hemmes
Level 1 (4 points)
Servers Enterprise

Q: How do I create a TXT record?

I'm trying to figure out how to create a TXT record on OS X Server 4's DNS server.  Specifically for the Caching service's multiple public IP address requirements.  I'm, of course, using OS X Server's DNS implementation, but see no definitive method for creating TXT records.  I see there is a Text field for most record types, but usage is confusing at best.  Why would Apple choose not to implement TXT records, when this is a requirement of functionality for other supported services?  Not to mention, a good DNS implementation needs to have TXT record support.  Achieving this is trivial on Linux/Unix or Windows, but I can't even find reference to the BIND configuration file for Server 4, and it is no longer in the /var/named/ directory.

 

Also, if anyone can point me to any documentation covering these services in detail, that would also be appreciated.

 

 

 

 

 

  -- Mike

Mac mini, OS X Server, Yosemite, OS X Server 4.0

Posted on Jan 3, 2015 11:54 AM

by hemmes,Solvedanswer
hemmes hemmes
Level 1 (4 points)
Servers Enterprise
A:

Thanks for the reply,


I actually found the "named" directory just before reading this, and was able to edit the respective zone file, like a standard BIND configuration file.  I understand that Server.app will create a TXT record using the inheritance of the A record label, when using the Text field of the new A record dialog box.  However, this will not suffice if you need to create a TXT record starting with an underscore (_), as is required by Apple's own Caching service, when using different public IPs for clients.  Go ahead and try to make a TXT record entry for "_aaplcache._tcp", with the Server.app GUI and let me know how it goes...I'll answer that for you; "Not well, Mike."  This could likely function correctly if Apple implemented RFC 2181, in Server.app's GUI.  This expands the character set allowed for DNS names, stating that any binary string may be utilized for DNS labels.  Luckily, Apple implements BIND correctly, and serves the TXT entry when queried.  It also appears to leave the zone file intact when modifying other entries with the GUI.  The Server.app GUI does not parse the manually created TXT record however, and thus must be modified and maintained by hand.



  -- Mike

Posted on Jan 3, 2015 7:07 PM

Close
hemmes

Q: How do I create a TXT record?

  • All replies
  • Helpful answers

Previous Page 2

  • by John Lockwood,

    John Lockwood John Lockwood Nov 13, 2015 9:55 AM in response to simon@ifoam
    Level 6 (9,165 points)
    Servers Enterprise
    Nov 13, 2015 9:55 AM in response to simon@ifoam

    The domain db file needs to be the one that matches the domain name you use internally for your servers. From what you listed you will also need to set it as the default search domain for all your client Macs and if applicable iOS devices and this would be done via your DHCP server.

     

    So if the domain name you are using is - mydomain.com and you have a server like myserver.mydomain.com which is running the Caching server then the db file would be called db.mydomain.com and the search domain you need to set would be mydomain.com

     

    As servers typically have their TCP/IP settings done manually and not via DHCP you should also manually add mydomain.com as its own search domain.

     

    It is possible to define multiple search domains but I would have this one as the first one in the list.

  • by hemmes,

    hemmes hemmes Nov 13, 2015 10:03 AM in response to simon@ifoam
    Level 1 (4 points)
    Servers Enterprise
    Nov 13, 2015 10:03 AM in response to simon@ifoam

    The DNS TXT record needs to be added to the zone that:

    • Is authoritative for the domain
    • Matches the default search domain for network clients


    This is only for clients that are using their own public IP addresses, no NAT.

  • by hemmes,

    hemmes hemmes Nov 13, 2015 10:13 AM in response to simon@ifoam
    Level 1 (4 points)
    Servers Enterprise
    Nov 13, 2015 10:13 AM in response to simon@ifoam

    Hey, also: I happen to have a split DNS (my private domain is the same as my public domain).  So I did go ahead and add the TXT record to my public facing DNS, hosted with GoDaddy.  I figured maybe Apple looks at a split DNS setup differently during caching server registration.

  • by simon@ifoam,

    simon@ifoam simon@ifoam Nov 13, 2015 10:32 AM in response to John Lockwood
    Level 1 (9 points)
    Nov 13, 2015 10:32 AM in response to John Lockwood

    Thank you both for great support!

     

    Our topology is quite simple:

     

    2 physical lines with different public IP addresses

    Draytek Gateway does load balancing between two lines and NAT for only one internal network 10.10.1.0

    Only one OS X Server which has Caching, DNS and others.

    A handful of clients.

     

    All machines are in the .local domain

    There's one zone that corresponds to the servers public hostname (mail.public.domain) which seems to purely serve the purpose to let local clients fetch mail locally.

     

    Can I configure the .local domain in the same way? there's no db file for it.

  • by hemmes,

    hemmes hemmes Nov 13, 2015 10:55 AM in response to simon@ifoam
    Level 1 (4 points)
    Servers Enterprise
    Nov 13, 2015 10:55 AM in response to simon@ifoam

    So when you goto the /Library/Server/named directory at the command prompt, you don't see your db.xxxx.local file?  If you can see your xxxx.local domain in the Server Admin->DNS interface, then there has to be a corresponding db.xxxx.local file in /Library/Server/named.

     

    Are you also using the DHCP service?  If so, have you defined your Name Server (DNS Server) IP address?  (you can also specify a search domain, but that has no bearing on the caching server)

     

    Also, since you are doing load balancing, your clients may appear to come from either of your static IPs at anytime.  So make sure you have both IPs entered into the network list, as seen in my previous screenshot.

  • by hemmes,

    hemmes hemmes Nov 13, 2015 11:04 AM in response to hemmes
    Level 1 (4 points)
    Servers Enterprise
    Nov 13, 2015 11:04 AM in response to hemmes

    Actually, I would put the search domain in there, just in case.

  • by simon@ifoam,

    simon@ifoam simon@ifoam Nov 13, 2015 1:28 PM in response to hemmes
    Level 1 (9 points)
    Nov 13, 2015 1:28 PM in response to hemmes

    Okay, thx a million. I think I have it

     

    Let me summarize what I did...

     

    • Added the external IP Addresses to the Caching Service  according to Fraser Hess' article / hemmes' post
    • I created a mydomain.local primary zone using Server.app
    • Added A-Record (Machine Record) server.mydomain.local using Server.app pointing to the server's own IP address
    • Added NS-Record (Nameserver Record) pointing to server.mydomain.local using Server app
    • Edited /Library/Server/named/db.mydomain.local to add TXT line from Caching Service --> Edit Permission --> Client Configuration (BIND)
    • Restarted DNS Service (GUI or sudo serveradmin dns stop/start)
    • Added search domain mydomain.local to Network --> DNS settings of server (not sure if really needed)
    • Added search domain mydomain.local to Network --> DNS settings of client computer
    • Checked with dig txt _aaplcache._tcp.mydomain.local on client if the TXT record is actually found.
    • Tried a few more updates/items from AppStore and found out the two I tested before were actually NOT in the cache (I was so sure they must be in), but others came immediately from the cache.

     

    Some tips:

    Use dig txt _aaplcache._tcp.mydomain.local or host -t txt _aaplcache._tcp.mydomain.local to find out if TXT record is actually found by the client.

    nslookup helped me because it gave me "SERVFAIL reply from X.X.X.X trying next server" replies when I had ****** up the zone db file. Responses from dig were less useful in that case.

    Don't forget to always restart DNS Service A few times I accidentally restarted Caching instead of DNS

    Don't be too convinced some item you use for testing is actually in the cache. Try a few more.

     

    Cheers to hemmes and John Lockwood

  • by hemmes,

    hemmes hemmes Nov 13, 2015 1:57 PM in response to simon@ifoam
    Level 1 (4 points)
    Servers Enterprise
    Nov 13, 2015 1:57 PM in response to simon@ifoam

    Awesome, that's what I like to hear!

     

    All those things you did are absolutely recommended.  But, technically, only some are required to actually get Caching services working.  For review, and notes for you and others:

     

    • Added the external IP Addresses to the Caching Service  according to Fraser Hess' article / hemmes' post - This is a must
    • I created a mydomain.local primary zone using Server.app - This is a must
    • Added A-Record (Machine Record) server.mydomain.local using Server.app pointing to the server's own IP address - Highly recommended, but not actually required for caching services to work
    • Added NS-Record (Nameserver Record) pointing to server.mydomain.local using Server app - Highly recommended, but not actually required for caching services to work
    • Edited /Library/Server/named/db.mydomain.local to add TXT line from Caching Service --> Edit Permission --> Client Configuration (BIND) - This is a must
    • Restarted DNS Service (GUI or sudo serveradmin dos stop/start) - This is a must
    • Added search domain mydomain.local to Network --> DNS settings of server (not sure if really needed) - Must be manually done on server
    • Added search domain mydomain.local to Network --> DNS settings of client computer - This can be done through DHCP settings
    • Checked with dig txt _aaplcache._tcp.mydomain.local on client if the TXT record is actually found. - Good move, always want to make sure the queries respond correctly

     

    Definitely do all of that.  I just wanted to make the distinction between what the caching service actually requires.  If you simply created the .local zone, with no records in Server Manager, you'd see the db.xxxx.local file is there with just an SOA record.  You could then add just the TXT record and have success.  But adding those appropriate server records will make problems go away, you never knew you had.

  • by simon@ifoam,

    simon@ifoam simon@ifoam Nov 13, 2015 2:32 PM in response to hemmes
    Level 1 (9 points)
    Nov 13, 2015 2:32 PM in response to hemmes

    Thanks you for clarifying

     

    I think what made it so troublesome for me was

    - my strong belief the items I am downloading MUST be in the cache. I was just wrong

    - mydomain.local wasn't set up in dns server, clients had no search domain

  • by simon@ifoam,Helpful

    simon@ifoam simon@ifoam Nov 17, 2015 2:15 AM in response to simon@ifoam
    Level 1 (9 points)
    Nov 17, 2015 2:15 AM in response to simon@ifoam

    One more thing to add:

     

    if you have the feeling that the Caching Service doesn't work or doesn't do what it should, you can monitor all activity in detail (registration, ranges, client activity) here:

     

    tail -f /Library/Server/Caching/Logs/Debug.log


    For me that log was written out of the box, but you might need to increase LogLevel according to

    https://help.apple.com/serverapp/mac/5.0/index.html?localePath=en.lproj#/apd5E1A D52E-012B-4A41-8F21-8E9EDA56583A

    in order for it to work.

  • by Paul_GPR,

    Paul_GPR Paul_GPR Sep 4, 2016 4:22 AM in response to simon@ifoam
    Level 1 (4 points)
    Sep 4, 2016 4:22 AM in response to simon@ifoam

    Hi

     

    It sounds like i have a similar network setup to you.  Load balancing router with 3 WANs (from different ISPs) so OS Server can have 3 different external IP addresses.

     

    I'm really struggling to get the caching server to work on any of our macs or iOS devices.   I've followed all the steps you've detailed but no joy yet.

     

    Did you manage to get yours working with the load balancing router?

     

    Thanks for any help whatsoever.

  • by simon@ifoam,

    simon@ifoam simon@ifoam Sep 5, 2016 1:06 AM in response to Paul_GPR
    Level 1 (9 points)
    Sep 5, 2016 1:06 AM in response to Paul_GPR

    Hi,

     

    yes the steps described earlier helped to make it work with the load balancing router. Are you able to monitor any activity in the Debug.log on the server?

    tail -f /Library/Server/Caching/Logs/Debug.log


    What response do you get when queriying the TXT record with dig?

     

    dig txt _aaplcache._tcp.mydomain.local


    --> replace mydomain.local with your search domain


    response should looks similar to this

    ; <<>> DiG 9.8.3-P1 <<>> txt _aaplcache._tcp.mydomain.local

    ;; global options: +cmd

    ;; Got answer:

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19717

    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

     

    ;; QUESTION SECTION:

    ;_aaplcache._tcp.mydomain.local. IN TXT

     

    ;; ANSWER SECTION:

    _aaplcache._tcp.mydomain.local. 259200 IN TXT "prs=X.X.X.X,Y.Y.Y.Y,Z.Z.Z.Z"

     

    ;; AUTHORITY SECTION:

    mydomain.local. 10800 IN NS server.mydomain.local.

     

    ;; ADDITIONAL SECTION:

    server.mydomain.local. 10800 IN A 10.10.1.10

     

    ;; Query time: 2 msec

    ;; SERVER: 10.10.1.10#53(10.10.1.10)

    ;; WHEN: Mon Sep  5 09:58:21 2016

    ;; MSG SIZE  rcvd: 138

     

    X.X.X.X,Y.Y.Y.Y,Z.Z.Z.Z should show your 3 WAN IP addresses

  • by Paul_GPR,

    Paul_GPR Paul_GPR Sep 5, 2016 6:53 AM in response to simon@ifoam
    Level 1 (4 points)
    Sep 5, 2016 6:53 AM in response to simon@ifoam

    Hi Simon,

     

    Within terminal I entered the command "dig txt _aaplcache._tcp.MYHOSTNAMEHERE.local" and got the following response, doesnt seem tje same as yours:

     

    -----------------------------------

    ; <<>> DiG 9.8.3-P1 <<>> txt _aaplcache._tcp.MYHOSTNAMEHERE.local

    ;; global options: +cmd

    ;; Got answer:

    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41404

    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

     

    ;; QUESTION SECTION:

    ;_aaplcache._tcp.MYHOSTNAMEHERE.local.    IN TXT

     

    ;; AUTHORITY SECTION:

    .            1798    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2016090500 1800 900 604800 86400

     

    ;; Query time: 70 msec

    ;; SERVER: 8.8.8.8#53(8.8.8.8)

    ;; WHEN: Mon Sep  5 14:00:23 2016

    ;; MSG SIZE  rcvd: 131

    -----------------------------------

     

    Within the Settings...Network....Ethernet (&wifi) DNS tab, Search Domain box i entered MYHOSTNAMEHERE.local on the mac server and on a macbook pro.

     

     

    These are my Caching settings...

    Screen Shot 2016-09-05 at 14.32.03.png

     

    I pasted the TXT record from client config into the file db.MYHOSTNAMEHERE.local within the folder Server/named.

     

    Server DNS is turned on as per your instructions.  With:-

     

    MYHOSTNAMEHERE.local Primary Zone

         MYHOSTNAMEHERE.local - A record

         MYHOSTNAMEHERE.local - NS Record

     

    there is also a Reverse Zone on there which i didnt create.

        server's ip - PTR Record

          MYHOSTNAMEHERE.local - NS Record

     

     

    On the Server I dont have DHCP turned on, no idea if i need this on or off?

     

    I noticed when i do a download test via the App store (from MBP) i get the following on the server system log at pretty much the same time as when the download starts:-

     

    Sep  5 14:42:22 MYHOSTNAMEHERE networkd[191]: -[NETPowerManager powerPolicyForTimeslot:workload:] failed to find policy for workload 7260161462 timeslot 1 / 5

    Sep  5 14:42:30 MYHOSTNAMEHERE apsd[89]: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains

    Sep  5 14:42:30 MYHOSTNAMEHERE syncdefaultsd[2930]: accountsd has been removed from syncing apps.

    Sep  5 14:42:40 MYHOSTNAMEHERE servermgr_alerts[890]: validating connection from 501 : 100007

    Sep  5 14:42:41 MYHOSTNAMEHERE apsd[89]: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains

    Sep  5 14:43:12 --- last message repeated 11 times ---

    Sep  5 14:43:12 MYHOSTNAMEHERE apsd[89]: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains

     

    I really hope you can help and get this working once and for all.  Appreciate it.

     

    Thanks

  • by simon@ifoam,

    simon@ifoam simon@ifoam Sep 5, 2016 7:59 AM in response to Paul_GPR
    Level 1 (9 points)
    Sep 5, 2016 7:59 AM in response to Paul_GPR

    The DNS server answering here is Google (8.8.8.8) and not your local DNS server. You should configure your clients to use internal DNS first and then others as secondary, tertiary. Please try to change this first and see if you get different results in dig.

  • by Paul_GPR,

    Paul_GPR Paul_GPR Sep 5, 2016 9:24 AM in response to simon@ifoam
    Level 1 (4 points)
    Sep 5, 2016 9:24 AM in response to simon@ifoam

    FANTASTIC!

     

    That worked - i updated the DNS on my load balancing router to use the mac server's ip address first, thanks so much to everyone thats taken their time to document this process here.

     

    One final question is there any need to use the Software Update service on the Server if the Caching service handles iOS, Mac OS updates, app updates etc?  I'm not sure what value the Software Update service adds?

     

    Thanks again

Previous Page 2