Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Lastouille
Lastouille Author
User level: Level 1
12 points

Should I have external IP in the DNS page ?

Hello everyone,


I am new to Mac OS X Server, v5 on a Mac mini.

I am trying to set up an internet connected server, behind a router.

As I need to use Open directory, I am trying to configure correctly the DNS. I own a .com domain, and the dns resolving seems to be ok from outside (tested with whatsmydns or same kind of website).

From the inside, host command works well in with internal IP and domain name.


But there is still something that seems weird to me. I do have my external IP on the Internet accessibility box, but I still have my internal IP on the DNS page.

Shouldn't I see the external IP here ?

Mac mini, OS X Server, El Capitan

Posted on Oct 25, 2015 12:46 PM

Reply
Question marked as Best reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
118,209 points

Posted on Oct 25, 2015 2:30 PM

Your internal network will use internal addresses. If you don't do that, then your traffic will pass via your firewall.


I'd either use a subdomain of your registered domain, or use a second registered domain, for your internal DNS translations.


I'd not try to use the same domain name inside and out.


Mixing internal and external addresses and using the same domain name with authoritative servers within two pools of DNS servers — within your network, and the public DNS servers — is possible, but it also means you get to track any changes to the public DNS in your private DNS, and it means you'll need a firewall that can "reflect" traffic to your public IP address back into your network.


You're not likely going to have Open Directory accessible outside your network, as well.


Some DNS reading...


I may receive some form of compensation, financial or otherwise, from my recommendation or link.


<Edited by Host>

View in context
20 replies
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Oct 26, 2015 10:32 AM in response to Lastouille

Lastouille wrote:


But, even logged in to the network account on my MBA, I can't add an OS X server account, and still get the invalid credentials...


If you can login to the MacBook Air as a network user, and you can login to the file server as a network user what are you referring to as an OS X server account?


Are you meaning Mail, Calendar, Contacts? Something else?


All the above only accept short names e.g. jsmith not full names e.g. "John Smith" whereas the login to the Mac and the login to AFP would accept the full name.


Also, it is possible in Server.app to limit which services are accessible. This even presumes you have actually setup those additional services.

Reply
User profile for user: Lastouille
Lastouille Author
User level: Level 1
12 points

Oct 26, 2015 10:54 AM in response to John Lockwood

By the "OS X Server" account, I meant the option that you have in OS X and iOS in the system pref in OS X or Mails, contacts, calendar in iOS. I would like to use this because then I can add to a device, OS X or iOS, all the services thats are activated on the server and I just need to enter one account for all of them, instead of entering a CardDAV account, a CalDAV account, mail account etc... And it allows me to use a shared account user for sharing all these informations on multiple devices quite easily.


Here is a screenshot (in french) :

User uploaded file


I found that there was some kind of bug with the update from Server v4 to v5. Here for example :

Webdav Sharing doesn't work after Server 5 update


But the fix is seems to be restoring a file from Server 4.1, and I didn't have 4.1, I am new to OS X Server and I start with the v5.


But, what I said earlier in this thread, is that if I change the hostname of the server from subdomain.domain.com (which has an A record in my DNS provider pointing to my public router IP) to, for example, server.subdomain.domain.com, and reconfigure the DNS (with the primary zone being subdomain.domain.com and an internal A record for server.subdomain.domain.com) and the OD (server.subdomain.domain.com), then the "Add an OS X Server" works like a charm on both OS X and iOS, and I can enable or disable for each device, locally or remotely connected, any service that is activated on the server...


I can't understand why it works in the second case and doesn't work in the first one.

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Oct 26, 2015 12:20 PM in response to Lastouille

I don't have that option available - probably because my Mail, Contacts, Calendar server is separate in the form of Kerio Connect.


I would say that server.domain.com or server.subdomain.domain.com are the proper formats for the fully qualified domain name of a server. As you say that format does indeed work I would say that proves the point.


For a website it is possible to define a special record in DNS so that http://subdomain.domain.com will work alongside http://www.subdomain.domain.com for everything else use the server.subdomain.domain.com format.

Reply

Should I have external IP in the DNS page ?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up