Another DNS Zone Question! :)

Similar Messages

• DNS Zone question

  Just a quickie...
  I'm playing around with a Mac Mini Server and testing out different methods of setting up. I've noticed that when using setup assistant, if I specify that the DNS Server is the OSX Server's IP then the DNS Service is automatically configured.
  It creates a zone called macserver.testserver.private. I was expecting the zone to be called testserver.private containing an A record for macserver.testserver.private. That doesn't seem right to me!
  Is there any logical reason behind this?

  Yes, there is a reason; you've got a zone of testserver.private containing the host macserver. It's common practice to have a domain and TLD; your domain is "testserver" and the intentionally bogus TLD is "private".
  Regardless, what you likely want is a registered domain or subdomain (so that you never collide with another real domain or with one of the added domains), and you'll want to set up DNS for your particular requirements rather than the default install. I'd get out of the private TLD.
  There are many differing set-up requirements and a gazillions options within DNS, and here are some [DNS set-up instructions|http://labs.hoffmanlabs.com/node/1436]. These presume use of Server Admin to configure DNS, which is compatible with but a more detailed and flexible alternative to Server Preferences.

• Changing DNS zone names after the fact

  Over 3 months ago we started setting up our server network. After discussions with administration it was determined (at the time) that we would use and register a domain name with a .net extension. So we set up a primary server with this extension and had it registered with our ISP. We subsequently added 7 other servers to the mix and as they were installed they grabbed their names from the DNS zone we had setup *.net in our DNS zone in our primary nameserver system. It was all well the tests worked we had it all going and are moving our 130 machines (including about 60 users) over next few months (and have moved about 10 users and other machines so far.
  My question is this. Back in beginning a *.org was the other option but we had problems with it and our ISP (could have been some error on our part) so we went with *.net for our domain and got that registered. Now all of a sudden as our management is wanting to move the organizational website (we are not doing that) to another service that service is tying to convince them we should have not used *.net but *.org.
  The person in charge of us is strongly asking if we can go back and setup with *.org but as I understand it I cannot go in and delete my *.net DNS zone and then rename all the servers with a .org extension but as we understand it from lynda.com and other sources it appears that we probably would have to go back and reset all the machines back up by reinstalling them after I changed the first primary nameserver. And then register the new name and wait for it to propagate?
  Are we wrong? Can we just go in and turn off the DNS in server admin and then change the zone name(s) to *.org and the host names of each server from *.net to *.org and restart DNS and find all to be well? As much as we can tell it appears that we would have to restart from scratch as all the documents and lynda.com imply we should have had our final domain name set and registered before we started to install and setup the primary and secondary servers?
  I see some examples where it is said to make such changes something needs to be done with ipconfig and not the GUI in server admin. But again I am not sure that this will work with our primary nameserver and the 7 servers under it?
  Any feedback or help about this would be appreciated. It is our preference to stay with *.net and not have to do major work as we are starting user and network migration to the new servers and hate to have have such a major setback just because one person and the web design service they want to use does not like *.net. to us it appears the horse is long out of the barn and when this was approved last fall we have gone to far to easily go back. But if it is easier to go back than we think then we are willing to try to change.
  Thanks
  russ

  foilpan wrote:
  first, what are these servers doing? are they all web servers, OD masters, simple file servers? depending on their roles, changing their names can be more or less of a problem.
  The first server we set (the name server) does incoming mail, is the DNS server for local net and such. Then there is the outgoing mail server (one of 7) a web server (another of 7) and then the rest are mostly file servers for our setup.
  second, work out that political stuff before making any changes. if everything's working fine as is, make a strong case for leaving things alone. if possible, estimate support costs for changing everything and troubleshooting, then see if management can justify it.
  Sort of my feeling. We thought we had it all worked out but then they decided to abandon the old web site (managed by someone else but associated with the old mail/network somewhat) and have a new Web design company do it and this company complained about us having chose a .net for what reason I do not know so the administrator somehow was persuaded and had no idea of the can of worms she had opened up by changing her mind. If it is too much of a hassle and it appears so in terms of delays to move rest of organization over then I hope we can convince them.
  are all these servers public facing or behind a firewall?
  They are behind a firewall on a high speed cable modem ISP service (firewall is local ASTARO machine).
  also, why not setup another dns zone for .org and point to the same hosts? that would allow you to use either .net or .org, for the most part. again, that depends on what these servers are doing.
  We suggested that but the administrator did not like having two names we have a lot of users (volunteers and such) who are not really too savvy (the nature of free and partime help I guess) and she feels they will be confused by two extensions for network, mail and web. It sure does not bother me (I have about 8 email addresses for example now .
  post more details without the political background and what the end result should be, and we'll be able to add more here.
  Ok basically we want to know with the following:
  1) main nameserver (the first server that provides the DNS zone for local *.net and serves the incoming mail)
  2) A second outgoing SMTP server to split load and do outgoing work...
  3) A third webserver doing all the web services (blog, wicki, and such)
  4) 4 file servers that are going to provide a local file server for our 4 main departments
  5) A final test server we are testing other things with-- so total of 8 servers.
  6) 8 Users out of 60 now on the network with their personal desktops or laptop machines, and a few printers and other devices all on new network.
  There are a total of 130 macs and pc's in our organization that will all eventually be on this new network with the above.
  Basically we are wondering if the main (first) DNS and incoming mail sever, and the 7 other (web, SMTP out, and file server machines) will have to be set back up from reinstall if we are to make the change from the *.net zone we have now to a *.org one?
  Any other details that would be of help?
  Thanks
  Russ
  2) second

• Question about DNS zones

  Here's my problem..
  I have an internal webserver that has an external address. Clients on my internal network (the same as the webserver) can't access the internal server using its external address. I got around this in a Windows enviornment (there are multiple buildings with different environments) by creating a primary DNS zone with the external address of the server, and an A Host pointing to the internal address.
  I'm having some trouble getting this setup on Lion server, and rather than breaking DNS again, I figured I'd ask around first. Like I said, I tried adding a new zone, and did something that broke DNS. I had to manually edit the configuration file to remove the new zone. The FQDN is different from the name of the Mac server.
  Basically the Mac server is school.com, and I need school.google.com to point internally. These obviously aren't the real addresses, but it illustrates what I need to accomplish.
  Does this make sense? Is it possible with Lion Server?
  Thanks

  If you want to access the webserver internally as school.google.com you cannot and should not try to create a google.com zone. If your website has your own private domain e.g. www.myschool.edu then as you (presumably) own and control that domain then you can run what is typicially called a 'split-horizon' DNS setup.
  You could have a second domain name just for the website which still needs to be owned by you, this would let you use say domain.local as the main internal Active Directory domain and a second dmoain like myschool.edu for the website.
  With a spit-horizon setup you need two DNS servers, one would be used just internally, the other would be used just externally. So anyone outside your network i.e. on the Internet would use the external DNS server (often your ISP), and anyone on your LAN uses the internal one. The internal one would map www.myschool.com to your internal LAN IP address of your webserver, the external DNS server would map the same www.myschool.edu to your internet routers address. Your router would then have to setup a NAT port mapping rule to forward the HTTP traffic to your internal webservers IP address. You can still have multiple websites hosted internally and be accessible externally but all of them must run on a single internal webserver as the NAT port mapping can only map to a single IP address per protocol (port number).

• Another DNS record deletion question

  I am fairly new to the environment, as i switched my consulting job to an internal job. 
  The environment was a flat file dns, with one primary DNS server and multiple secondary servers. I move away from the flat file DNS (single master model), to an active directory integrated DNS with multiple DNS zones. So I moved the multiple DNS domains
  away from the master zone to their own dedicated DNS zones on the domain controllers within their domain.
  The Colleagues already warned me that DNS records tend to mysteriously disappear from time to time, but could not find any proof. I checked the usual suspects (scavenging), but that was disabled. 3 weeks back, I splitted the single DNS zone, in multiple
  DNS zones, where the splitted DNS is pointing to their own dedicated domain controllers. I used following procedure to do it:
  http://blogs.technet.com/b/askpfeplat/archive/2013/12/02/how-to-split-and-migrate-child-domain-dns-records-to-a-dedicated-dns-zone.aspx
  Since the migration we had several encounters of DNS records which were deleted, some were explainable (wrong ILO settings), but some were not. As i could not explain the deletions, i enabled auditing on DNS to see who or what is responsible for deleting
  those objects. This morning i was notified that again a records went missing, so I went to inspect the audit logs. To my surprise I saw that my admin account was logged with the record was deleted. Now I did not delete any records, have no scripts running
  that modify DNS in anyway, and i seriously doubt that my admin account has been compromised. Is there anyone who could explain why records (A records of members servers) are being deleted, although scavenging is disabled?
  I have checked the DNS suffix, and verified that it is not set. In which the client uses the active directory domain to which it is a member.     
  Answers provided are coming from personal experience, and come with no warranty of success. I as everybody else do make mistakes.

  Hi,
  Because the Active Directory integrated DNS replication between all the DNS server, one of the DNS server delete the record others will delete the record too, so Mahdi’s suggestion
  is better to know what happen when the DNS records deleted.
  More information:
  Active Directory-Integrated DNS
  http://technet.microsoft.com/en-us/library/cc978010.aspx
  Understanding DNS Zone Replication in Active Directory Domain Services
  http://technet.microsoft.com/en-us/library/cc772101.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• DNS zones for Mail virtual host

  Hello,
  We have a split DNS server hosting mail for company.com. So we have a DNS zone called company.com with the appropriate records (A, MX).
  We now need in the same box to host mail for another domain, company.org. Do we have to create a separate DNS zone for company.org with another A record for the server?
  Regards
  Kostas

  If you're going strictly for mail and with no other network services are associated, then Camelot is quite correct and you can use an MX, and enable virtual hosting within the mail server.
  If you're doing "other stuff" with that domain, then you'll need the zone.
  Given the usual fondness for, well, "incomplete" questions and for server configurations and networks that, um, "evolve", then the answer I'd use is "yes"; add the zone.  (If for no other reason than somebody's eventually going to want a web server with the domain, or...)
  I'm not a big fan of split-horizon though I can and do use it for specific cases. I prefer to partition "inside" from "outside", and that avoids this quagmire.
  And FWIW, "example.com", "example.org" and "example.net" are RFC-reserved domain names available for posting obfuscated examples and questions, for documentation, and related use.  "company.com" and "company.org" are real and registered domains. 

• Hosting Multiple DNS Zones on different servers How To?

  Hello, I have an issue that I would like one of the experts to help out with.
  I am currently facing an issue with DNS. I currently need to be able to ping certain machines on my internal domain by their external IP address.
  Example: machineA.domain.local has IP address 192.168.1.10 but from the inside of my network I would need to be able to ping machineA.domain.local and have it resolve to my EXTERNAL IP ADDRESS.
  Now as far as I know using a split DNS would solve this issue. Herein lies my issue.
  My DNS works half the time. Sometimes I will ping machineA.domain.local and it will resolve the internal address and sometimes it would resolve the public IP address (which I set manually in my split DNS)
  Now, my reasoning for this is because there are multiple entries with the same machine name on the same domain controller that resolve to different IP addresses. So when I ping machineA.domain.local the reply will be a "confused" reply.
  Here is what I tried to do to correct the issue. I created another Windows Server 2008 R2 machine with only the DNS role installed. I then removed the split DNS from my domain controller and added the zone "zone.domain.com" with the A record "machineA.domain.com"
  I did not join the domain with the new machine as I did not believe it to be necessary.
  The machines on the inside still cannot ping "machineA.domain.com", nor can my new server successfully ping "machineA.domain.local". It can resolve "machineA.domain.com" but I am fairly certain this is because I added it in
  the DNS zone.
  I tried to go a little further and tried to connect to the domain controller DNS via the MMC snap in on my new server. I get an error telling me that the access is denied.
  In order to attempt to fix that I added the computer in the properties of the DNS in the security tab. I also added the newly created server to the DNS admins group.
  Nothing works I am not sure what I am doing incorrect but I would need to know how I can do the following
  A) Successfully (if possible) have 2 different zones on the same domain
  example: internal.domain.local and external.domain.com
  I would need to know how to be able to successfully ping the machines I need to ping that resolves to  the external IP address from the inside without having the internal A record in the DNS zone interfere.
  I would also need to know how I could connect to the domain controllers DNS via another computer (the new server) without having the access is denied error.
  Once again, I tried to use a split DNS on the same server which yielded mixed results. I cannot have the machines replying randomly or go down because 2 DNS zones are on the same machine.
  Thank you hope to get an answer ASAP!

  Anyone have any ideas on this?

• Moving SharePoint Form to another DMZ zone

  Hi,
  We have SharePoint application deployed on DMZ zone.So entire farm (WFE, APP & DB server)  is under DMZ zone. however for some reason client is looking to move entire farm to another DMZ zone. I would like to know what are the aspects we need to
  consider for this activity.
  Best Regards,
  Safder

  A few things come to mind:
  Active Directory location & firewall access
  Network Routing
  Reverse Proxies (if applicable)
  Network Load Balancers
  Server name / DNS / IP changes
  URL changes (if needed)
  Dimitri Ayrapetov (MCSE: SharePoint)

• External DNS zone on Internal DNS servers

  We currently have a 2 domain forest with DNS running on all domain controllers. All domain controllers are 2012 or 2012 R2 and our Domain and forest functional level is set at 2008 R2 due to the existence of an exchange 2003 server which wont be retired
  for several months. We have 2 DNS servers in the root domain and 4 DNS servers in the child domain. This is a centralized DNS setup. Our parent domain is DOMAIN.LOCAL and the child domain is XX.DOMAIN.LOCAL. Externally, our DNS is MYDOMAIN.com. we
  do not have a public facing DNS server and our DNS records are hosted by a 3rd party
  We want to add the MYDOMAIN.COM DNS zone internally (AD Integrated) since we have several instances where applications do not really work well with the XX.DOMAIN.LOCAL DNS. We want this zone to host several DNS records for internal resolution
  only since we do not have any public facing applications or web servers such as SharePoint etc.
  My question(s) is this?
  How is the best way to do this and how will it affect the zones we currently have in place.
  Is it as simple as creating a new forward lookup zone, adding static records?
  How do we (or do we) handle delegation?
  Any information or suggestions to get me started would be greatly appreciated.
  Russ

  Hi,
  I’m not quite understand your question, do you want to create a new primary DNS zone on your current DNS server? If so, you
  just need to create a new primary, you can create the additional primary DNS zone.
  The related KB:
  Configuring a new primary server
  http://technet.microsoft.com/en-us/library/cc776365(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Child DNS Zone changing PTR record of OD Master

  Grretings,
  I am setting up a new OD master server for our school that will also host our DNS. Home folders will be on another server. I am using the DNS GUI for now. Setup master DNS zone of ourschool.lan. OD master has FQDN of admin.ourschool.lan with an IP address of 172.16.2.254. Forward and reverse lookups of OD master are great.
  #host admin.ourschool.lan returns 172.16.2.254
  #host 172.16.2.254 returns admin.ourschool.lan
  When I go to set up a child zone, highschool.ourschool.lan, on this server I set the nameserver to ns1.highschool.ourschool.lan and IP address of 172.16.2.254, I have had the following happen:
  #host admin.ourschool.lan returns 172.16.2.254
  #host 172.16.2.254 returns ns1.highschool.ourschool.lan (not what I want!)
  I understand forward and reverse lookups to OD master need to be rock solid. The changing of the PTR record is going to ruin this. Has anyone else seen this behavior. Should I just do the DNS through terminal and forget the GUI?
  Thank you for any feedback. I searched this discussion list and didn't find anything similar to this in the postings.
  Best Regards,
  Steve
  OS X Server and Client   Mac OS X (10.4.6)  

  Your problem stems from the fact you're trying to create two separate A records for the same IP address.
  The GUI will automatically create a reverse DNS entry for each a record. Since you have two A records that point to 172.16.2.254 that's where your problem lies.
  Your solution is either to use a CNAME (or alias) for the second hostname (e.g. ns1.highschool.ourschool.lan CNAME admin.ourschool.lan), or manage the DNS by hand and don't use the GUI tools.

• Adding a new DNS zone to OD master for use as mail server

  hi all,
  i recently migrated form apple's postfix to kerio mail server. i am usung an xserve to run OD master, DNS, Jabber, Windows PDC and kerio mail.
  server name is mail.domain1.com and i am hosting it on local IP 192.168.0.4 and using NAT on my firewall.
  i would liek to setuop another kerio domain and mail server on the same box but not sure how to approach DNS.
  i need to add mail.domain2.com
  i am abel to add the second mail server in kerio but not sure if i need to setuo a second DNS zone on the same server on order to be able to have my local clients conect to the new domain. i only have 4 users for domain2.com and plan to use kerios built in autrhentication so i dont realy need another LDAP or user authentication server for now.
  currently i am using the hosting package of my provider to server mail.domain2.com as well as www.domain2.com
  i would liek to keep the site wit he hosting company but just move the mail server with my kerio server. that is teh setup i have for domain1 - i host mail server mail.domain1.com on premices and i have my domain reqistration site host the site for www.domain1.com
  i assme i can do this with virtual domains?
  any help is appreciated.
  thanks
  martin

  hi all,
  i recently migrated form apple's postfix to kerio mail server. i am usung an xserve to run OD master, DNS, Jabber, Windows PDC and kerio mail.
  server name is mail.domain1.com and i am hosting it on local IP 192.168.0.4 and using NAT on my firewall.
  i would liek to setuop another kerio domain and mail server on the same box but not sure how to approach DNS.
  i need to add mail.domain2.com
  i am abel to add the second mail server in kerio but not sure if i need to setuo a second DNS zone on the same server on order to be able to have my local clients conect to the new domain. i only have 4 users for domain2.com and plan to use kerios built in autrhentication so i dont realy need another LDAP or user authentication server for now.
  currently i am using the hosting package of my provider to server mail.domain2.com as well as www.domain2.com
  i would liek to keep the site wit he hosting company but just move the mail server with my kerio server. that is teh setup i have for domain1 - i host mail server mail.domain1.com on premices and i have my domain reqistration site host the site for www.domain1.com
  i assme i can do this with virtual domains?
  any help is appreciated.
  thanks
  martin

• Different SBA DNS SRV entry for the same dns zone?

  Hello,
  I got here a testlab with one enterprise pool and one sba deployed. The Branch Site got also an DNS Server installed. Both are using the same dns zone "test.com".
  Of course now i got different server for the same SRV Record _sipinternaltls._tcp.test.com - one for autodiscovery in the enterprise pool and one for the sba. Also I want to add the second one as failover srv + the DNS Server in the Enterprise Pool should
  be used as a Forwarder.
  Now I got some issues how to deploy several entries on two different dns server for the same zone.
  1.) If I add manually the same zone + DNS SRV entries on the SBA the dns is somehow not resolving/forwarding the entries on the other dns server in ee to other servers which are not on my SBA dns.
  2.) If I only pinpoint the SRV entries for _sipinternaltls._tcp.test.com (one for sba and failover for ee site) the dns won't resolve the second a record to the enterprise pool.
  What is the Best Practise for DNS SBA? Always point to the enterprise pool and, therefore, no other configuration is needed?
  Regards DrWho

  I played a little bit around. Problem was that I can not add the pinpoint dns srv entries via gui. Aditionally the tutorials did not work as my DNS server for SBA is not on a domain controller. In the end I did this:
  sbafe -> fqdn of my sba
  eefe -> fqdn of my frontend of enterprise pool
  dnscmd . /zoneadd _sipinternaltls._tcp.test.com. /primary /file _sipinternaltls._tcp.test.com.dns
  dnscmd . /recordadd _sipinternaltls._tcp.test.com. @ SRV 0 0 5061 sbafe.test.com.
  dnscmd . /recordadd _sipinternaltls._tcp.test.com. @ SRV 10 0 5061 eefe.test.com.
  dnscmd . /zoneadd sbafe.test.com. /primary /file sbafe.test.com.dns
  dnscmd . /recordadd sip.sbafe.test.com. @ A 192.168.10.220
  dnscmd . /zoneadd eefe.test.com. /primary /file eefe.test.com.dns
  dnscmd . /recordadd sip.eefe.test.com. @ A 192.168.0.40
  Question is if that is a good best proctise or should the dns server within a zone contain the same records (Primary/Backup). The Client will then always hit the FE of the EE Pool first.
  Also its quite a lot of work to setup.

• DNS Zone forward OS X10.5 Server

  I have DNS functioning for the internal network with recursion, users can query both internally and externally just fine. I do not service DNS publicly to the Internet.
  I need to setup one zone so that queries for 'map.local' are forwarded to another DNS server I have access to. I prefer a forward instead of becoming a slave to that master domain if possible.
  I do not see any option to this within the GUI.
  Researching this I feel I found how to do this in BIND using /etc/named.conf:
  zone "map.local" IN {
  type forward;
  forwarders { 10.64.0.100; };
  However when I add this DNS simply stops working, the logs in debug mode show nothing. As soon as I remove it DNS starts up.
  It appears all the zone setting are pulled out /etc/named.conf in 10.5 and placed in an include file--however that file's header say do no edit, its written by the GUI. As a test I tried to enter this in that anyway and the same thing happened DNS stopped working.
  How do I setup DNS on OS X 10.5 Server to forward DNS for this one domain 'map.local' to query another DNS server by IP?
  I have read OS X doesn't deal well with '.local' type TLDs, but it can if the domain is added to its search domains. I do not have control over that domain name and must deal with it as '.local'. Any comments on how much trouble this will cause?
  Thanks,
  Joe

  According to this: http://docstore.mik.ua/orelly/networking2ndEd/dns/ch1005.htm
  you should enter:
  zone "map.local" {
  type forward;
  forwarders { 10.64.0.100; };
  Remove the "IN".
  And "map.local" might work but just ".local" would probably interfere with mDNS/Bonjour.
  I have no idéa if this works but it should.

• DNS Zone for Mail

  Following on from my first question which the nice Mr Camelot answered for me
  I have a server which has a DNS zone of companyname.net.
  Internal mail has been setup using Mail Exchanger set to mail.companyname.net.
  I have checked changeip -checkhostname and there are no issues.
  The public DNS records have been set to make mail.companyname.com the MX record, and an A record for mail.companyname.com has been setup pointing to the static IP.
  As I see it I have two options I can move forward with (3 actually if I wipe the server and start again )
  1. Try and rename the DNS zone to companyname.com and then reset the mail settings to match.
  2. Setup a CNAME on the server internal DNS to point mail.companyname.com to mail.companyname.net and leave the mail settings as they are.
  I am in the process of installing SL Server on a VM to test the first option to see if it is viable, but my question is are there any options I have missed, and what would you suggest I do in this circumstance?
  TIA.

  So you have a zone for a host mail.example.net within your network, and valid external DNS services with an A record and MX at mail.example.com within your external DNS services, and you're wondering about rebuilding this all?
  It'd be far easier to just enable mail.companyname.com as a virtual host within the mail server configuration.
  Personally, I'd look to remove the use of the internal example.net MX for the mail server, and use the external path.  You can set up the MX for the internal network to resolve to mail.example.com, for instance.  With that (and with a firewall that knows how to reflect" outbound traffic for the WAN IP address, or - somewhat uglier - adding a DNS A record for the mail.example.com within your internal zone), the configuration is the same for all hosts, whether internal desktops or mobile devices.
  Note that the companyname.com and companyname.net domains are real and registered domains.   The domains example.com, example.net and example.org are RFC-reserved for documentation and for these sorts of postings.

• Can't remove dns zone

  I messed up my dns zone while while adding a zone. I am trying to remove everything and start over, but SA will not let me. I have a primary and reverse zone that keeps coming back after I remove it. I have looked in /var/named/zone, but there is nothing there.
  If I add another zone, it appears in /var/named/zone, and I can remove it with SA. What should I try next?

  Hi
  This afp548 article explains the Leopard DNS Service including where relevant files are located. You might find it useful. You could restart the Server in safe mode (shift key depressed) and try deleting the zones that way. A normal restart thereafter should get you going again. You may actually be looking at a rebuild/reinstall but only you would know or decide that.
  This recent post describes how to set up the DNS Service in Leopard simply:
  http://discussions.apple.com/thread.jspa?threadID=1251475&tstart=0
  Stick with it because its not that obvious to begin with. Its about the 7th post down. One thing that could be added is at the setup assistant stage and when you are prompted to configure the Network Settings is to switch off IPv6.
  Hope this helps, Tony