User profile for user: Alan Brooks1
Alan Brooks1 Author
User level: Level 1
101 points

NAT, DNS and changeip

I have an X-serve that will be used soon as a mail server. It is set as standalone. The server uses one ethernet nic and it is assigned a private IP address behind a NAT router. The router is set to forward a public IP to the server and this public IP is the one in the public MX records for the domain. In the Network control panel of the server, the ISP's DNS servers are entered so it looks to the ISP for lookups.

I have Mail, Firewall and DNS services turned on on this mail server and DNS is set right now to refer all LAN computers to internal IPs for the services that are internal (like an FTP server and a web server.) I have one zone set up for the domain in which the email server will operate. In the machines tab, the first machine is the server itself with it's private IP address of 192.168.1.123 named dns0 and an alias called mail. In this machine setting, I have "This machine is a mail server for the zone" checked. Then, the next 3 machines are other servers running inside the LAN...

I saw in the server log:

emailserver servermgrd: servermgr_dns: no name available via DNS for 192.168.1.123

so I ran changeip like this:

changeip /LDAPv3/127.0.0.1 192.168.1.123 192.168.1.123 current-hostname mail.mydomain.com

According to serversetup -gethostname, the host name is what I changed it to but I still see things that don't look good in the system log. This is everything in the log past running changeip:

Dec 21 12:15:50 emailserver configd[53]: setting hostname to "mail.[EDITED].com"
Dec 21 12:16:08 emailserver master[9210]: process started
Dec 21 12:16:08 emailserver ctl_cyrusdb[9211]: verifying cyrus databases
Dec 21 12:16:08 emailserver ctl_cyrusdb[9211]: skiplist: recovered /var/imap/mailboxes.db (14 records, 2400 bytes) in 0 seconds
Dec 21 12:16:08 emailserver ctl_cyrusdb[9211]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds
Dec 21 12:16:08 emailserver ctl_cyrusdb[9211]: done verifying cyrus databases
Dec 21 12:16:09 emailserver master[9210]: ready for work
Dec 21 12:16:09 emailserver ctl_cyrusdb[9217]: checkpointing cyrus databases
Dec 21 12:16:09 emailserver ctl_cyrusdb[9217]: done checkpointing cyrus databases
Dec 21 12:25:43 emailserver shutdown: reboot by root:
Dec 21 12:25:44 emailserver SystemStarter[9290]: authentication service (9318) did not complete successfully
Dec 21 12:25:44 emailserver SystemStarter[9290]: IP Failover (9326) did not complete successfully
Dec 21 12:25:45 emailserver SystemStarter[9290]: The following StartupItems failed to properly start:
Dec 21 12:25:45 emailserver SystemStarter[9290]: /System/Library/StartupItems/AuthServer
Dec 21 12:25:45 emailserver SystemStarter[9290]: - execution of Startup script failed
Dec 21 12:25:45 emailserver SystemStarter[9290]: /System/Library/StartupItems/IPFailover
Dec 21 12:25:45 emailserver SystemStarter[9290]: - execution of Startup script failed
Dec 21 12:26:15 localhost kernel[0]: hi mem tramps at 0xffe00000
Dec 21 12:26:15 localhost kernel[0]: PAE enabled
Dec 21 12:26:15 localhost kernel[0]: 64 bit mode enabled
Dec 21 12:26:15 localhost kernel[0]: standard timeslicing quantum is 10000 us
Dec 21 12:26:15 localhost kernel[0]: vm pagebootstrap: 254298 free pages
Dec 21 12:26:15 localhost kernel[0]: mig table_maxdispl = 71
Dec 21 12:26:15 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Dec 21 12:26:15 localhost kernel[0]: 78 prelinked modules
Dec 21 12:26:15 localhost kernel[0]: ACPI CA 20060421
Dec 21 12:26:15 localhost kernel[0]: AppleIntelCPUPowerManagement: ready
Dec 21 12:26:15 localhost kernel[0]: AppleACPICPU: ProcessorApicId=0 LocalApicId=0 Enabled
Dec 21 12:26:15 localhost kernel[0]: AppleACPICPU: ProcessorApicId=1 LocalApicId=1 Enabled
Dec 21 12:26:15 localhost kernel[0]: AppleACPICPU: ProcessorApicId=2 LocalApicId=7 Enabled
Dec 21 12:26:15 localhost kernel[0]: AppleACPICPU: ProcessorApicId=3 LocalApicId=6 Enabled
Dec 21 12:26:15 localhost kernel[0]: AppleACPICPU: ProcessorApicId=4 LocalApicId=0 Disabled
Dec 21 12:26:15 localhost kernel[0]: AppleACPICPU: ProcessorApicId=5 LocalApicId=0 Disabled
Dec 21 12:26:15 localhost kernel[0]: AppleACPICPU: ProcessorApicId=6 LocalApicId=0 Disabled
Dec 21 12:26:15 localhost kernel[0]: AppleACPICPU: ProcessorApicId=7 LocalApicId=0 Disabled
Dec 21 12:26:15 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Dec 21 12:26:15 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Dec 21 12:26:15 localhost kernel[0]: using 5242 buffer headers and 4096 cluster IO buffer headers
Dec 21 12:26:15 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Dec 21 12:26:15 localhost kernel[0]: Started CPU 01
Dec 21 12:26:15 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Dec 21 12:26:15 localhost kernel[0]: Started CPU 02
Dec 21 12:26:15 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Dec 21 12:26:15 localhost kernel[0]: IOAPIC: Version 0x20 Vectors 64:87
Dec 21 12:26:15 localhost kernel[0]: Started CPU 03
Dec 21 12:26:15 localhost kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
Dec 21 12:26:15 localhost kernel[0]: Security auditing service present
Dec 21 12:26:15 localhost kernel[0]: BSM auditing present
Dec 21 12:26:15 localhost kernel[0]: disabled
Dec 21 12:26:15 localhost kernel[0]: rooting via boot-uuid from /chosen: 1AE0D246-724E-46C3-8794-2E7410D2717F
Dec 21 12:26:15 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
Dec 21 12:26:15 localhost kernel[0]: USB caused wake event (EHCI)
Dec 21 12:26:15 localhost kernel[0]: FireWire (OHCI) TI ID 8025 built-in now active, GUID 0016cbfffe7017c6; max speed s800.
Dec 21 12:26:15 localhost kernel[0]: FusionMPT: Notification = 10 (Event Change) for SCSI Domain = 0
Dec 21 12:26:15 localhost kernel[0]: FusionMPT: Notification = 22 (SAS Discovery) for SCSI Domain = 0
Dec 21 12:26:15 localhost kernel[0]: Discovery condition = 0x000f0001
Dec 21 12:26:15 localhost kernel[0]: FusionMPT: Notification = 18 (SAS Phy Link Status) for SCSI Domain = 0
Dec 21 12:26:15 localhost kernel[0]: SAS Phy Link Status: PhyNum = 0, old link rate = 0, new link rate = 8, SASAddress = 5008000700003a94
Dec 21 12:26:15 localhost kernel[0]: FusionMPT: Notification = 15 (SAS Device Status Change) for SCSI Domain = 0
Dec 21 12:26:15 localhost kernel[0]: FusionSAS: SASAddress = 95552027D786D4F added. Mapped to targetID = 3, bus = 0 on SCSI Domain = 0.
Dec 21 12:26:15 localhost kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/RP01@1C/IOPCI2PCIBridge/ P8PC@0/IOPCI2PCIBridge/SAS@2/AppleLSIFusionSAS/SAS Target 095552027D786D4F@3/IOSCSITargetDevice/IOSCSILogicalUnitNub@0/IOSCSIPeripheralDe viceType00/IOBlockStorageServices/IOBlockStorageDriver/ST3808110AS PN Media/IOGUIDPartitionScheme/Apple HFS_Untitled1@2
Dec 21 12:26:16 localhost kernel[0]: BSD root: disk0s2, major 14, minor 2
Dec 21 12:26:16 localhost kernel[0]: hfs mount: enabling extended security on Macintosh HD
Dec 21 12:26:16 localhost kernel[0]: Jettisoning kernel linker.
Dec 21 12:26:16 localhost kernel[0]: Resetting IOCatalogue.
Dec 21 12:26:16 localhost kernel[0]: Matching service count = 0
Dec 21 12:26:16 localhost kernel[0]: Matching service count = 0
Dec 21 12:26:16 localhost kernel[0]: Matching service count = 0
Dec 21 12:26:16 localhost kernel[0]: Matching service count = 0
Dec 21 12:26:16 localhost kernel[0]: Matching service count = 0
Dec 21 12:26:16 localhost kernel[0]: Matching service count = 0
Dec 21 12:26:16 localhost kernel[0]: FusionMPT: Notification = 22 (SAS Discovery) for SCSI Domain = 0
Dec 21 12:26:16 localhost kernel[0]: Discovery condition = 0x00000000
Dec 21 12:26:16 localhost kernel[0]: Apple16X50ACPI1: Identified Serial Port on ACPI Device=UAR1
Dec 21 12:26:16 localhost kernel[0]: Apple16X50ACPI::start FOUND DB9 Property for AAPL,connector
Dec 21 12:26:16 localhost kernel[0]: Apple16X50UARTSync: Detected 16550AF/C/CF FIFO=16 MaxBaud=115200
Dec 21 12:26:16 localhost kernel[0]: Previous Shutdown Cause: 3
Dec 21 12:26:15 localhost mDNSResponder-108.2 (Aug 20 2006 04: 04:10)[42]: starting
Dec 21 12:26:15 localhost memberd[56]: memberd starting up
Dec 21 12:26:15 localhost named[51]: starting BIND 9.3.2 -f
Dec 21 12:26:15 localhost master[48]: process started
Dec 21 12:26:16 localhost DirectoryService[64]: Launched version 2.1 (v353.5)
Dec 21 12:26:16 localhost lookupd[57]: lookupd (version 369.6) starting - Thu Dec 21 12:26:16 2006
Dec 21 12:26:16 localhost named[51]: command channel listening on 127.0.0.1#54
Dec 21 12:26:16 localhost watchdogtimerd: Automatic reboot timer enabled.\n
Dec 21 12:26:16 localhost ctl_cyrusdb[65]: verifying cyrus databases
Dec 21 12:26:16 localhost ctl_cyrusdb[65]: skiplist: recovered /var/imap/mailboxes.db (14 records, 2400 bytes) in 0 seconds
Dec 21 12:26:16 localhost ctl_cyrusdb[65]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds
Dec 21 12:26:16 localhost diskarbitrationd[55]: disk0s2 hfs AE97DCA1-F1E0-3ED2-AB31-6D324C511D4F Macintosh HD /
Dec 21 12:26:17 localhost kernel[0]: AppleIntel8254XEthernet: Ethernet address 00:17:f2:92:ea:58
Dec 21 12:26:17 localhost kernel[0]: AppleIntel8254XEthernet: Ethernet address 00:17:f2:92:ea:59
Dec 21 12:26:17 localhost configd[53]: No AirPort Driver found.
Dec 21 12:26:17 localhost lookupd[81]: lookupd (version 369.6) starting - Thu Dec 21 12:26:17 2006
Dec 21 12:26:18 localhost ctl_cyrusdb[65]: done verifying cyrus databases
Dec 21 12:26:18 localhost /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Dec 21 12:26:18 localhost loginwindow[85]: Login Window Started Security Agent
Dec 21 12:26:18 localhost master[48]: ready for work
Dec 21 12:26:18 localhost ctl_cyrusdb[95]: checkpointing cyrus databases
Dec 21 12:26:18 localhost ctl_cyrusdb[95]: done checkpointing cyrus databases
Dec 21 12:26:19 mail kernel[0]: Intel8254x -- Link Up -- 00:17:f2:92:ea:58 -- called by interruptOccurred() --
Dec 21 12:26:19 mail kernel[0]: -- Auto-Neg Advertise Reg (04d) = 0xde1, Link Partner Ability Reg (05d) = 0x40a1, Gig Advertise Reg (09d) = 0xe00, Gig Link Partner Ability Reg (10d) = 0x4000
Dec 21 12:26:19 mail configd[53]: setting hostname to "mail.[EDITED].com"
Dec 21 12:26:20 mail mDNSResponder: Adding browse domain local.
Dec 21 12:26:20 mail configd[53]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-net work
Dec 21 12:26:20 mail configd[53]: posting notification com.apple.system.config.network_change
Dec 21 12:26:20 mail lookupd[101]: lookupd (version 369.6) starting - Thu Dec 21 12:26:20 2006
Dec 21 12:26:21 mail ntpdate[129]: the NTP socket is in use, exiting
Dec 21 12:26:21 mail ntpd[222]: bind() fd 5, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use
Dec 21 12:26:21 mail ntpd[222]: bind() fd 5, family 30, port 123, addr ::, in6 is_addrmulticast=0 flags=0 fails: Address already in use
Dec 21 12:26:21 mail ntpd[222]: bind() fd 5, family 30, port 123, addr ::1, in6 is_addrmulticast=0 flags=0 fails: Address already in use
Dec 21 12:26:21 mail ntpd[222]: bind() fd 5, family 30, port 123, addr fe80:1::1, in6 is_addrmulticast=0 flags=0 fails: Address already in use
Dec 21 12:26:21 mail ntpd[222]: bind() fd 5, family 2, port 123, addr 127.0.0.1, in_classd=0 flags=0 fails: Address already in use
Dec 21 12:26:21 mail ntpd[222]: bind() fd 5, family 2, port 123, addr 192.168.1.123, in_classd=0 flags=8 fails: Address already in use
Dec 21 12:26:21 mail configd[53]: target=enable-network: disabled
Dec 21 12:26:21 mail servermgrd: servermgr_dns: Reloaded named
Dec 21 12:26:21 mail servermgrd: servermgr_dns: no name available via DNS for 192.168.1.123
Dec 21 12:26:21 mail servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
Dec 21 12:26:22 mail ntpd[222]: sendto(17.254.0.28): Bad file descriptor
Dec 21 12:26:23 mail servermgrd: servermgr_dns: Reloaded named
Dec 21 12:26:24 mail servermgrd: servermgr_dns: no name available via DNS for 192.168.1.123
Dec 21 12:26:24 mail servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
Dec 21 12:26:27 mail /usr/sbin/serialnumberd[253]: serialnumberd: Firewall rule #1 added to allow port 626.
Dec 21 12:26:31 mail /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Disabled firewall
Dec 21 12:26:31 mail /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Flushed rules
Dec 21 12:26:31 mail /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Enabled firewall
Dec 21 12:28:30 mail /usr/sbin/serialnumberd[253]: serialnumberd: Firewall rule #1 added to allow port 626.
Dec 21 12:56:17 mail servermgrd: servermgr_dns: no name available via DNS for 192.168.1.123
Dec 21 12:56:17 mail servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly

My questions:

Shouldn't my DNS settings as they are be telling this server who it is?

What am I missing?

Thanks in advance.

Mac OS X (10.4.8)

Posted on Dec 21, 2006 10:17 AM

Reply
3 replies
User profile for user: Camelot
Camelot
User level: Level 9
59,325 points

Dec 21, 2006 11:11 AM in response to Alan Brooks1

>Shouldn't my DNS settings as they are be telling this server who it is?

No. You stated:

<pre class=command> the ISP's DNS servers are entered so it looks to the ISP for lookups</pre>

It's highly unlikely that your ISP knows anything about your private 192.168.1.x network. WHen your machine tries to resolve its own IP address it's asking your ISP, who returns a 'unknown host' reply, and therein lies your problem.

The typical solution to this is to run your own DNS server for the 192.168.1.x network. Enter your local machine names into this zone and use your ISP as a forwarder for all non-local lookups. This will essdentially insert your own domain/IP lookups in preference to your ISP and take care of your problem.
Reply
User profile for user: Alan Brooks1
Alan Brooks1 Author
User level: Level 1
101 points

Dec 21, 2006 12:08 PM in response to Camelot

"The typical solution to this is to run your own DNS server for the 192.168.1.x network. Enter your local machine names into this zone and use your ISP as a forwarder for all non-local lookups."

I have done all this as I outlined previously. That's why I set up DNS on this server in the first place. I am confused though about:

Do I leave the ISP dns servers in the Network Preference and circumvent them with local DNS for any private lookups or do I put the IP address of this server?

If I put the server's own IP in the Network Preference, how do I add an entry that makes it look to the ISP's DNS for anything public?


Mac OS X (10.4.8)
Reply
User profile for user: Camelot
Camelot
User level: Level 9
59,325 points

Dec 21, 2006 12:34 PM in response to Alan Brooks1

I have done all this as I outlined previously. That's why I set up DNS on this server in the first place. I am confused though about:

Running DNS on this machine is only relevant if you configure hosts in your network to use it. Otherwise the server is sitting there and no one's asking it questions.

>Do I leave the ISP dns servers in the Network Preference and circumvent them with local DNS for any private lookups or do I put the IP address of this server?

You put your DNS server's IP address in Network Preferences, not your ISP's.

If I put the server's own IP in the Network Preference, how do I add an entry that makes it look to the ISP's DNS for anything public?

You have two options. Either recursion or forwarding.

If you opt for recursion your DNS server handles all requests, reaching out to the internet root servers to find answers that it doesn't know - client asks for some domain it's never seen before - 'www.microsoft.com', so your DNS server queries the root servers to find the authoritative servers for 'microsoft.com', it then queries those servers for 'www.microsoft.com' and returns the reply to the client, caching the result so that the next lookup is quicker.

If you opt for forwarders the DNS server relays the query to a nominated DNS server (e.g. your ISP), letting the ISP do the work of querying the root servers, etc.

From a client standpoint there's no difference - they all query your server and get a result, they don't know whether it came from the root or your ISP - the main difference is how much work your DNS server does and how much caching you can leverage.

Recusion is automatic and requires no additional work (other than turning it on). IIRC you cannot specify forwarding in Server Admin, so you'll need to manually edit the name server config /etc/named.conf and add a line in the Options section:

<pre class=command> forwarders { ip.of.isp.server; };</pre>
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

NAT, DNS and changeip

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up