DMZ - DNS Server, Mail Server, Web Server, FTP Server

Similar Messages

• DNS Server Infrastructure Design

  Good day IT Folks,
  Currently I'm on the planning stage of designing DNS infrastructure of our company. I've read a lot of reading materials available online about DNS. According to what I've gathered, two (2) DNS server is the minimum and three (3) is the recommended for the
  usual set up of DNS. What I want to my DNS infrastructure is to have two (2) DNS servers for my LAN (internal network) and one (1) DNS for my LAN-to-Internet connection (external network).
  The two (2) DNS servers will resolve LAN request and will forward requests to the another one (1) DNS server if internet-related sites is requested. I would like to ask for your help to give me insights how am I going to do this, where to start and what
  are the things I should consider.
  Thanks.
  akosijesyang - the conqueror

  You could go with a secure design such as the following (click on it to open a larger image in a new page):
  See if the following threads help:
  Technet Thread: Problem with Windows 2008 R2 Dns Server getting SERVFAIL resolving one domain, 1/18/2012
  Includes a secure DNS forwarder in the DMZ image
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b00fc041-ba44-45b6-a8a1-a00374a20edf
  Technet Thread: DNS Structure to rebuild efficiently - Question about the resolution process, 10/27/2011
  Includes a secure DNS forwarder in the DMZ image
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/3a5fb6ac-6ab7-45b1-abab-e0d928a7e06c
  Good discussion on DMZ secured resolver design, and the use of "Unbound DNS Resolver (http://unbound.net/) to use on your DMZ DNS server instead of Windows DNS. (Note: IMHO, for AD, I would rather use Windows DNS. - Ace)
  Technet Thread: W2003 DNS cache snooping vulnerability for PCI-DSS compliance, 10/10/2011
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/67e9189b-606a-40d2-9944-8b4c7d084017/
  And dealing with internal and external names:
  Can't Access Website with Same Name (Split Zone or no Split Brain)
  Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM  1278  0
  Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by
  http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
  http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-
  name.aspx
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Can't connect to mail server - DNS Server settings?

  Hello:
  Let me preface this question by saying that computer networking is not my strong suit.
  Last week I moved our web hosting from our ISP to Lunarpages; our domain is marshall-arts.net. I set up some POP email accounts on our new mail servers and was able to successfully send and receive email wirelessly using our G4 ibook. However, none of our networked desktop systems could connect to our new mail server, although they could connect to our ISP's mail server; they also have no problem connecting to the web. The mail server and user names were identical between the desktop systems and the ibook. But upon closer examination of the TCP/IP settings of the ibook I found that the ibook had 209.253.113.10 entered into the DNS Servers (optional) field. That field was blank in the desktop systems. Once I entered that address into the DNS Servers field on the desktop systems they had no problem connecting to our Lunarpages mail servers.
  Here's our setup, as best as I can describe it:
  We have an AirPort Extreme connected to our DSL router. It's connected via ethernet, configured manually with a static IP, router and DNS server addresses provided by our ISP. It's set to distribute IP addresses with the AirPort client computers sharing a single IP address using DHCP and NAT (10.0.1.1. addressing). It's connected via ethernet to a Linksys gigabit ethernet switch to which we have connected three desktop Macs running OS 10.3.x and 10.4.x.
  The TCP/IP of the three desktop systems and the ibook are configured Using DHCP.
  As I wrote above, only the ibook had an address entered into the DNS Servers field, 209.253.113.10. This doesn't correspond to anything our ISP provided (those addresses are entered in the AirPort Extreme.) I have no idea where it came from.
  So I have two questions:
  Would that address have been generated automatically while setting up the AirPort connection on the ibook?
  Why would that supposedly optional DNS Server address be required for me to connect to our new mail servers (but not our old ISP mail servers)?
  Thank you.
  Shawn Marshall
  Marshall Arts Motion Graphics
  Dual 2.5 Ghz G5   Mac OS X (10.4.7)  
  Dual 2.5 Ghz G5   Mac OS X (10.4.7)  

  Hello:
  Let me preface this question by saying that computer networking is not my strong suit.
  Last week I moved our web hosting from our ISP to Lunarpages; our domain is marshall-arts.net. I set up some POP email accounts on our new mail servers and was able to successfully send and receive email wirelessly using our G4 ibook. However, none of our networked desktop systems could connect to our new mail server, although they could connect to our ISP's mail server; they also have no problem connecting to the web. The mail server and user names were identical between the desktop systems and the ibook. But upon closer examination of the TCP/IP settings of the ibook I found that the ibook had 209.253.113.10 entered into the DNS Servers (optional) field. That field was blank in the desktop systems. Once I entered that address into the DNS Servers field on the desktop systems they had no problem connecting to our Lunarpages mail servers.
  Here's our setup, as best as I can describe it:
  We have an AirPort Extreme connected to our DSL router. It's connected via ethernet, configured manually with a static IP, router and DNS server addresses provided by our ISP. It's set to distribute IP addresses with the AirPort client computers sharing a single IP address using DHCP and NAT (10.0.1.1. addressing). It's connected via ethernet to a Linksys gigabit ethernet switch to which we have connected three desktop Macs running OS 10.3.x and 10.4.x.
  The TCP/IP of the three desktop systems and the ibook are configured Using DHCP.
  As I wrote above, only the ibook had an address entered into the DNS Servers field, 209.253.113.10. This doesn't correspond to anything our ISP provided (those addresses are entered in the AirPort Extreme.) I have no idea where it came from.
  So I have two questions:
  Would that address have been generated automatically while setting up the AirPort connection on the ibook?
  Why would that supposedly optional DNS Server address be required for me to connect to our new mail servers (but not our old ISP mail servers)?
  Thank you.
  Shawn Marshall
  Marshall Arts Motion Graphics
  Dual 2.5 Ghz G5   Mac OS X (10.4.7)  
  Dual 2.5 Ghz G5   Mac OS X (10.4.7)  

• Mail and web server on same machine

  hi to all,
  i have jes 4 suite installed on the same machin: uwc runs on port 81 and 443 (secure) and mail can be accessed on:
  https://mail.dom.com
  I want to create a new web instance to host the web content. It will be access at:
  http://www.dom.com
  What needs to be done so that users do not access
  https://www.dom.com as web mail
  and http://mail.dom.com as web server?
  thanks!
  Linda.

  What is on port 80 is the webserver that should host the website.
  What is on port 81 is the webserver instance hosting the webmail. I installed a certificate and created a new LS so that users access the webmail through https. port 81 is firewalled.
  There is no command called 'host' on Solaris. Actually the DNS admin will register www.dom.com and mail.dom.com to have the same IP since mail and web are installed on the same machine.
  The server processes that exist should be the mail processes and the 2 web instances processes. the first instance should listen to port 443 and 81. The second instance should listen to port 80.
  the urls that a user might type:
  https://mail.dom.com
  http://www.dom.com
  http://mail.dom.com
  the last url is what I want to change. Normally this should display the website. I don't want this result. I want to display the webmail page i.e. https://mail.dom.com. If this is not feasible, I want to display a page showing the 2 other urls.
  thanks,

• Domain name/"primary DNS" name/mail host name/mail server name/mx name

  Hi,
  I have registered my domain name (N.com) with an external dns server and created an MX record (mail.N.com) for it as well. My server sits behind a router and internet traffic is port(80)-forwarded to my server's fixed internal ip address (I can access my webpages from the internet just fine). When I initially setup the server I was asked to give it a "primary DNS name." I naturally assumed that N.com was supposed to be entered here, but that just caused all kinds of problems (though I still do not understand why). So I reinstalled and currently have server.N.com as the primary DNS name of the server (although it shows up in Server Admin and Workgroup Manager as server.local--why is that?)
  I have had no luck getting any email from the internet with the default settings in mail services (domain name of N.com and host name of server.N.com). Having no luck with the defaults, I assumed that maybe I needed to change the host name to "mail.N.com" so that it matched the MX record. I also changed the user preferences in Workgroup Manager to receive mail from mail.N.com--but still no luck. Could someone tell me what I am doing wrong and how come none of the Mail Service literature mentions anything about what a mail "host name" is supposed to be? Is it supposed to be the same as the "Mail Server" name that Workgroup Manager asks each user for? and is it the same as the MX record name?
  I am just needing some help to connect all these variously named, but undefined, dots.
  Also, how come I can access webmail from the internet using www.N.com/webmail but can't do it from any computers within my physical network (I have to use IPaddress/webmail or server.local/webmail)?
  Also, should my user email addresses be [email protected] or [email protected] (which is the current default)?
  Thanks in advance and good luck!
  John

  I had been told by a friend that ... regular email coming in from the internet would go through port 80
  Unfortunately you were misinformed.
  My MX record needs the extra subname (such as "mail") in front of the domain name, right?
  Not at all. A MX record for 'N.com' is entirely valid (expected, in fact).
  An MX record tells remote mail servers where to send mail for any domain/subdomain. If you think about it, let's say you worked for Apple and you wanted people to be able to send email to [email protected], well then you need an MX record for 'apple.com'.
  You can see if you dig MX apple.com that they actually have 9 MX records, but the point still stands.
  Now, you might also have MX records for subdomains so that you can have [email protected], [email protected], [email protected], etc. Each of these subdomains would need a separate MX record.
  So, in general, for any set of email addresses @[anything.]domain.com you have a MX record telling remote mail servers where to send that mail.
  Of course the MX record name is mail.N.com, but I think you are implying that the in the Mail settings of Server Admin where it asks for domain name all I need to put there is the N.com, right?
  What I mean is that you need to set the domain name to whatever domain name you expect to receive mail at.
  If you want users to have email addresses in the form of [email protected], then you enter 'N.com'.
  If you want users to have email addresses in the form of [email protected] then you enter 'mail.N.com'.
  If you want both forms, enter one in the main domain and add the other(s) in the Advanced -> Hosting -> Local Host Aliases section.
  Is there anything in the Mail settings that needs to have the full MX record name (mail.N.com)?
  Yes. Either the 'domain name' or the 'Local Host Aliases' needs to contain the same thing as your MX record. That's because the MX record tells remote servers to send mail to this machine, but the machine won't accept the mail unless it is configured to do so.
  What is the "host name" supposed to be?
  This should be the name that remote servers see when this machine tries to send outgoing mail.
  Ideally this should match the reverse DNS of your IP address, that way when it connects to a remote server it says "Hi, I'm $hostname" and the remote server can lookup the machine's IP address and see the same result. This will reduce the problem of remote servers thinking you're sending them spam.
  If you only have a single IP address then this probably needs to be something like 'N.com'. If you don't have control over your reverse DNS then you're going to run into a problem.
  Also in the user accounts (in Workgroup Manager) what should the "mail server name" be? Is it the host name or the domain name?
  Off hand, I don't know.
  Also, why are all the default user email addresses [email protected] (the name I gave the server at setup)? Why doesn't the user accounts create [email protected] as the default address?
  Presumably because the mail server says it is 'server.N.com' and therefore any accounts on that machine would be [email protected]. Changing the domain name (as above) should fix that.

• Set up web with an external dns server

  hi i have bought a mac server. and i am new to configure them, I have hosted dns with a company called speednames and I have plans to host several domains there. but I would like to put them to point to the server because I want to install joomla on the domains. on one of the domains, I still want to have the mail to run on speednames. the rest of the domains mail part i would like to point to the server. do somebody have a guide to do that

  Your DNS MX (mail exchange) record goes to Speednames, and your DNS translation(s) go to your own static IP address(es), and your static IP names are (at your external firewall) NAT'd and port-forwarded to your server.
  The DNS MX entry is the identity of the host where your in-bound mail for the domain is sent, and the other DNS translations are where (all) other queries go.
  Here are some details of [external (outside the firewall) DNS|http://labs.hoffmanlabs.com/node/1594] and [internal (inside your firewall) DNS set-up|http://labs.hoffmanlabs.com/node/1436].

• How to configure DNS server to redirect all web traffic to one external website?

  I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
  (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

  Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
  If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
  A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

• Web based ftp server in flex

  Dear guys,
  I am developing web base ftp server application in flex. whoever already developed ftp server application in flex. Please give me the component source code. Please support to me.
  thank you,
  veeru

  Dear Greg,
  Great
  Thanks for helping God bless You.
  Please look the website. I am developing the ftp site like net2ftp.com (same
  options). How can i move. I know very well flash,css,javascript,flex but i m
  week in flash as3. Please send to me the all files.
  www.net2ftp.com
  thank you,
  veera

• Layer 3 Web redirect without MD DNS Server

  Hello there
  Actually, I want to configure layer 3 web redirect and i dont have any DNS server. I tried to use the core switch to resolve the name into ip through the comment ip host webauth 1.1.1.1 but it did not work, I am using the DHCP currently local on the controller any suggestions?
  Thanks,
  Elie

  Can you elaborate on what you are trying to do?
  Unless you've specified a DNS name on your Virtual Interface, webauth with redirect the client to the IP address of your Virtual Interface. Generally speaking you only put a DNS name on the Interface if you are using a certificate... For you to have a valid certificate, I would suspect it has a valid domain, and therefor you should be able to make a DNS entry global for that domain pointing webauth.domain.com  back to 1.1.1.1...... 
  But if all you're trying to accomplish is webauth without a dns lookup resolving 1.1.1.1, then this should already be in place if you haven't put a name on the Virtual Interface.

• DNS server in DMZ or Inside?

  I'm currently using a Win2003 server as my DMZ on the inside of the network. It's also the server I use as my Domain Controller.
  I am reviewing some of my policies and considering some changes. Is it best to have my DNS servers on the Inside or on the DMZ?

  Roland
  It is not clear to me from your post what the usage of the DNS server is, and that would influence where you place the server. If the DNS server is only accessed by internal users then placement on the inside is fine. But if the DNS server is also access by anyone outside then I believe that you should place the DNS server in the DMZ.
  HTH
  Rick

• Can I avoid setting up a DNS server?

  Dear all,
  I’m a newbie to set up a server but I recently bought a Mac Mini Server and I have some questions in setting up the machine.
  My ultimate goal:
  Set up a multimedia server in my Mac Mini Server which provide photos up / download and Quicktime video streaming services for my friends outside my local Lan.
  My settings:
  ISP (Dynamic IP) →DSL modem →Linksys Router (DHCP) →
  1. Web Cam IP: 192.168.1.253 port 50000
  2. Synology NAS IP:192.168.1.107 port 5000
  3. Mac Mini Server IP: 192.168.1.108
  4. Mac Book Pro x 2(wireless)
  Since I don’t have a static IP, I registered a domain name which link to my dynamic IP. i.e. abc.viewnetcam.com
  I can access my web cam and Synology from outside through port forwarding i.e. http://abc.viewnetcam.com: 50000 & http://abc.viewnetcam.com: 5000
  During set up my Mac Mini Server, I was required to enter the Primary Domain Name, since I did not have a DNS server in my local Lan, I entered MacMinSserver.private
  After I set up the server, I found that there was a message left on the desktop saying that; ….The domain name servers you’re using don’t have an entry for the domain MacMiniServer.private, and therefore your clients won’t be able to access your server using the name MacMiniServer.private…..
  Now here is the question:
  1. Can I just simply avoid to set up a DNS server in my Mac Mini Server? Cause it is very complicate; I have read up some information about DNS server settings which make me feel puzzle.
  2. If DNS server is a must, so how can I set it? I have read the instructions in the HoffmanLabs, but after setting up the DNS server, how can I access my server from outside? Through port forward?
  ( Now I can access my server from outside in Safari with URL afp://abc.viewnetcam.com:548)
  Many thanks.

  I take some time to digest your suggestions. I’m convinced to build up a DNS server, although I don’t fully understand how it works.
  DNS is a way to ask a server or a series of servers to translate a string of a specific format into an IP address. If you follow the article in your implementation, then the local DNS services will cooperate with and access external DNS servers world-wide for public DNS translations.
  But then questions come up again, first what should be my Primary Domain Name?
  I don't know what you're looking at that is using "primary domain name", but the "domain name" you use? I use real and registered and public domains for the domain on private LANs. It's simple, effective, and unique. And I don't have to deal with collisions. I don't prefer to recommend using a made-up domain, as it's a few dollars to get a real domain and then you don't have to deal with collisions if and when you need to expose parts of your network.
  Here, a bogus TLD would be, for instance, macminiserver.myhouse.ngmy69; that's a top-level domain (ngmy69) (TLD) that is not allocated, and unlikely to be publicly allocated, and a subdomain (myhouse) of your choice, and a host name (macminiserver) of your choice. (There are around 300 TLDs already allocated and live, and more are on the way. com, net, biz, org, travel, cat, two-character country codes, and more...)
  This is listed in the article, including the trade-offs, and including a description of bogus domains.
  As you said that the external DNS and the internal DNS should be separately functioning, then is it true that I have the freedom to choose my Primary DNS name? Or I have to stick to certain rules?
  DNS and IP routing work by cooperation. You have to stick to certain rules, and the article guides you through the four general choices for picking a domain name.
  In my case, do I need to use the external domain name, i.e. macminiserver.abc.viewnetcam.com or I rent another registered domain name and it will be macminiserver.xxxxx.com or even I create an imaginary name?
  After you get your LAN DNS going, then read the [dynamic DNS article|http://labs.hoffmanlabs.com/node/1541].
  Here, you've picked a domain (viewnetcam.com) name that's real and registered. That, and the use of the abc and macminiserver subdomains are something you'd have to work out with the folks administering that domain. While it is technically a domain name, macminiserver.abc.viewnetcam.com is also variously called a host name, as that'll usually have an associated IP address, and a subdomain like abc.viewnetcam.com might and variously will not.
  With a real and registered domain (your own registered domain, or a DynDNS host), you can (later) choose to expose parts of your network. You don't own a DynDNS name, and DynDNS doesn't allow you to use various server functions and you can't use that on your LAN. DynDNS is a good solution for remote access into a home network and even for a VPN connection in but (if you're eventually looking to use mail or secure web access or other features) you'll usually end up using your own domain name.
  The second question is that, how can I avoid using the subnet 192.168.1.0/24, as my router is providing the DHCP service, will that means I need to re-organized the whole network included the web cam and my Synology? Is there any simple way to achieve that?
  It's the effort you think it is, and it involves getting that gateway server reconfigured to have its address in a different subnet and the DHCP server reconfigured to pass out addresses within a range within that subnet, and this is an effort that scales as your network increases and as you get IP addresses embedded. If you're going to do remote access via VPN, many home networks and many coffee shops will use 192.168.0.0/24 or 192.168.1.0/24, and having the same subnet on both ends of the VPN means IP routing tosses a snit.
  [Please read the DNS article|http://labs.hoffmanlabs.com/node/1436] through, and then post up questions you might have.

• Leopard DNS Server: Zones with SPF records?

  Hi all,
  I'm trying to figure out how to setup SPF (Sender Policy Framework) records for some domains I'm currently managing with a Leopard DNS server and I don't see any documentation anywhere. Can someone please tell me if it's even an option? I'm new to running DNS with Leopard, so I could use all the help I can get.
  Sincerely,
  Israel
  Message was edited by: Israel Thompson
  Message was edited by: Israel Thompson

  Israel Thompson wrote:
  So let me see if I have this right. Any changes I want to make that will not be editable in the GUI, I want to do them in db.mydomain.com instead of db.mydomain.com.zone.apple? Easy enough. However I tried adding "v=spf1 a mx ~all" (with quotes) to my file and it appeared to have broken the dns zone. What’s the proper way to enter these in manually? Can you give me an example of how it looks in your zone files? I’ve pasted a sample of mine below. Tell me if anything is wrong.
  Israel,
  I am new to Leopard Server - so I'm no DNS guru. I, too, have not used a DNS setup tool that requires a FQDN just associate an IP with the base of the domain (mydomain.com.). How did you get your 'mydomain.com. IN A 11.22.33.44' accomplished? Did you create a new A record and put mydomain.com. in the Machine Name field?
  Here's my setup:
  ========================
  db.mydomain.com
  ========================
  ;THE FOLLOWING INCLUDE WAS ADDED BY SERVER ADMIN. PLEASE DO NOT REMOVE.
  $INCLUDE /var/named/zones/db.mydomain.com.zone.apple
  ========================
  db.mydomain.com.zone.apple
  ========================
  $TTL 10800
  mydomain.com. IN SOA ns1.mydomain.com. admin.mydomain.com. (
  2008010951 ;Serial
  7200 ;Refresh
  3600 ;Retry
  604800 ;Expire
  345600 ;Negative caching TTL
  mydomain.com. IN NS ns1.mydomain.com.
  mydomain.com. IN NS ns.mydomain.com.
  mydomain.com. IN A 64.251.168.218
  mydomain.com. IN TXT "v=spf1 ip:64.251.168.218 ip:64.251.168.220 ~all"
  www IN A 64.251.168.218
  mail.mydomain.com. IN A 64.251.168.220
  mail.mydomain.com. IN TXT "v=spf1 a ~all"
  xserve.mydomain.com. IN A 64.251.168.218
  xserve.mydomain.com. IN TXT "v=spf1 a ~all"
  ns IN A 64.251.168.218
  ns1 IN A 64.251.168.220
  mydomain.com. IN MX 10 mail.mydomain.com.
  ... where xserve.mydomain.com is my machine's hostname.
  I have a funky setup for DNS because I don't have a different, or second, DNS server (just the one on my Xserve with everything else) and my name servers are under this zone. I added the two IPs for my mail and hostname to the base SPF record. Someone could still spoof from using the name or www domains (same IPs) but I can check for it using Postfix up front. I also added "v=spf1 a ~all" in case another mail server tries to check the mailing server or hostname directly.
  You'll usually want to set a TXT "v=spf1 ~all" (SPF null) for any records that have no possibility for mail origins, like your ftp and mobile, but it appears you also have a similar issue to me - those services will be running under the same IPs as the mail service. This is why I added "v=spf1 a ~all" to all essential services (mail and hostname). I don't know what will happen if you add an SPF null to an unnecessary service that happens to also have the same IP. (Will the IP get blocked in a cache during a lookup??) So I didn't add an SPF TXT to those domains. I'm a little confused at this point. I should probably read more about it.
  http://www.openspf.org/FAQ/Common_mistakes
  Also, you'll notice I added FQDN to mail and xserve. If I do this and ensure they are in my reverse DNS PTR records then I've seen that when I add new zone records with same IPs (like for another domain) then the PTR records don't keep switching to the newest entry (why does it do that?).
  I don't think your use of the . in the CNAME records is correct. I think the CNAME records are probably unnecessary since you have already fully defined the domains in A records. Also, those A records probably don't need FQDNs (with the ending .). I only added mine for the reason noted above, concerning the PTR records.
  I hope someone who knows some more than I can chime in on this.
  Larry
  Message was edited by: Larry_S (removed mx from SPF TXT for main domain record, as it was redundant with the ip:)

• Should my DNS server be talking to the internet?

  I have the DNS service running on my OSX server in order to use Open Directory and server-based home folders. To use these server-based home folders I have to put the IP address of the server in the "DNS Server" entry on all the machines in Network Preferences.
  Because the workstations here would seem to be going to the file server for DNS, do I need to open ports on my router or something so that the server can provide this info? I'm having some weird email issues with emails not arriving in a timely manner (inter-office via the internet, some arrive days late) and slow response times in Safari (page takes a while to start loading, and then loads very quickly once server found) so I'm wondering if this is what's causing it.
  Any hints appreciated. Thanks!

  If you only use your own DNS on both server and LAN clients (you should with your setup of using the same domainname internally - a bit "ugly" but it works) you need to also setup any external services IP numbers such as any mail and web servers (and others).
  It wasn't me who set it up like this, but I'm stuck with it! What do you mean when you say to "setup any external services IP numbers"? DO you mean I need to tell the server where to find the mail server so that it finds it more easily? Where do I put them? And would it just be the mail server address, i.e. I assume I don't need to put in every website we want to access? No, that would be silly... but then... who knows.
  I would add forwarders (your ISP DNSes) to /etc/named.conf and turn off IPv6.
  In theory I know about these unix style text files, but do I need to be logged in as root to see them? I can't see the /etc directory and searching for named.conf brings up nothing. Also, I turned off IPv6 on the server and shortly after someone with a server based home folder got a message sayiing that they'd lost connection to all the mounted volumes on that server with "disconnect all". Turning IPv6 back on made that message go away so I don't want to play with that again for the time being!
  Is there a way to set these things up without resorting to editing text files? I'm an old-skool mac user and so it's a bit scary. I should have made that clear from the beginning. Thanks!

• DNS Server Installation

  BT Help have told me that I need to install a DNS server on my laptop as  www.bt.com/www.google.com etc. keep failing to load in chrome and then I get a message saying DNS_PROBE_FINISHED_BAD_CONFIG. This state lasts a few minutes and then everything returns.
  How do I do this installation?

  That is a load of rubbish.
  Chrome probes the default DNS servers using a totally random web address which is intended to fail. It does this to see if DNS redirection is occuring. It should result in an error condition, however if you have BT web preferences enabled, then Chrome can return an error, as it suspects DNS redirection.
  Go to this page and opt out of BT Web Address help, and see if that helps.
  http://preferences.webaddresshelp.bt.com/selfcare/
  There are some useful help pages here, for BT Broadband customers only, on my personal website.
  BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

• New DNS Server

  Hey All,
  We are looking to create a new DNS server.  I am wondering what other people are using for DNS.
  We currently use Linux bind.
  We do not want to use windows DNS
  Thanks
  Sam
  This topic first appeared in the Spiceworks Community

  New features coming to Outlook on the web Today, we are happy to announce exciting updates coming to the web version of Outlook in Office 365. As part of our ongoing work to deliver the richest email and calendar experiences on the web, we are rolling out an improved user interface (UI) and new features that help you be more efficient, stay on top of your inbox, and better manage your calendar. Formerly known as the Outlook Web App (or OWA for short), our browser-based Outlook experience will simply be referred to as “Outlook on the web” going forward. Let’s take a closer look at what’s new.A cleaner look for greater efficiencyOutlook on the web now sports a simplified, cleaner UI to help you work more efficiently. This starts with the new action bar available across our Mail, Calendar, People and Task experiences in Outlook on the...