User profile for user: marconey
marconey Author
User level: Level 1
109 points

DynDNS or No-IP service with Server?

I just received my Mac mini Snow Leopard Server and I am contemplating also being able to access the server from outside the house as well as from inside.
If I use No-IP or DynDNS service, will this work?

Or should I purchase a static IP address from my ISP? What happens when I change the ISP?


How does DynDNS compare to No-IP (I have experience with the latter but only with an iMac in a non-server environment). It worked fine for me (that was the free version of No-IP). This time I would like to know how it works with the Snow Server...


Thanks much,
Kenneth

MacBook Pro IC2D 2.16Ghz 2GB, Mac OS X (10.5.8)

Posted on Aug 23, 2010 2:03 AM

Reply
12 replies
User profile for user: Camelot
Camelot
User level: Level 9
59,521 points

Aug 23, 2010 9:47 AM in response to marconey

There's no difference using DynDNS on Mac OS X Server than on any other OS.

That is, it will work. It will give you a hostname that external users can use to get to your server.

It won't help with services on your server that initiate outgoing connections. For example, it won't help you run a mail server (remote servers will still reject your mail since your reverse DNS doesn't match), etc.
Reply
User profile for user: marconey
marconey Author
User level: Level 1
109 points

Aug 23, 2010 4:52 PM in response to Camelot

But that shortcoming of a Dynamic DNS service could be overcome with a service like this no?
http://www.no-ip.com/services/manageddns/plusfeatures.html

The question in brief is, is there ANY feature, advantage or merit of a traditional static IP address from your ISP that a third party Dynamic DNS service can't match?

Thanks for your help!

Kenneth.
Reply
User profile for user: Camelot
Camelot
User level: Level 9
59,521 points

Aug 24, 2010 9:09 AM in response to marconey

The question in brief is, is there ANY feature, advantage or merit of a traditional static IP address from your ISP that a third party Dynamic DNS service can't match?


Yes. Reverse DNS.

DNS consists of forward DNS (map a name to an IP address) and reverse DNS (map an IP address to a name).

Dynamic DNS services can take care of the forward DNS component - that is, they can map your hostname to your current IP address, whatever that is, and whenever it changes.

They can't do jack about reverse DNS.

To put it another way, when you get a dynamic IP address from your ISP your address typically has a reverse DNS that looks something like:

c-123-456-82-231.hsd1.ny.yourcableco.net.

or
c-123-456-82-231.dsl2.atl.yourisp.net.


You can't change this on a dynamic IP address. Dynamic DNS services can't change this, either.

What this means that no matter what you use for users to get to your site (e.g. www.yourdomain.com, yourname.dyndns.com, etc.) the reverse DNS will never match.

That's the primary reason why mail fails (most mail servers perform a reverse lookup to ensure you're coming from your own domain). Mail relaying through some other mail server can help, but you'll need to determine how much, if any, the lack of reverse DNS matters to you.
Reply
User profile for user: marconey
marconey Author
User level: Level 1
109 points

Aug 24, 2010 10:14 AM in response to Camelot

Camelot,

Thanks for the much needed education! I completely understand the reverse lookup business ... but as I had said, and with reference to mail only, this shortcoming could be overcome by the other services that DynDNS provides such as MailHop (or the No-IP service at the link I mentioned above). So that will effectively solve that problem.

My next question then is, would I then have to address this reverse DNS lookup issues for each of the other services that Mac OS X SL provides, on an individual basis? What if I am running an iCal server and someone needs to connect from the outside? (I don't know at which address on the server the iCal service would be available, have never done it before).

You also mention " ... Mail relaying through some other mail server can help, but you'll need to determine how much, if any, the lack of reverse DNS matters to you. "
A. How do I determine as to how much, if any, the lack of reverse DNS matters to me? Let's say in my case, that the mail issue has been addressed by MailHop, beyond that and am repeating the question I had posed earlier *"The question in brief is, is there ANY feature, advantage or merit of a traditional static IP address from my ISP that a third party Dynamic DNS service can't match either directly with a single service or with add on services?, when one considers the cost issue, is it worth or is there any advantage of going for a static IP instead of a much more economical dynamic dns service?"*

Again, thanks for taking the time to educate me! really appreciate it and thanks for putting up with my ignorant questions :o) It's a genuine desire to learn!

Kenneth
Reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
151,215 points

Aug 24, 2010 10:35 AM in response to marconey

You're far from the first person to consider the costs and benefits of a dynamic IP address over the higher costs of a static IP address. Have a look around the previous discussions.

As for your question, are you planning to use SMTP mail server? If so, then you need to relay to a designated server (and that usually requires authentication), or you need to have valid forward and reverse DNS, and a valid MX record for your domain.

Sure, mail works without all that stuff, but your mail server is then usually considered a spam engine by many of the receiving SMTP servers, and the messages dropped.

And for another use, are you using https services or certificates or various of the secure network services? Then you need valid forward and reverse DNS, as that is based on matching forward and reverse DNS and certificates.

In general, do you need server-oriented access? If so, then most dynamic access agreements can prohibit server-oriented traffic, and ISPs can and have turned on firewalls to block server-oriented network traffic. Check your ISP agreement for details.

Also check with the available tunnel providers. They can effectively "co-lo" your network entrance, and can allow you to get the rest of the network stack details (mentioned above) working correctly.
Reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
151,215 points

Aug 24, 2010 5:38 PM in response to marconey

The antecedent of "these" was the multiple domain (UCC) certificate.

As for generating your own certificates, that's usually via Certificate Assistant, available via Keychain.

Or you can use the shell; the keygen commands are part of the ssh tools.

For background and tools and related, see chapter nine in the [Security Manual|http://images.apple.com/server/macosx/docs/Server Security_Configv10.6.pdf] and the developer documentation for [SSL security|http://developer.apple.com/server/security_ssl.html].
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

DynDNS or No-IP service with Server?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up