dns dynamically updated

The underlying DNS server of Mac OS X Server is called BIND and does support this, however Apple's admin tools do not provide a means of configuring this. So the answer for most people is no it cannot be done. However have a look at this article and see if it helps you.

http://labs.hoffmanlabs.com/node/1745

I believe the author of that article is the same Hoffman as the MrHoffman who frequents these forums. Hopefully he will step in and answer your query further. If you don't get a reply from him in a day or two you could try posting a message with his user name in the subject.

Luca, what do you imagine "updating" DNS will do when a workstation is switched on?

DNS is a way of assigning names to IP addresses and does not need to be updated when computers appear on the network.

Perhaps you are thinking of DHCP, which assigns configuration such as an IP address to the workstations when they are turned on. You can configure DHCP to assign the IP address that corresponds to a DNS entry by telling the DHCP server what MAC address a workstation's network adapter has assigned to it.

If you configure both DHCP and DNS correctly, you can address your computers by their names. That said, Mac OS X does a pretty good job of advertising the host name (computer name) via Bonjour, so it may not be necessary for you to set this up if all your computers work via Bonjour--you just browse the network in Finder and you can see all the names.

The DHCP/DNS configuration I'm describing is most useful when you need to run services that need to be accessible from outside your network, but even then simply setting a static IP for your workstation should be sufficient. It's also the standard way of doing things when working with Unix hosts.

There are two different forms of Dynamic DNS. The one Luca is referring to is when you have devices on a network which get their IP address via DHCP and this is a dynamic and changing address but you still want to use a DNS hostname with that specific machine. Normally DNS hostnames always point to the same static IP address.

If you have a suitable DNS server it can link the device on the network to that hostname and change the IP address to match any change in address issued to the device by the DHCP server. As I mentioned the DNS server Apple use can do this but Apple themselves do not provide a means to configure this.

For your information the second form of Dynamic DNS is where you have a single public internet IP address which is also dynamic (issued by your ISP) it is possible to use an external service to link a hostname to that dynamic address and then people on the Internet can use that unchanging hostname to access your computer even though your IP address is potentially changing. DynDNS.org is an example of this.

I would agree it is disappointing Apple do not provide a built-in Dynamic DNS solution - I have actually suggested it to them in the past. However at this point they could still be considered to not yet be addressing the Enterprise market.

For what its worth it is perfectly possible to use Macs and Mac servers and use a non-Mac DNS server.

Things are getting a bit silly, it is getting to a state that in anything other than the smallest simplest setup you need to use non-Mac servers and I say this as a dedicated Mac fan.

While the likely amount of sales and revenue versus the costs of server products might make Apple think it is not worth it they are wrong on every count. Firstly I know how they could solve the hardware side at effectively no cost while still having control (i.e. not allowing other companies to run Mac OS X Server on their hardware), secondly the whole point of Mac servers was to provide a better solution for Macs, Windows servers while they can be used for Mac clients are not Mac friendly and have definitely non-Mac friendly licensing terms.

Perhaps I'm inexperienced with the whole Dynamically Updating DNS thing, but I just don't see the need for it other than ease of finding which computers are which on a network.

...and even that can be cryptic when a computers name is e011034d2a...

Top that off with an amazingly bloated DNS record set!

Short answer to your question, Luca... Here's what I did in my lab. I set up a windows server with DNS. I had it set up to allow recursion to my Mac DNS Server.

The Mac Server was then set up to recieve all records that the Windows server set up.

This way will allow you to run OD on your Mac Server, and AD on your PC Server with the Golden Triangle.

The DHCP Server was on the mac, and was set up so that the first DNS entry provided went to the PC Server. The second DNS Entry pointed to the Mac.

I didn't like it, but it worked. For some, two servers is one too many and for others, two isn't enough.

-Graham

i had similar issue.

i tend to change it via Command Line but all my changes where overwritten when some Lovely Inocent Operator from Heaven used the Server Admin tool and saves any DNS change...

so i did some research here:

first i add these secondary servers to the "Nameservers" box inside the DNS zone (in both zones: direct and reverse)

My problem was, when i enable one "allow transfer" in one zone (for example, direct DNS zone) ALL OTHERS checkbox got unchecked!!! (in this example, the reverse zone).

So it seems to me like Server Admin is only populating the checkboxes changed in Server Admin, and it's not reading the configuration file to see if there was a previous definition with "allow-transfer" (as it does when Server Admin loads... weird).

So as a Workaround you can do:

1) UNCHECK all "allow transfers" checkboxes from Server Admin

2) SAVE (and quit if paranoia is hitting you so hard)

3) CHECK all needed checkboxes (in my case, that was the direct and reverse zone) WITHOUT SAVE till you have check all.

4) SAVE!

that's the way we had it done, hope that helps!

and excuse my obfuscation explaining, it's not a good day for me, my mind is asking for beach time, hope you understand

Hello,

first of all nice to see that I'm not the only human on this planet wondering about this topic.

A longer while ago I stopped already reading Apple's official documents about Server management. First of all usefull information is only available until version 10.6.

I'm also brand new in Apples world using it at home starting from OS version 10.7. I have one server and three clients and yes I have separated my home network into VLANs. As I was still in Windows world at home I never made any thought of having VLAN in use as it did not make any difference but with Mac OS Server I run from one problem into the next one. Topic of problems are many: Find printers, configure Time Machine over VLAN, configure Radius clients and and and. Bonjour should help to easily fix all the problems by working automatically. Nice for not so experienced users but it's such a pitty that Apple does not provide and advanced tools or guides to get things done without this bloddy Bonjour.

This company earns so much money why they are not developing Enterprise suitable server tools. I can't use things like Bonjour in a multi-site company if this even makes troubles at home.

The ability that Windows clients updated their own DNS records or DHCP servers did this on behalf of not Windows clients was just great. I can't even tell how often I open Server Admin DHCP console just to look up for an IP address.

I won't use thrid party tools as with this amount of money I spent for those devices I expect that Apple provides me tools to be happy. If not maybe only M$ is your friend then. Very sorry but true.

Cheers

Robert

Hi,

Here's how I've setup to have DNS updated automatically when people connect there computers in your office's network, and also to have it's own internal domain (like office.internal at the end of each connected computer, this allows you connect via VPN connections from your home).

At a glance:

Set internal server name is macserver.office.internal

DHCP is turned off in "Server Admin" and we use Macports isc-dhcp implementation

DNS is turned on by OS X Lion Server normally

Here's my quick install guide (tested on OS X Lion Server 10.7.4 and Xcode 4.3.2 with Macports 2.1.1

1. Change your Mac OS X Lion Server hostname to "macserver.office.internal" with Server app:

Select Hardware then select "Host name": "Edit ..." > "Host name for private network"

Set it to "macserver.office.internal"

Check if everything is OK with the hostname:

2. Install Macports

Macports allows you to install command-line utilities and software via the port command (similar to apt-get on Linux). Check out it's Webpage: http://www.macports.org

After you have installed Macports 2.1.1 or later for OS X Server, open Terminal.app and:

3. Install isc-dhcp from Macports

First update your port database to have the latest package definitions:

#sudo port selfupdate

Now install dhcp

#sudo port install dhcp

The configuration file of dhcp is located in /opt/local/etc/dhcp/dhcpd.conf

3. Generate the DNS Key to allow DNS to update the connected hostnames

dnssec-keygen is a tool to create dnssec keys, much like ssh-keygen creates ssh keys. Pick a name for your key, it can be any name. I usually name it appropriately. For this example, I will call our key dhcpupdate.

#sudo dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128 -n USER dhcpupdate

3. Edit /opt/local/etc/dhcp/dhcpd.conf

Message was edited by: gilcelli

Hi,

Here's how I've setup to have DNS updated automatically when people connect there computers in your office's network, and also to have it's own internal domain (like office.internal at the end of each connected computer, this allows you connect via VPN connections from your home).

At a glance:

- Set internal server name via OS X Lion Server "Server" app to "macserver.office.internal"

- Set the internal IP address to 192.168.64.0/24, e.g macserver.office.internal IP address: 192.168.64.100
- Set DHCP range from 192.168.64.190 to 192.168.64.250

- DHCP is turned off in "Server Admin" and we use Macports isc-dhcp implementation

- Edit DNS settings and start on by OS X Lion Server normally

Here's my quick install guide (tested on OS X Lion Server 10.7.4 and Xcode 4.3.2 with Macports 2.1.1)

1. Change your Mac OS X Lion Server hostname to "macserver.office.internal" with Server app:

Select Hardware then select "Host name": "Edit ..." > "Host name for private network"

Set it to "macserver.office.internal"

Check if everything is OK with the hostname:

2. Install Macports

Macports allows you to install command-line utilities and software via the port command (similar to apt-get on Linux). Check out it's Webpage: http://www.macports.org

After you have installed Macports 2.1.1 or later for OS X Server, open Terminal.app and:

Note that most of the files are installed in the /opt/local/ directory

3. Install isc-dhcp from Macports

First update your port database to have the latest package definitions:

#sudo port selfupdate

Now install dhcp

#sudo port install dhcp

The configuration file of dhcp is located in /opt/local/etc/dhcp/dhcpd.conf

The dhcpd binary is installed in /opt/local/bin/

4. Generate the DNS Key to allow DNS to update the connected hostnames

dnssec-keygen is a tool to create dnssec keys, much like ssh-keygen creates ssh keys. Pick a name for your key, it can be any name. I usually name it appropriately. For this example, I will call our key dhcpupdate.

#sudo dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128 -n USER dhcp-update

The output should be written to /var/named/dhcp-update.key

Don't forget to set permissions to "read-only" for root:
#sudo chmod ugo-w /var/named/dhcp-update.key

For example my key looks like:

#sudo cat /var/named/dhcp-update.key

key DHCP-UPDATE-KEY {

algorithm hmac-md5;

secret "a9hXeJ31ALVsW/19Rx9OXQ==";

};

5. Edit /opt/local/etc/dhcp/dhcpd.conf

A good tutorial on how to setup a dhcp server with automagically updating DNS is here

http://lani78.wordpress.com/2008/08/12/dhcp-server-update-dns-records/

So my /opt/local/etc/dhcp/dhcpd.conf looks like this:

# You need the next line or you won't actually be a DHCP server!

authoritative;

# DDNS stuff - these are the bits that get your DHCP server talking with your DNS server

ddns-update-style interim;

ddns-updates on;

ddns-ttl 600;

server-identifier macserver.local;

ddns-domainname "office.internal.";

ddns-rev-domainname "64.168.192.in-addr.arpa.";

# this is the file with your shared key in it

#include "/var/named/dhcp-update.key";

key DHCP-UPDATE-KEY {

algorithm hmac-md5;

secret "a9hXeJ31ALVsW/19Rx9OXQ==";

};

# this generates a client's DNS name from the hostname the give or the leased IP address

# ddns-hostname = pick-first-value(ddns-hostname, option host-name, binary-to-ascii(10,8, "-", leased-address));

# Normal DHCP stuff

option domain-name "office.internal";

option domain-name-servers 192.168.64.100;

option ip-forwarding off;

#default-lease-time 600;

#max-lease-time 7200;

# New lease-time

default-lease-time 86400;

max-lease-time 86400;

# My Network - this is the set of addresses that you're handing out

subnet 192.168.64.0 netmask 255.255.255.0 {

range 192.168.64.190 192.168.64.250;

option broadcast-address 192.168.64.255;

option subnet-mask 255.255.255.0;

option routers 192.168.64.1;

allow unknown-clients;

allow client-updates;

zone office.internal. {

primary 192.168.64.100;

key DHCP-UPDATE-KEY;

}

zone 64.168.192.in-addr.arpa. {

primary 192.168.64.100;

# this key name matches the name you gave it in the key file

key DHCP-UPDATE-KEY;

}

}

6. Setup DNS Service (but don't start it yet)

- Startup DNS normally via "Server Admin" and add the primary zone: here "office.internal" and
- add the nameserver hostname:

macserver.office.internal

The reverse DNS will automatically be added by "Server Admin".

Save it but don't start it yet since we need to configure /etc/named.conf

7. Edit /etc/named.conf

To allow DNS to update it's hostnames edit /etc/named.conf:

- add the dns-sec key at the top of the file, like here

- Add the line allow-update { key DHCP-UPDATE-KEY; };

#cat /etc/named.conf

key DHCP-UPDATE-KEY {

algorithm hmac-md5;

secret "a9hXeJ31ALVsW/19Rx9OXQ==";

};

options {

directory "/var/named";

allow-transfer {

none;

};

};

acl "com.apple.ServerAdmin.DNS.public" {

localhost;

localnets;

};

logging {

channel _default_log {

file "/Library/Logs/named.log";

severity info;

print-time yes;

};

category "default" {

"_default_log";

};

};

view "com.apple.ServerAdmin.DNS.public" {

zone "office.internal" IN {

type master;

file "db.office.internal";

allow-transfer {

none;

};

allow-update { key DHCP-UPDATE-KEY; };

};

zone "64.168.192.in-addr.arpa" IN {

type master;

file "db.64.168.192.in-addr.arpa";

allow-transfer {

none;

};

allow-update { key DHCP-UPDATE-KEY; };

};

allow-recursion {

com.apple.ServerAdmin.DNS.public;

};

};

6. Reboot and start DNS Service from "Server Admin" app:

Reboot OS X Lion Server and check that dhcpd from Macports is running (with command /opt/local/bin/daemondo
Start DNS Service with "Server Admin" and normally it should work ;-)

Log files to watch:

DHCP /opt/local/var/db/dhcpd/dhcpd.leases

See if you get a journal file for DNS (.jnl) in /var/named/

Hope this helps (someone)...

This is the complete edit (my previous post was not saved since the Discussions site switched to maintenance mode... grrr...)

Hello gilcelli,

thank you first of all for you very long and good explanation how to get this whole thing working. I see that this is not only something which you can do fastly with Apple standard tools but also not too complicated. Because of lack of time I have to skip this now to a later time but for sure I will try this one day (in a test environment). It's just a pitty that Apple does not support this natively. The have the Server Admin Tool for those services and all the configuraton pages in there are almost empty. It's quite confusing when you come from the Windows world and just expecting those things to be present.

Thanks again for this great article once more!

Cheers

Robert

Hi Robert,

Thank you for your kind words.

As far as I know even on other UNIX systems (Linux or FreeBSD) you have to manually edit the DNS and DHCP files to allow dynamic DNS updates.

I have done it before on a FreeBSD server.

Well of course it could be done via a GUI, but I think it's more a security concern when allowing DNS updates, but not sure...

Anyway I'm glad I could figure it out for OS X Server and that I could help someone ;-)

If you have questions or suggestions please let me know :-)

Cheers,

Gilles