Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Lazken
Lazken Author
User level: Level 1
0 points

Changing DNS

Hi,

I have an open Directory running, that is kerberized. As of now, that server uses another machine as his DNS server, but I want to move the DNS onto the same machine.
When I change the network system preferences and point the dns to himself, users can't log into their open directory accounts anymore. Passwords get refused,
I've searched high and low in the open directory options but cannot find anything DNS related. What other steps do I need to take in order to switch the DNS?

thanks in advance

Mac pro, Mac OS X (10.5.8)

Posted on Nov 25, 2009 2:39 AM

Reply
9 replies
User profile for user: Lazken
Lazken Author
User level: Level 1
0 points

Dec 2, 2009 2:38 AM in response to Lazken

I'm thinking it could be a problem in my DNS setup
my server name's caesar, the domain is mydomain.com

I have 2 primary zones:
mydomain.com
be.mydomain.com

*caesar:~ admin$ nslookup caesar 192.168.1.10*
*Server: 192.168.1.10*
*Address: 192.168.1.10#53*

* server can't find caesar: NXDOMAIN*
does not work,
however:

*caesar:~ admin$ nslookup caesar.mydomain.com 192.168.1.10*
*Server: 192.168.1.10*
*Address: 192.168.1.10#53*

*Name: caesar.mydomain.com*
*Address: 192.168.1.10*

reverse:
*caesar:~ admin$ nslookup 192.168.1.10 192.168.1.10*
*Server: 192.168.1.10*
*Address: 192.168.1.10#53*

*10.1.168.192.in-addr.arpa name = caesar.mydomain.com.*

the old DNS server is still running on the old server, "Idefix" at 192.168.1.13,
where the opendirectory and kerberos and mail used to run. Those things have been migrated to caesar.
The idea is to have the DNS service also moved to caesar.

Kerberos was first configured/initialized with idefix as DNS.

point of intrest maybe, on the old dns server(idefix) nslookup gives the same results as the new one.
Reply
User profile for user: Lazken
Lazken Author
User level: Level 1
0 points

Dec 2, 2009 2:41 AM in response to Lazken

perhaps also good to know is that for the mail, I have to add aliases in Open directory manager for each user as username@mydomain.com or their email adress is username@caesar.mydomain.com as this is annoying, I figured the problem lied with the DNS, noticed it was still running off the old server, tried to change it, noticed all kerberos authentication failing.
Reply
User profile for user: Andbrowny
Andbrowny
User level: Level 4
1,614 points

Dec 2, 2009 11:12 AM in response to Lazken

Hi Lazken, I suspect your issues are more than DNS but also with your OD setup.
What do you get if you type 
sudo changeip -checkhostname
in the terminal?
if everything is ok you should get something like

Primary address = 192.168.1.10

Current HostName = server.domain
DNS HostName = server.domain

The names match. There is nothing to change.

How was the migration from idefix to caesar done?

Cheers
Reply
User profile for user: Lazken
Lazken Author
User level: Level 1
0 points

Dec 4, 2009 7:35 AM in response to Andbrowny

that's exactly when checkhostname does,

I had it working for a bit, everything was running smooth, even with idefix offline.

Today, I needed to add some DNS records, for some internal servers

I added a primary zone randomdomain.com
and added a machine to that with the appropriate ip. This was however not a solution to the issue I was facing. I also added a line to the /etc/hosts file.
I then deleted that line again, and also removed the newly created zone.
Since these changes to the DNS, kerberos is failing once again. I changed the DNS back to idefix for now, but Im going to need to solve this.

How can just editing your DNS zones result in kerberos going loony?

thanks in advance for the effort!

bram.
Reply

Changing DNS

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up