Best DNS setup for public-facing Mac server with no NAT?

Question

Level 1

10 points

Best DNS setup for public-facing Mac server with no NAT?

What's the best way to set up the DNS server as a member of an existing domain with nameservers elsewhere for a public-facing server with no NAT?

We own the domain myexample.com and it's name servers and zone files are on a hosted linux server with mail/web server services.

We now have a Mac server hosted elsewhere and we want it to be a subdomain of our myexample.com i.e. macserver.myexample.com.

We haven't enabled NAT or DHCP so the Mac server host network IP is a public IP. There is no LAN.

When setting up the DNS server, what should the primary zone be? macserver.myexample.com, or myexample.com?

Any advice would be great. Mr Hoffman....are you out there?

Posted on Oct 19, 2012 12:47 PM

Reply

Answer 1

MrHoffman

Level 10

146,581 points

Oct 19, 2012 4:14 PM in response to boomboom_uk

You do need valid DNS services. But you don't need to provide DNS on the same server. And if you're not dealing with NAT, things can get easier.

The easiest approach available is to not run your own DNS services here. This assumes the OS X Server box is configured on a static IP address, but then that's something OS X Server needs/wants/ expects.

Use the DNS provided by your domain registrar, and your ISP. Or maybe on that Linux box, if that's publicly authoritative for the domain.

Enter the host name and the IP address into the public DNS services that you have configured for the domain, or that you have at your registrar or ISP, or on that Linux box.

You will need to have your ISP for the static IP configure a PTR record (reverse DNS) for the server, particularly if you're planning to run mail or related.

Reply

Answer 2

boomboom_uk Author

Level 1

10 points

Oct 23, 2012 10:44 AM in response to MrHoffman

Thanks Mr. Hoffman. We will leave the DNS server on the hosted Mac server alone. We'll try and get a PTR record configured, but we will only be running iCal and AB services and my guess is that they'll work without proper reverse DNS. Will post the outcome. 🙂

Reply

Answer 3

MrHoffman

Level 10

146,581 points

Oct 23, 2012 5:39 PM in response to boomboom_uk

You can shut down the DNS server on the OS X Server box.

It serves no purpose here – if you already have public DNS services running for this host – and it's another piece to mantain.

As a test of this, you can shut down the DNS server, configure the OS X Server box to use the existing public DNS servers, and confirm DNS operations with sudo changeip -checkhostname or such.

As for the forward and reverse DNS records, anything that expects to use secure network connections will want the host names to match. I'd tend to expect network diagnostics to catch this error, too.

Reply