I am curious, i just read an article saying the OS X Server should only have the loopback ip, 127.0.0.1, in the computer's dns field (System Prefs > Network > Advanced > DNS)...my os x server 4 only has its ip address from my dhcp server as well as a secondary dns server provided by opendns....my router only has OS X Server's ip assigned by the dhcp...what should actually be in the DNS field of the server?
Please bare with me as i was told the DNS server should always have it own IP from a router listed as a dns server...but i have recently seen and been told otherwise...the following photo is from my sever's network setting via the server app...the ip address is a static ip from my router...my router (airport extreme) is set to only broadcast my server's IP only...
These are the settings on my Router.....
In my DNS section of the Server.app i have my forwarding servers set...
i have one more question, should my dns server be performing look ups for all clients, or only some clients?
Linc Davis wrote:
The server should have a static address on the local network, not a dynamically-assigned one.
There you have it. God has spoken. 😉
As I mentioned if your not running Open Directory then DNS use is optional. However you might want to consider if you would later want to use Open Directory. Getting your DNS settings correct now would make it easier to do later.
Apple's DNS server component is actually one of the better bits of Apple's software, it even fully support IPv6. (Not all Apple's Server services do.) It's only drawbacks are that -
Neither of these issues would affect the majority and to some extent one can get round them by manually editing the config files.
You can and for many people should use a fake DNS domain name internally, e.g. mydomain.private do not use something.local the top-level domain of .local is used by Bonjour. Be careful what (fake) domain name you pick so as to never run the risk of conflicting later with a real one.
Generally it is normal practice to configure servers with static i.e. manually configured IP address settings. You would then be able to define the DNS address as 127.0.0.1. However even when using DHCP on a server, one can override the DNS setting and manually enter 127.0.0.1.
If your server is the DNS server then yes it needs to point to itself as that. The easiest option is to use the loopback address but the actual IP address would work as well. Your DHCP server would need to advertise the actual IP address of your internal DNS server not the loopback address. This will ensure all your devices look to your own DNS server for information.
You do not need to have the opendns address defined either in DHCP or on any computers, server or otherwise. You would instead configure your DNS server to use opendns as a forwarding DNS server entry, this is configured in Server.app.
So clients look to your DNS server, and if your DNS server does not know the address it will 'forward' it to your defined forwarding DNS server e.g. opendns.
For a home setup a home router itself gets settings from the ISP via DHCP including DNS settings. The router would then pass the DNS setting on to devices on the home network via DHCP as a result a home user does not need to know or worry about the DNS settings. However as you need to use your server as the DNS server this approach is unsuitable.
You need to make sure your DHCP server is giving out the address of your own server.
Do you need your DNS internally? It is only absolutely needed if your running Open Directory.
Your pictures still show you configuring your server via DHCP - servers as I said should be manually configured. The greyed out entries are ones your Mac and AirPort have picked up via DHCP. What type of Internet connection do you have?
I Plan on using internal DNS to access certain computers outside of my house. In my dhcp server I have the server assigned via its MAC address. my internet connection is a dynamic ip that changes very rarely...once MAYBE twice a year...should the server still be manually configured so it doesn't get DNS settings from the router?
I Have OD running for network accounts and services. I will change my server to manual IP address. I am using a FQDN (mydomain.info) registered with dotster...I put an A record in my FQDN DNS to forward to my server. I plan on using vpn.mydomain.info for VPN, screen sharing for computers when I'm outside my network. Certain .mydomain.info for certain computers inside the network for direct access outside of my network. Am I going about this all wrong? My web server is hosted on dotster but I have seemed to mess that up...
If you are going to use mydomain.info both internally and externally then this is possible and is known as a 'split horizon' DNS setup. This requires the use of two DNS servers, one for use internally, and one for use externally.
As an example, a client device would be connected to the Internet and ask a DNS server what is the IP address for vpn.mydomain.info it would then use the answer to connect to your VPN server. What you then need to do is have your VPN server tell the VPN client to use your internal DNS server while connected, this is possible with most VPN servers including Apple's rather weak one. Then your VPN connected remote client will be able to ask your private internal DNS server what IP address to use to talk to internal devices like your Open Directory server and perhaps a file server.
Screen Sharing normally uses Bonjour which does not work across WAN or VPN links, or at least not without a lot of pain. If your LAN computers all use static IP addresses - perhaps assigned by a DHCP server then you could setup fqdn records for them which could then be used for Screen Sharing, e.g. comp1.mydomain.info. The way I handle this is to Screen Share to a server which of course has a static IP address and hence can have a fqdn. I then run Apple Remote Desktop Admin on that server which can scan for all the Macs even if they use dynamic addresses and then allow me to control them.
If you are going to have a server like www.mydomain.info or mail.domain.info which will need to be accessible both inside and outside then you need to remember to add this to both your private internal DNS server and whatever external DNS server you use. (I use networksolutions.com as the seller and host for my external DNS function.)
IIf I setup comp1.mydomain.info do I have to put A records in both external and internal DNS servers? also where do I put the searchable domain mydomain.info? who should my OS X Server be performing lookups for? All clients? or only some clients?
JeremyR3784 wrote:
IIf I setup comp1.mydomain.info do I have to put A records in both external and internal DNS servers? also where do I put the searchable domain mydomain.info? who should my OS X Server be performing lookups for? All clients? or only some clients?
You only need to add the comp1.mydomain.info records to your internal DNS server, no need to add to the external one. You do however have to make sure the VPN server tells the VPN clients to use your internal DNS server while connected as I mentioned.
Your internal DNS server needs to answer for all LAN clients, and all the VPN clients. With most recommended VPN setups the VPN clients will have addresses in a separate range to those of your LAN so just telling your DNS server to accept requests from LAN clients would not be sufficient. Start of with the simplest option of all clients regardless of address, ensure that is working and then only start thinking about tightening up security/restrictions like this.
JeremyR3784 wrote:
OOk, I will do that...one last question, does my external DNS need an A record for mydomain.info or just server.mydomain.info?
The usual use for creating an A record for mydomain.info is to get it to point to your web site i.e. www.mydomain.info if your not running a website it would not be needed. Externally the DNS server would typically define A records for your mail.mydomain.info your www.mydomain.info and in your case your vpn.mydomain.info
Yes, you would use the external A record to contact your VPN server e.g. vpn.mydomain.info and then you would use an internal A record to connect to a computer e.g. vnc://comp1.mydomain.info or vnc://comp2.mydomain.com etc.
TThe secondary DNS server on my router is filled in from my modem, but is not broadcasted...are my server settings correct in eyes? All of my client's DNS settings are pointed to my DNS server
The server should have a static address on the local network, not a dynamically-assigned one.
OOk, I will do that...one last question, does my external DNS need an A record for mydomain.info or just server.mydomain.info?
DNS Questions...
