Skip navigation

Basic DNS Issue and Resolving Addresses

3042 Views 15 Replies Latest reply: Jan 6, 2013 7:24 AM by FromOZ RSS
1 2 Previous Next
Shai Shefer Calculating status...
Currently Being Moderated
Jan 2, 2013 8:50 AM

I'd like to make sure I'm setting up DNS correctly on a small business network on 10.8.2 server.

 

Basic Assumptions:

Outside Static IP: 10.0.0.0

Server Internal IP: 192.168.1.2

Domain: domain.com

Server Host Name: server.domain.com

Google Apps Services Entries: mail.domain.com, calendar.domain.com

 

Already Done:

server.example.com on our registrar points to External (static) IP

 

We're using an airport extreme and in the internet settings I configured the top DNS server to match my server host name.  Everything is setup nicely and hums along, but any time a user tries to access a google app service at *.domain.com the name can't resolve.  In fact domain.com does not resolve at all.

 

When I change the airport extreme DNS entries to generic settings (let's tale the google 8.8.8.8 and 8.8.4.4) all client machines can access the google apps services but connecting to the server requires them to type in the servers internal IP address.

 

How can I setup the airport and server so that only the server hostname (server.domain.com) resolves to my server but *.domain.com or domain.com get forwarded?

 

Am I completely missing something in doing this?

 

Thank you!

  • FromOZ Calculating status...
    Currently Being Moderated
    Jan 2, 2013 9:30 AM (in response to Shai Shefer)

    I don't think so...

     

    Outside Static IP: 10.0.0.0

    Server Internal IP: 192.168.1.2

    Domain: domain.com

    Server Host Name: server.domain.com

    Google Apps Services Entries: mail.domain.com, calendar.domain.com

     

    1. 10.0.0.0 is one of the private address ranges, it is not routeable on the Internet. Where did you get this address from?
    2. 192.168.1.2 — potentially OK
    3. domain.com — I don't think that whole domain belongs to you... 'domain.com' is owned by some large hosting company, they rent out sub-domains
    4. server.domain.com, mail.domain.com, calendar.domain.com — I don't think so... see point 3. If you don't own 'domain.com' the TLD then each of these will be sub-domains.

     

    In one part of your post you say 'server.domain.com' then here

     

    Already Done:

    server.example.com on our registrar points to External (static) IP

     

    you say 'server.example.com' — which is it? BTW neither of them are valid. Type in 'example.com' into a web browser and see what you get.

     

     

    "Am I completely missing something in doing this?"

     

    Afraid so. Basically you have to throw the whole thing away and do it again properly.

     

    I am guessing you will be asking for pointers?

     

     

    p.s. if you installed OS X Mountain Lion server with those DNS settings above you will likely have to do a total reinstall of the Mountain Lion OS followed by Mountain Lion Server because (I suspect) your DNS & host settings are totally wrong and OS X Server doesn't like you if you go doing things like changing host names etc.

    Mac mini, OS X Server
  • FromOZ Level 2 Level 2 (400 points)
    Currently Being Moderated
    Jan 2, 2013 9:27 AM (in response to Shai Shefer)

    Have a look at this posting I did in another thread

     

    https://discussions.apple.com/message/20736528#20736528

     

    it has the basic instructions on installing OS X Mountain Lion Server. I'll add some more specific DNS details for you shortly.

  • FromOZ Level 2 Level 2 (400 points)
    Currently Being Moderated
    Jan 2, 2013 9:31 AM (in response to Shai Shefer)

    IP Address are just dummy holders for external...

     

    Does not compute — please explain.

  • FromOZ Level 2 Level 2 (400 points)
    Currently Being Moderated
    Jan 2, 2013 9:59 AM (in response to Shai Shefer)

    From the DNS point of view this is basically how you proceed. I will make some assumptions, pls advise if they are not correct. Let's also assume that you have registered the domain "iwantaserver.com" and the domain is under your control.

     

    1. You own/control the domain iwantaserver.com.
    2. You have some external DNS provider, let's say DynDNS, providing external DNS name resolution for you.
    3. You have a broadband Internet connection over say fiberglass, ADSL, cable or something.
    4. Your ISP gives you a dynamic IP address on the Internet and it is (for example) 123.123.123.123
    5. You have infrastructure from your ISP at your location but the Internet legal IP address is bound to the WAN interface of your Airport Extreme. The WAN interface of your Airport Extreme does NOT have a non-routeable IP address (i.e. anything in the 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 address ranges)
    6. Your LAN interface on your Airport Extreme is 192.168.1.1 — it is the gateway for your 192.168.1.0/24 network.
    7. You use the Airport Extreme as your DHCP server
    8. You have public DNS servers listed in the DHCP server in your Airport Extreme. Some examples 8.8.8.8, 4.4.4.4 for Google DNS.

     

    This is setup before installing OS X Server. It all works and people can get to the Internet etc.

     

    Then you start with installing OS X server.

     

    1. Find out your real external Internet IP address - in web browser go to checkip.dyndns.org. Write down the address
    2. Your internal network is 192.168.1.0/24, gateway is 192.168.1.1, server will be static IP address of 192.168.1.2
    3. Before install of server change name & host name of server respectively to 'Server' & 'server.iwantaserver.com'
    4. Set search domain to 'iwantaserver.com'
    5. Install server
    6. Turn on DNS service on server.iwantaserver.com
    7. Point forwarders to previous external DNS servers
    8. Delete the initial domain created by server install (server.iwantaserver.com) and create domain iwantaserver.com
    9. The DNS server on server.iwantaserver.com has to be (for your internal network/clients) authoritative for domain iwantaserver.com
    10. Check the DNS server, only if it is OK proceed
    11. Change DHCP from what it was before (Airport Express?) to the new server, put in entries for DNS server, gateway etc.
    12. Go to your external DNS provider and add/change entry for server.iwantaserver.com to IP address found in step 1

     

    As you can see there are a number of steps, this list is not complete... I don't know which steps you did or didn't do but I can tell you if DNS is messed up on the server then I would be starting from scratch... the whole OS, not just Server app re-install.

     

    I recommend you to buy this book — Apple Pro Training Series: OS X Server Essentials: Using and Supporting OS X Server on Mountain Lion — it has detailed instructions.

  • FromOZ Level 2 Level 2 (400 points)
    Currently Being Moderated
    Jan 2, 2013 12:49 PM (in response to Shai Shefer)

    'Authoritative' means that for clients on the network 192.168.1.0/24 (your local LAN) the DNS server on the OS X server machine says I am the authoritative / the final word, source for all DNS records and information for the domain 'iwantaserver.com'. Of course we know that on the Internet (unless you specific that your home office DNS server also serves DNS for your domain — which I wouldn't do) there is another DNS server machine which is official for your domain. The reason to do it this way (which yes is double work) is to control what clients in your LAN do.

     

    To make your server authoritative you simply say in the Server | Services | DNS section that for the zone iwantaserver.com the nameserver is server.iwantaserver.com and the machine record for server.iwantaserver.com is 192.168.1.2 (in the System Preferences | Network section you will see that the DNS server is 127.0.0.1 that's OK, that is the localhost IP. Again have to say that the book I mentioned has all this information in it in much more detail + screenshots, I strongly advise you to get a copy, the Kindle price is cheaper than the printed book.

     

    To check this on the server you can run the Network Utility program and in the 'Lookup' tab type in (again we are using the pseudo domain 'iwantaserver.com' your real one is obviously different, and assuming that server.iwantaserver.com IP is 192.168.1.2) 'iwantaserver.com'. You should see something like this if you have setup DNS correctly. Basically the OS X server has taken over serving DNS queries for the domain — they no longer go to the Internet.

     

     

    Lookup has started…

     

    Trying "iwantaserver.com"

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38381

    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

     

    ;; QUESTION SECTION:

    ;iwantaserver.com.                    IN          ANY

     

    ;; ANSWER SECTION:

    iwantaserver.com.          10800      IN          SOA        iwantaserver.com. admin.iwantaserver.com. 2012122801 3600 900 1209600 86400

    iwantaserver.com.          10800      IN          NS         server.iwantaserver.com.

    iwantaserver.com.          10800      IN          A          192.168.1.2

    iwantaserver.com.          10800      IN          MX         10 server.iwantaserver.com.

     

    ;; ADDITIONAL SECTION:

    server.iwantaserver.com. 10800        IN          A          192.168.1.2

     

    Received 145 bytes from 127.0.0.1#53 in 3 ms

     

     

    Then in Terminal you should issue this command:

     

    sudo changeip -checkhostname

     

    If it does not say something like this (using our examples still) then you have a problem.

     

    Primary address     = 192.168.1.2

     

    Current HostName    = server.iwantaserver.com

    DNS HostName        = server.iwantaserver.com

     

    The names match. There is nothing to change.

    dirserv:success = "success"

     

    I would make the OS X server to be the DHCP server for your network, you just configure server DHCP put in address range, router & DNS IP address of the server and the search domain and turn it on.

    Mac mini, OS X Server
  • FromOZ Level 2 Level 2 (400 points)
    Currently Being Moderated
    Jan 2, 2013 1:46 PM (in response to Shai Shefer)

    I would like to be able to type in iwantaserver.com on my server and have it go to the correct host rather than my internal machine. When I go to traceroute this comes up as an unknown host.

     

    The DNS name iwantaserver.com rather than some_server.iwantaserver.com is kind of a special DNS case. But irrespective of that when you say you want 'it' to go to correct host, 'correct' is subjective - what you mean I believe is you want to to go to an external IP address, not an internal (the OS X Server machine) address.

     

    There are a couple of ways you can do this the way you go depends on, again, what you want to be 'authoritative'. It sounds like to me that you don't want to have your internal server to be authoritative for your DNS records, or not all of them. The thing is now is that if you followed previous examples then your OS X server is now (for your internal clients) answering all queries for the domain 'iwantaserver.com' except one of the servers/services you want is on the Internet. Because that service/server is not defined in your local DNS your computers don't know where to find it.

     

    So you have two (three actually) choices:

     

    1. Don't use local DNS at all, only use external DNS which means external DNS (authoritative for your domain) will reply with IP addresses. Put list of external DNS servers into your internal DHCP setttings
    2. Use local DNS but don't make it authoritative for any domain, including the one you own. So no zone file in your internal OS X DNS server. Setup forwarding servers in your DNS server, local DNS server will cache queries and forward out ones it doesn't (already) know.
    3. Fudge it a bit - have local DNS server be 'authoritative' (internally) for your own domain and put in record for external resource and put in it's real Internet IP address. You have to be careful to change that IP address if the external Internet address changes.

     

    Depends on what you want to achieve.

     

    This will also fix funny things happening on client.

    Mac mini, OS X Server
  • FromOZ Level 2 Level 2 (400 points)
    Currently Being Moderated
    Jan 2, 2013 2:47 PM (in response to Shai Shefer)

    My major question still remaing how can users connect to my server using the host name rather than IP?

     

    From where? The Internet or your local LAN? And to what server and service?

     

    If you are talking AFP then that is an 'internal' i.e. LAN service for serving up files, that is file servers are usually inside the LAN network, not on the Internet.

     

    If you want to resolve a DNS name for an AFP file sharepoint (inside the LAN) then you need a DNS server (inside the LAN), that DNS server needs to have a DNS record for the server in question — whatever server it is.

     

    The web site you have is a completely different situation.

     

    It comes down to where are the clients? In the LAN or on the Internet?

    And where are the resources they are accessing? In the LAN or on the Internet?

     

    Wherever clients are they need a DNS server to tell them how to get to the resource — whether in the LAN or the Internet.

     

    So it's back to choice 3 above and add a machine DNS entry for the external (Internet) machine and your internal clients will find it. Chapter 3 in the book goes into full detail on setting this up.

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.