Help with DNS setup for LAN only

Question

I have a Mac Mini SNS 10.6.8 as our company&#x27;s local standalone fileserver.Everything has ran great for the past year (still is), but now I want to try and setup DNS for more control and services.The server host name is servername (no FQDN), which shows up in Server Admin as servername.local.I read and followed Hoffman Labs great step-by-step, but must have missed something, since I still cannot get DNS resolution.Here is a brief summary of the Server Admin settings:          Host Name                    servername          Host (Server) IP          192.168.4.2          Router IP (also default public DNS IP) 192.168.4.1          Bonjour                    Wide Area  &#x3D;  Not enabled          Settings                    Accept recursive queries  &#x3D;  localnets          Settings                    Forwarder IPs  &#x3D;  8.8.8.8  &amp;  8.8.4.4  (Google Public DNS)now...          Zones                              1 Primary Zone  &#x3D;  companyname.net (we own the domain)                                        Primary Zone Name  &#x3D;  companyname.net                                        Nameserver Zone  &#x3D;  companyname.net                                        Nameserver Host Name  &#x3D;  servername.companyname.net                                        2 A Records:                                        servername          192.168.4.2                                        user1                    192.168.4.3                                        Reverse mapping - automatic - OKTesting          Ran sudo changeip -checkhostname                    Results:                               Primary address          &#x3D;          192.168.4.2                              Current hostname          &#x3D;          servername                              The DNS hostname is not available. Please repair DNS and re-run this tool.I must be doing something wrong, but I don&#x27;t know what it is.  Please help.

molinus · Answer

Forgot 1 detail: not using DHCP - all LAN IPs are static and individually set.

MrHoffman · Answer

Forwarders are unnecessary, and (if they don&#x27;t have the translation cached) just add another "hop" to the DNS translation.  I&#x27;d remove them.  (This is referenced in that HoffmanLabs article.)In the System Preferences &gt; Network settings on the DNS server, confirm that the DNS server has the IP address 127.0.0.1 as its DNS server address.  This address is only for the DNS server and only when referencing itself.  Confirm that there are NO other DNS servers referenced, whether in the DNS server&#x27;s own DNS server settings, or in the DNS server&#x27;s DNS server forwarder settings, or in the DHCP server settings in your gateway router.If you&#x27;ve been overhauling the DNS settings on this box, then you may also need to reboot the server to completely reset the environment on the server.If the above steps and the reboot don&#x27;t clear this, then (as a start) issue the following three shell commands andsubstituting your particular host name for the string "server.example.com" in the second command, and post the output:$ scutil --get HostName$ dscacheutil -q host -a name server.example.com$ dscacheutil -q host -a ip_address 192.168.4.2If you&#x27;re inclined to obfuscate your domain name in what you post, please change only the domain name portion over to "example.net" in what you post.  (That way, I&#x27;m not trying to figure out what&#x27;s real and what&#x27;s been changed.)There&#x27;s an entity named Companyname.com Inc, in Orlando, Florida, so (unless that&#x27;s your corporation), you&#x27;ll want to reference "example.com" or "example.net" or such when you&#x27;re seeking to obfuscate your domain.  I&#x27;ll assume you&#x27;re obfuscating your domain, and you&#x27;re not the Companyname.com folks.  (If my assumption here is incorrect and you really are Companyname.com, then there might be some other considerations in play.)

MrHoffman · Answer

ps: Do not use the .local Bonjour top-level domain as your FQDN; as your unicast DNS domain.What Server Admin sees in its left navigation isn&#x27;t critical. Once the local network DNS services are working, you can remove the entry from the left navigation of Server Admin and re-add it using your unicast DNS FQDN, or you can (while you&#x27;re connected via the LAN) continue using the Bonjour name with the .local top-level domain. --Notes:Bonjour and multicast DNS and mDNS can be (for the sake of this discussion) considered the same thing.What you&#x27;re setting up with DNS services within Server Admin is also called unicast DNS.

molinus · Answer

Thanks very much for the great feedback, and sorry about the obfuscation confusion.I did previously note that forwarders are unnecessary (from your Hoffman Labs site), but was trying anything.There are now no other DNS references on server, only 127.0.0.1 in network settings.Oddly, even though I had manually assigned our Comcast gateway&#x27;s DNS to Google DNS IPs, the gateway summary still shows up as Comcast&#x27;s DNS server IPs.  So I removed the manually assigned Google DNS IPs from the gateway.Per your request, I rebooted last night, and here are the outputs from the terminal commands:$ scutil --get HostName          server.example.net$ dscacheutil -q host -a name server.example.com         name: server.example.net         ip_address: 192.168.4.2$ dscacheutil -q host -a ip_address 192.168.4.2         name: server.example.net         alias: 2.4.168.192.in-addr.arpa         ip_address: 192.168.4.2

molinus · Answer

When I am on Server (Network Settings DNS set to 127.0.0.1), I can access WWW.When I am on User1 (Network Settings DNS set to 192.168.4.2 - this is Server IP), I cannot access WWW.When I am on User1 (Network Settings DNS set to 192.168.4.1 - this is Gateway IP), I can access WWW.

MrHoffman · Answer

Did you intend to have both "example.com" and "example.net" listed there?  Are those domains really different?  I&#x27;m going to assume that was an obfuscation error.  (This is part of the "fun" of obfuscation, unfortunately.  Of having to differentiate errors in the actual configuration from errors that were introduced during the obfuscation.)&gt;Oddly, even though I had manually assigned our Comcast gateway&#x27;s DNS to Google DNS IPs, the gateway summary still shows up as Comcast&#x27;s DNS server IPs.  So I removed the manually assigned Google DNS IPs from the gateway.The gateway (or whatever you&#x27;re using as your DHCP server) should be configured with the DNS server address of 192.168.4.2.  All other hosts on your network (if you&#x27;re planning to use your local DNS everywhere on your LAN) should also reference 192.168.4.2, either through an explicit static configuration, or as the address that was received from the DHCP server.And as for IP routing, are all your hosts, network printers, network gateways, DHCP servers, etc., all in the range of 192.168.4.1 to 192.168.4.254?  (They should be, if you&#x27;re using a /24-class 255.255.255.0 subnet mask.)But then I don&#x27;t know where this configuration has gone off the rails...  (Over the years, I&#x27;ve seen and have made my own configuration errors, I&#x27;ve been "bagged" by DNS caches, and I&#x27;ve hit various bugs in DNS implementations.)  What you have stated here should work.I&#x27;d start at the top of the DNS configuration article, and not stray from what is written there.   That there has been Google DNS and have had ISP DNS configured at the gateway does mean there were some areas that have strayed from the article.   I&#x27;d suggest following the DNS server configuration directions exactly. Setting up DNS services with OS X Server isn&#x27;t difficult, but it can be a little fussy.  If you don&#x27;t understand something that&#x27;s written in that article -- or if you believe you need to enter something different than what&#x27;s listed there -- then please stop and ask about it.  Either ask here, or ask over there.  (This feedback also helps improve that article.)Straying from what&#x27;s written in that article is certainly and entirely feasible, but that&#x27;s something best left until after the adminstrator is more familiar with running a DNS server.  Once you know how and why and where you can stray, there are all sorts of things you can do within a DNS configuration.

molinus · Answer

Sorry about the obfuscation error.I am going back to your article and starting over, but I have a couple of observations and questions which may show my confusion and where I&#x27;m off track:Our Comcast gateway is also a caching DNS server.  It is automatically set to query Comcast&#x27;s DNS IPs of 68.87.72.130 and 68.87.77.130 for public domains.In the gateway control panel you can manually assign a primary and secondary DNS IP, but when I tried this separately with both Google and OpenDNS IPs and rebooted the gateway, the gateway summary showed DNS stilll set to Comcast&#x27;s DNS IPs.     -- By this, I mean that there is now no DNS explicitly configured on the gateway.To get to WWW, our LAN hosts (Windows &amp; Mac) currently reference the gateway IP address 192.168.4.1 for DNS.  All LAN IPs are within 192.168.4.0/24.Here is a screenshot from the gateway:I know I&#x27;m being dense, but... based on the above screenshot, are you saying I need to Assign DNS Manually in the gateway, setting Primary DNS to the Mac Mini server IP address of 192.168.4.2, and then reference DNS using that same IP on all LAN hosts?That makes sense, but then how do DNS requests get to the WWW DNS servers?Also, if I assign the Primary DNS, what do I use for secondary DNS?