DNS on Mojave server

I followed the following guide from Apple:

https://developer.apple.com/support/macos-server/macOS-Server-Service-Migration- Guide.pdf

The guide is poorly written and I discovered a number of inaccuracies mostly relating to NetInstall migration which took me a while to figure out. The DNS migration guide is mostly accurate except it suggests the chmod command is used to set ownership of a file; just substitute that with chown when you get to that bit. The documentation assumes that you are working on a computer that already has DNS configured through previous OS X Server/macOS Server versions so configuration files are not covered.

You shouldn’t have any issues with the virtual machine solution and you can even administer it with Server.app on your host with BIND providing you never activate services on “This Mac”. To be safe I’d recommend that you delete the file /Library/LaunchDaemons/com.apple.serverd.plist on the DNS server’s Mac since removing Server.app would not have deleted that and if that does get loaded the DNS server will die.

That’s interesting about the named version, I found the binary in Server.app/Contents/ServerRoot/user/sbin

Given that DNS is obviously a core part of macOS Server it is ludicrous that the configuration interface has been removed.

Good luck with your setup.

DNS is no longer included in Server.app so you will have to do it either on a Mac running an older version of macOS and hence older version of Server.app or do it via the command line.

If you manually install BIND then at least the config files will be the same as previously used in Server.app although in a different location.

For those who want a pre-built prettified DNS server the only choice now will be either a web based appliance of some sort typically running on top of Linux, or gasp! Windows Server. There are a number of commercial DNS appliances and a handful of free ones.

There was an app called DNS Enabler from https://cutedgesystems.com. I am hopeful that the author will update it to work with Mohave. Unfortunately, it only runs on High Sierra!

I guess it's a good thing I saved some of those older minis!! I will have to update it to High Sierra and do my internal DNS there!!!

What‘s now called “Server” is an MDM package, and not a server.

Your choices are to migrate to a platform with integrated server capabilities (Linux, BSD, Windows Server, even some NAS devices), or you’re be managing and maintaining macOS with disparate software updates and patchwork integration and security patches across multiple isolated and variously third-party server components.

Not a fun choice, I know.

I used the CutEdge DNS UI a very long time ago, and it did work well.

For some of the networks I’m dealing with, the firewall-gateway-router box now provides a DNS server. ZyXEL ZYWALL USG series, for instance. They’re inexpensive, and—in addition to a DNS server—include a VPN server and various other useful features.

Synology NAS boxes also have support for a number of so-called plug-ins, including a DNS server, a mail server, and can replace a Time Capsule for Time Machine backups.

Packages | Synology Inc.

Kerio might be a target for some; those that want to stay with macOS as a server. Though (when last I checked) Kerio did not (yet?) have all the features of the former Server package, unfortunately.

http://www.kerio.com/products/kerio-connect/server

tedpet wrote:

There was an app called DNS Enabler from https://cutedgesystems.com. I am hopeful that the author will update it to work with Mohave. Unfortunately, it only runs on High Sierra!

I guess it's a good thing I saved some of those older minis!! I will have to update it to High Sierra and do my internal DNS there!!!

I get the impression this merely turned 'on' the DNS server software that was included as standard in all High Sierra (and earlier) operating systems. Since the DNS server is no longer included in Mojave there is nothing to turn on, hence it will not help.

You therefore need to install the replacement DNS software - which could be the same BIND software Apple used to include, configure it and turn it on.

Hypothetically, if you installed BIND it maybe that the DNS Enabler could turn it on (and off).

Actually I’m having an issue running BIND (named) with macOS Server 5.7.1 :

On macOS Mojave I compiled BIND from source and setup a .plist file in /Library/LaunchDaemons , after loading with the launchctl -w command all worked perfectly and named loads on system boot.

Unfortunately after setting up macOS Server there seems to be a conflict with named despite it officially not being part of macOS Server. Now with macOS Server installed I get the following behaviour:

- On system boot named either does not load or does load before being killed by something presumably related to macOS Server.

- After manually starting named with launchctl -w and verifying that it works, it then dies when I load Server.app and I have to manually start named again through the launchctl -w command.

So without macOS Server installed my launch daemon works perfectly but for some reason macOS Server wants to kill it. I suspect that the DNS service code hasn’t been completely removed from macOS Server although the feature has been removed from sight. This means that if my server has a power failure and reboots I cannot get access until I am physically on the same network as the server with an SSH connection to the server’s IP address to start the launch daemon manually.

I was wondering if anybody has had similar experience and knows how to stop macOS Server killing named .

If you have a conflict with named, then you have added a second named, which means you’re going to have to stop running the add-on named, and figure out if and how to manage the one that Apple has integrated.

Launch the new MDM server without having your named launched, and use the lsof command and IP port scans to see what’s going on; if there’s a DNS server active, and what processes are associated. I’m assuming there’s something running named or otherwise, but (maybe) some other software is detecting and shutting down your named.

It may wel not be easily feasible, if whatever is using the DNS ports isn’t configurable. You’d have to figure out how to shut it down and replace it, compatably.

The Directory Services component of the new “Server” MDM management package does need DNS, so a latent DNS server would not be surprising.

I migrated DNS to other local servers, for cases where I’m not still running Server and not MDM pending migration of these systems away from macOS.

What we all used as Server is dead.

We’re all going to be migrating, or patching together our own server if we’re staying on macOS for network services.

Thanks for you suggestions, I searched hard for the presence of a second named and found no evidence. I tried watching the processes in top and I did not see any attempt by macOS Server to load any version of named. I've actually discovered that it's not the MDM processes themselves that are causing the problem; if I delete /Library/LaunchDaemons/com.apple.serverd.plist my DNS server, Profile Manager and associated services all work perfectly together however, you can not administer with Server.app without that launch daemon. In conclusion it's the Server management daemon which for no apparent reason kills named and since locking out the ability to administer the server is not an option and the plist doesn't seem to be configurable, I conclude that macOS Server and a migrated named service following Apple's migration document cannot coexist practically.

Since I only have one Mac mini running all the time I've repurposed it as a personal cloud desktop without macOS Server but keeping the version of named I compiled from source. I now have DNS working perfectly and since macOS Server is just for MDM I've made a virtual machine in Parallels Desktop Pro which starts on system boot on the low resource setting just to run Profile Manager and Open Directory (which I think Apple will kill next since Profile Manager no longer seems to require it). I can administer the server with Server.app on my Mac mini's host OS to connect to the virtual server making administration just as convenient as it always was.

My solution is probably not suitable for most since introducing a virtual machine adds potential sources of failure which in a business environment could be costly for example: the Open Directory VM fails to start due to a problem with Parallels Desktop locking people out of offices since the door lock card reader uses Open Directory to authenticate, or nobody can access critical documents because they can't authenticate with a file server although the host Mac is running just fine.

In short we now need two servers to do the job that one was previously able to do.

Your second instance of named is actually in the server package. You can find this out by using the terminal and using the find command to find named.conf... I discovered this because I installed a new version of bind, but the version number I got was for 9.9.73 or something like that. After I uninstalled Mac OS server.app, named no longer gave me a version number.

What instructions did you use to install BIND? I am having difficulty getting my installation to work. I plan on using a virtual machine to do the MDM installation, and let my non-virtual host do the regular DNS (BIND) stuff.

cutedgesystems now have DNS enabler for Mojave, as well as mailserve which I am currently using. Unfortunately that only partially solves the problem as web server support has also been removed and I really don't want the pain of configuring Apache

cutedgesystems now have DNS enabler for Mojave, as well as mailserve which I am currently using. Unfortunately that only partially solves the problem as web server support has also been removed and I really don't want the pain of configuring Apache

To avoid having to manually edit and configure the Apache files look at installing MAMP.

See - https://www.mamp.info/en/

To avoid having to manually edit and configure the Apache files look at installing MAMP.

MAMP uses insecure defaults and is intended for development and testing, and not a configuration I'd expose to the Internet.

I see that DNS Enabler from https://cutedgesystems.com has been updated for Mojave! I just installed it and it appears to be running fine.