Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: OcchioNL
OcchioNL Author
User level: Level 1
0 points

wildcard dns

From my blog.


I’m having this problem where I can’t get the CNAME *.domain.tld working on Mac OSX server 10.8


I'll illustrate my problem (presuming web service is up and running):


Let’s set up a new “Primary Zone” with an “A Record”.

  1. Server.app
  2. DNS
  3. +
  4. Add Primary Zone
  5. Name: domain.tld
  6. Done
  7. +
  8. Add Machine Record
  9. Zone: domain.tld
  10. Host Name: domain.tld
  11. IP Addresses: 127.0.0.1
  12. Done
  13. Visit http://domain.tld/ in Safari

That’s great, now we can find the domain by visiting the browser, but how about www.domain.tld?

No can do.... But this is logical 😉


Let’s add a CNAME (or “alias Record”)

  1. Server.app
  2. DNS
  3. +
  4. Add Alias Record
  5. Zone: domain.tld
  6. Host Name: www
  7. Destination: domain.tld
  8. Done
  9. Visit http://www.domain.tld/ in Safari

Now we can find domain.tld as well as www.domain.tld in the browser.

This is just great, it almost looks like a full Enterprise Webserver!!



Now I want to add *.domain.tld so I can find all.these.sub.domains.domain.tld as well, of maybe just dev.domain.tld or test.domain.tld or even www2.domain.tld

  1. Server.app
  2. DNS
  3. +
  4. Add Alias Record
  5. Zone: domain.tld
  6. Host Name: *


😕


The by most people much beloved GUI does not accept the * so I’ll just type “asteriks” in stead and change it in the terminal later.


  1. Host Name: asteriks
  2. Destination: domain.tld
  3. Done
  4. Terminal.app
  5. # sudo nano /private/var/named/db.domain.tld
  6. change "asteriks.domain.tld" to "*.domain.tld"
  7. Server.app
  8. DNS
  9. OFF
  10. ON


The “GUI” now reflects the zonefile.

I can now resolve anything.domain.tld, but not for long… 😟


The problem

The problem is that periodically or after a service/machine restart, the *.domain.tld CNAME will be undone because Apple does not like it when I change things I’m not "supposed" to change. 😢


The issue I have with this problem is that *.domain.tld is widely accepted in Bind/DNS systems except for Mac OSX server Mountain Lion.

Incom”Apple”ble…..


Conclusion

Apple OSX Server is NOT enterprise ready because it fails on a number of accounts (Bind, Samba) to offer the functionalities a 'real world' enterprise *NIX server offers.


Apple "Server Support"

I have spoken to Apple Server Support in Ireland who only know how to handle the GUI, so very friendly, but not very helpful! 😐



Please feel free to discus this issue in this thread of on my blog.


Message was edited by: OcchioNL

Mac Mini Server 10.8-OTHER, OS X Server, 10.8

Posted on Nov 23, 2012 1:31 AM

Reply
8 replies
User profile for user: OcchioNL
OcchioNL Author
User level: Level 1
0 points

Dec 5, 2012 12:56 AM in response to infinite vortex

Hi infinite vortex,


Thanks, indeed the GUI doesn't allow wildcard entries.

I already tried to edit the zone record file (/private/var/named/db.domain.tld) as I explained above and further to that I have already tried to chmod the file read-only.


The system just deletes the whole file and regenerates the entries from the content out of the GUI.


Is there a method to "lock" the file other than the method I describe in this reply?


I agree; "this should work in BIND"!!!

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
116,157 points

Jul 19, 2013 9:33 AM in response to David Kelly1

I don't know that there's any official documentation on the interaction, nor assurance that things won't change in some new version. I've never seen that documentation, in any case. Various versions of Server.app and Server Admin.app have kept both the service configuration file(s) around and a plist file around; it's dreadfully fun when the two squabble around a DNS change. There've been a few and rare occasions where I've had to exit the app and delete the plist to get the change accepted by the tool.


As for your question, just set your DNS server as the authoritative DNS server for the domain you're aiming at, with no records. Add an empty zone, in other words, that matches the domain or subdomain you're after. No need for wildcards.

Reply
User profile for user: David Kelly1
David Kelly1
User level: Level 1
35 points

Jul 19, 2013 10:20 AM in response to MrHoffman

Thanks! An empty domain works when my server is the only DNS server but when clients have a fallback DNS listed they go that way when my mini's DNS fails to provide an answer.


But ideas prompted by MrHoffman's and a bit more playing I have now found a workable solution!


  • Create a primary domiain, say "dummy.primary"
  • Create a nameserver entry for dummy.primary, use "localhost"


Without the nameserver entry clients will try all DNS servers they know. But with, they will stop, which is the desired behavior for killing malicious domains.

Reply

wildcard dns

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up