User profile for user: mhadjar
mhadjar Author
User level: Level 2
191 points

Secondary DNS Server (DNS IPs)

On the secondary Mac Mini, I used to have the following DNS entries in System Preferences -> Networking


127.0.0.1

IP of Primary DNS server


Unfortunately, OD wouldn't replicate because I couldn't do a reverse lookup. So I changed the settings to


IP of Primary DNS server


and it worked. However, if the primary DNS server goes down, the server itself can't perform lookups anymore. Should I use 127.0.0.1 as the second IP or use the actual server's IP address as the secondary DNS IP?


In short, what's the correct DNS server settings for a secondary DNS server?

Posted on Jul 19, 2015 12:34 PM

Reply
8 replies
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Jul 20, 2015 5:39 AM in response to mhadjar

You need to setup secondary DNS zones for both the forward and reverse zones. So if for example you LAN range is 192.168.1.x and your domain name is example.com then you would setup secondary DNS zones for -


1.168.192.in-addr.arpa

example.com


This works for me. I tested it by doing


nslookup 192.168.1.10 127.0.0.1


which tells nslookup to use the DNS server at 127.0.0.1 i.e. the loopback address to do a reverse lookup of 192.168.1.10 and show the host name.

Reply
User profile for user: mhadjar
mhadjar Author
User level: Level 2
191 points

Jul 20, 2015 7:50 AM in response to John Lockwood

I don't think that really answered my question.


I have a secondary zone setup on the second Mac Mini. I also have the hostname of that Mac Mini in the primary zone record.


My question is, in System Preferences -> Networking, what should the DNS servers be listed as. Right now I only have the DNS of the primary Mac Mini's IP. I was told to leave it like that when on the phone with AppleCare support. However, if the primary Mac goes down, the second Mac can't resolve DNS. So should I use 127.0.0.1 as the second IP listed for the DNS entry or the IP of the server itself?


When I had 127.0.0.1 as the first entry, I couldn't get OD to replicate.



@Peter - Then I wouldn't have my DNS replicated on any future changes without having to make double entries.

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Jul 20, 2015 9:12 AM in response to mhadjar

It is a common mistake to only setup a secondary DNS zone for the forward zone e.g. domain.com that is why I mentioned this, for the reverse DNS lookups to continue working with the primary DNS down you need the reverse zone to also be added as a secondary zone on the secondary DNS server. I have just had a look at my working OD replica and secondary DNS server and in System Preferences -> Network I have added both DNS servers e.g. 192.168.1.10, 192.168.1.11 it successfully became a replica.

Reply
User profile for user: mhadjar
mhadjar Author
User level: Level 2
191 points

Jul 20, 2015 9:21 AM in response to John Lockwood

I was unaware of that. Thanks for the advice!


My network actually spans across the 10.0.0.0/8 so I would create a secondary zone for my domain and enter the primary DNS server's IP and then create a reverse zone called 0.0.10.in-addr.arpa ? Or do I have to also create it for 0.100.10.in-addr.arpa and so forth for 10.0.100.0/24 and 10.0.110.0/24 etc.. Basically an reverse DNS listed in primary DNS, just copy it to the secondary zones..

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Jul 20, 2015 9:32 AM in response to mhadjar

Your primary DNS server if it is a Mac running Server.app will create the reverse DNS zone automatically so just copy that name when you create the secondary reverse zone on your secondary DNS server.


Note: Your secondary DNS server will not automatically create secondary reverse zones.


It is perfectly fine to have multiple forward and reverse zones, I have four reverse zones. (Often called PTR zones.)

Reply
User profile for user: mhadjar
mhadjar Author
User level: Level 2
191 points

Jul 22, 2015 3:21 PM in response to John Lockwood

So the second DNS server has all the forward/reverse entries, and I brought down the primary server. After trying


host hostname.domain.com

and

host IP_ADDR


only the first command gave me a result from a client device, the latter gave me can't be reached. The client has the IP of both DNS servers in Sys Prefs -> Networking


What am I missing?


Edit: Figured it out. You need to enable zone transfers for each reverse entry too.

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Jul 23, 2015 5:28 AM in response to mhadjar

I am not sure what your testing is from your description but I just remember something that may help.


On your primary DNS server you need to double-click on the domain zone e.g. example.com and make sure zone transfers are allowed, I suspect on this zone they already have been enabled. However you also need to do the same thing on each reverse zone as well e.g. the 1.168.192.in-addr.arpa zone. This also needs to be enabled for zone transfers.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Secondary DNS Server (DNS IPs)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up