Well.... it means taking down a live service....
I'm looking for the knowledge to directly delete all DNS files and turn off all DNS processes and start anew.... with default settings.... I was hoping....assuming that using changeip plus a few other command lines would clean house so I could restart the DNS service and add the DNS records again...
That's my hope.
Are currently configured Services (running or not) set to use the domain you ultimately want?
If yes then you should be able to do this using the interface without any need to use the command line.
Before you try what follows (read it carefully first) I would make sure you have a fully working bootable clone of the server as it exists now. That way you could at least roll back to where you are now. Not perfect but you'll know that some things are at least working.
Remove the server entry in Server Admin and re-add it this time using its .local name (eg: server.local). If its already using this try its IP address instead or its loopback address. Once Server Admin has refreshed itself select the DNS Service and stop it. Delete whatever is there. Remove the Server's IP Address from the DNS Server's field in the Network Preferences Pane. Reinstate either the Router IP Address or your ISP DNS Server Addresses.
As an added precaution and only if the current domain (Kerberos Realm and Search Base) is as you want it to be Archive the LDAP Database. In addition export all your Users & Groups. If Users had Calendars prior to do any of this export their calendars from their iCal Clients. Save them locally for re-importing later on.
Quit out of Server Admin, launch and try to connect to it again. Hopefully you'll be able to do so. If its successful quit it again and now make sure the Server is fully up to date.
Once its fully up to date launch Server Admin and begin to build the DNS Service. You could use these instructions if you like:
For example you could use the relevant part that refers to DNS. It's your choice.
Once the DNS Service has been configured and started, remove whatever DNS Server IP addresses you placed in the Server's Network Preferences Pane and replace with the Server's own IP Address. You don't need anything else. Disable IPv6 whilst you're there.
Use the usual command line utilities to test and qualify the DNS Service. Once you're happy launch a web browser and see if you can connect to the internet. If that bit is working quit out of the browser and begin configuring your other services that rely on DNS. If you've clients that have been joined using the LDAPv3 plug-in remove the setting and re-do it. Make sure the edu.mit.Kerberos file is removed from /Library/Preferences.
Open Directory, SUS, iCal etc work best if the clients are using the Server to resolve their DNS. I would disable IPv6 on your clients as well. Ultimately you may still be looking at a rebuild anyway?
Hopefully this helps?
PS: I have tried the above successfully for 10.4 and 10.5 a few times and it has worked. The key is to be patient. Even when SA seems like its not responding stick with it.
Thank you for you following along....
I followed the recommended approach but don't get very far.
Each time I delete anything from the zones area ( forward or reverse record ) and then hit "SAVE" everthing comes back. It does not matter what order I delete things or what combination, it always comes back. The problematic REVERSE record is one that cooresponds to
The serveR has a fixed IP which is 10.0.1.100. Traffic comes to this machine via forwarding from a router for a public IP and naturally I reach it directly via private ip.
Is Open Directory forcing the zone to exist to maintain kerboros? Don't know.
I just want to turn off all services that might be interfering and reset DNS to default and then configure DNS from an empty situation.
There must be a way....
FYI: The error dialog that arises each time I SAVE the zone changes whether the DNS Service is on or not is:
"*Uncaught exception raised in DNS client-side plugin.*
Sorry but the feature you tried to access cannot be use. Exception is:
in updateConfigurationViewFromDescrition: NSGenericException * Collection <_NSFaultingMutableSet: 0x8504860> was mutated while being enumerated."
sudo serveradmin stop dns
will stop the service; man serveradmin for usage. Amongst other things DNS is required to build the Kerberos Realm and for LDAP itself its pretty extensive. More than anything it provides Server Stability. If DNS was poorly configured in the first place it could account for a whole host of problems you may or may not have been having with the server generally, other services and especially LDAP.
I don't like advising people to edit config files directly however you could look editing the zone(s) directly? Look at /var/named/zones, /etc/named.conf and /etc/dns. Try not to use the Finder. Use nano, pico or if you must use a text editor; TextWrangler.
Do so at your own risk. As already mentioned it might be best (and quicker) if you started again? I know its not what you want to hear but It's your decision. Apart from what I've offered you've had no other takers. Probably because they feel the best advice would be to start from scratch?
Sorry I could not help.
Hi again Tony,
Thank you for your comments.
One more note in case it helps fame the discussion: DNS was working fine for about a year before I needed to move this server from one zone to another about a month ago. Previously it was in the 192.168.0.x private IP space. I moved it to be a server that is directly connected to public router but outside my LAN address space ( 192.169.x.x ) The router sends it traffic based on forwarding for the necessary ports for the publicly available services. Those services use Open Directory for authentication without any problems.
Included Publicly Available Services are
FileMaker Server ( with OD authentication ),
Web ( with iCal & WebObjects calls & subversion)
Other than DNS all things seem to be well behaved.
That is what is killing me....
All indications are the the DNS processes are indeed stopped. I don't have a problem with that.....it is that I can't change them.... without getting the error. thus I cannot configure and use the dns service and things like Mail service.
Thank you for your assistance.
What version of Server did you move from, 10.4 ?
10.5 Server does not use identical files/file hierarchy for DNS.
You can see this by reading /etc/named.conf (use
or nano or vi or emacs)
note the statement:
within the options section.
Don't change that. Instead, modify/update your migrated configs to match the layout and formatting of those generated by Server Admin.
Use Server Admin to delete your DNS setup **
Use Pacifist to extract the default file(s). Copy that to your server, ensure permissions & ownership are correct.
Start over with your DNS configuration.
* Please NOTE: If no other DNS servers are correctly answering queries for your server/services, then expect multiple problems to occur as a result of disabling DNS. I would recommend shutting off most or all other services first, but you cannot readily do so for Open Directory - nor should you attempt to do so without fully knowing what you're doing already.
Thank you for the reply David,
To start, move was a physical and network move not a migration.
All issues are with a more or less work Leopard Server Installation....
Long ago... perhaps two years now... it was a Tiger Server but that is not part of the problem
Now to the point - using Server Admin I cannot delete my DNS setup... see above error message.
I would LOVE TO start over with my DNS configuration but I am being stopped by something refusing to allow deletion of DNS setup even when the DNS service is not turned on....
You are totally right about Open Directory.... I would love to turn all services off except Open Directory and then delete ALL DNS configuration files and startover.... that is what I am in need to help doing....
The critical problem is that I cannot find a way to delete the current DNS setup as odd as that seems..... Someplace in the server there is a process that is stopping me..... Can you help me discover what process is revertly my DNS delete instructions?
You'll need to shut off DNS via
as Tony demonstrated above.
Then you need to restore the Apple-default files. Check & correct any incorrect permissions and ownership.
If you want to be more granular, you could try using fs_usage or any of the dtrace-related tools provided with 10.5, to try to track exactly what file is being parsed when the error occurs.
But a walk-through of that is beyond the scope of this forum. My sincere hope is, you'll persevere and pursue the info I've shared/pointers I've mentioned.
It's possible, just takes some drive.
Best of luck !
Thank for your reply,
Can I post a video or send you a video showing my faithfully doing as you have suggested?
It appears I am not believed.
DNS IS OFF.
but I still cannot change the DNS settings in Server Admin. Server Admin hiccups and reverts back to the bad settings that I am trying to delete.
If I delete named.conf, and ? and restart plus ??? plus use sudo changeip plus ??? + what else do I need to do to clean house and make the server completely forget a bad IP.... with only one expection.... I'd really like to save my Open Directory settings....
I have backups.
I have command line experience.
I'm not afraid of advice or damaging anything....
I've had this server with apparently "no problems" except the DNS for more than a month.
I have tried a lot of things over many hours, days, now weeks but cannot unlock DNS service - thus I write.
Please feel free to send the logical
We could really clean house by starting with
plus a big magnetic to the harddrive plus a 1000KV to the power supply
but there must be someone that knows a trick...
any ideas will help.
I think you're looking for a one-shoe-fits-all, or one answer to rule them all, kind of response.
The reality is that that's often quite specifically -not- the case.
Instead, I've tried to supply you with some tips to determine specifically where Server Admin is tripping up.
We don't know everything that's happened with your server or when and why, even if you feel certain that you've done nothing to cause the problem (and that could well be the case) - we don't know and can't know, from what you've conveyed.
Something as seemingly benign as running a mismatched SA (Server Admin) version from a client machine, to edit your server settings... or a stale lock file for SA.
Finally, try enabling the Debug menu for SA by (quitting out of it &) running in the Terminal:
defaults write com.apple.serveradmin UseDebugMenu YES
Then launch SA and from the Debug menu, select "Show Transactions Log Window"
and then try working with the DNS settings.