things about network setup. My biggest pitfall is dns. I want to setup the dns correctly for the local network since I will be adding a mail server in the weeks to come. I would like to know what the best dns setup would be if I will be using a two server configuration with one acting as a mail server. My mail server's outside address will be mail.xyz.com. I have full access to create dns records on our xyz.com host.

Could you please help me.

Brandon Moseley

Posted on Oct 19, 2005 1:20 PM

Reply
6 replies
User profile for user: Robert Foster
Robert Foster
User level: Level 2
211 points

Oct 19, 2005 4:36 PM in response to Brandon Moseley

I am new to DNS also but am in the process of setting up something similar. My feeling would be to have your primary DNS not be the email server since you could then keep that server internal to your firewall. The mail server will presumably be open to the Internet so that should be the secondary DNS server. Apple has excellent Documentation on this if you haven't checked it out yet. Try http://www.apple.com/server/documentation/

The one you want is:
http://images.apple.com/server/pdfs/NetworkServicesv10.4.pdf
Reply
User profile for user: Brandon Moseley
Brandon Moseley Author
User level: Level 1
20 points

Oct 20, 2005 10:25 AM in response to Robert Foster

The goal would be that neither server is open to the internet. Here is what i have for hardware.

The internet is provided via a T1 Modem/router. Our isp gives us 30 static ip addresses. All of which come through on the one router. This router will then be connected to a Linksys/Cisco RV042 VPN router which will be acting as my vpn as well as my firewall. this vpn router will be connected to my gigabit switches along with my servers and clients. The clients will recieve dhcp from the server as well as have their dns servers resolve to the server. I want the clients to return a local address when they type in mail.xyz.com. While the rest of the world gets one of my outside ip's. I will then configure the rules in my firewall to allow the necessary protocols to my mail server. the problem i am running into is in regards to setting up my dns server to give the proper names of outside websites when my clients request them. Normally i would have setup two forwards using the dns servers my isp provides. This however seems to be more difficult in mac.

If you have any suggestions i would love to hear them.
Reply
User profile for user: Robert Foster
Robert Foster
User level: Level 2
211 points

Oct 20, 2005 3:06 PM in response to Brandon Moseley

I'm not sure if I mistook what you said but if the plan is to have two DNS servers than you might try having one that is internal/primary and the second as a secondary using zone transfers from your isp. The primary DNS is setup with firewall rules so that only internal IP addresses get through and all your clients are set to use this DNS server. The other DNS server handles all "external" DNS names.

The problem would be how to link the two DNS servers in some scheme that allows what you intend.

Normally I would say to let the router or the VPN device handle translating of internal to external IP addesses and people outside the firewall would see the DNS records maintained by your ISP.
Reply
User profile for user: Brandon Moseley
Brandon Moseley Author
User level: Level 1
20 points

Oct 21, 2005 6:57 AM in response to Robert Foster

Thats how i want to do it. I want my clients to find mail.xyz.com to be a local address and the rest of the world to see an oustide address. the problem i have right now is if i set my clients to use my server for dns they cannot see the internet. In windows i would have setup forwarders with my isp's dns servers to help with that problem but i can't do that without editing named.conf and zone.conf and i don't know that much about bind. In addition in order for my server to resolve its own name for kereberos correctly i have to setup its network card to use itself for dns. that means it can't see the internet. Is there a way to get kereberos running without setting my server to use itself for dns and do i even need kerberos running.
Reply
User profile for user: Robert Foster
Robert Foster
User level: Level 2
211 points

Oct 21, 2005 10:59 AM in response to Brandon Moseley

Here is another thread that explains how to setup forwarders in the /etc/named.conf file:
http://discussions.info.apple.com/webx?128@@.68b8c8d6

I set mine up the way the last poster indicated and the DNS server is running without problems. I guess it is a bit of a mystery why Apple doesn't provide a means to setup forwarders through Server Admin(without using the command line). Maybe someone else knows why?

Sorry, I don't know about the kerberos question yet...
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

DNS setup with mail server.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up