DNS/Fowarding Servers for OS X Mavericks Server

Similar Messages

• DNS set-up for multiple servers?

  I need some DNS advice....
  I am replacing our old OS Leopard server (that provided web hosting, email, file serving, dns, etc.) with four new Mac Mini Servers (Maverick) to distribute the services. We had an issue on the old machine's fileserver service that brought all services to a halt and then the employees to a halt.
  Since one machine was the central hub of everything it was easy to set-up the DNS to point to it for everything. Now that I have four machines (one of them serving the DNS) I need to know how to point to the other services. The DNS user interface only allows me to input DNS infer for that particular server. How do I add names and address in the DNS to point to the other three servers?
  Thanks in advance.
  Brian

  To add to MrHoffman's advice, as long as the two machines have different IP addresses, they will only know about each other if you tell them.
  For example, server.gilliland.com is running Leopard and is at address 172.16.0.10.  You want a new device to also be know as server.gilliland.com but don't want to shut the other one down.  Ok, give it another address, 172.16.0.11 for example and define on it DNS that points server.gilliland.com to 172.16.0.11.  As far as the new server knows, it is server.gilliland.com and is start of authority for the gilliland.com domain.  The old server thinks the same thing.  But as long as you don't tell either about the other, they will live happily in the belief that they are the one and only server.gilliland.com server.
  Now, as longs are you are already relying on DNS (meaning nothing is linked via IP), then you can completely build you entire new OD cluster while the old systems is still running.  DHCP will tell everyone to use DNS from the old server.  You new servers will be configured with new DNS and they will all be in on the new secret.  When you are ready to make the migration to the new cluster, change DHCP and push new DNS out to the clients.  As long as they connect by name (server.gilliland.com) they will not miss a beat.
  Depending on your services, this can be done with almost no downtime.  Got lots of data?  rsync it.  The biggest headache you will have is likely the mail migration.  That is a torture I wish on no one.  Make sure you have a backup plan, a regression plan, a head for the border plan, and then an alternate plan for when all of those plans fall apart.  I also suggest closing your port forwards on the firewall when you decide to move mail.  This will allow you to validate the migration without new mail coming in.  Thus, if something goes wrong, but not completely "the sky is falling" wrong, then you can restore the old server, open the firewall, and live to try again another day.
  Reid
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
  Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

• Best DNS setup for public-facing Mac server with no NAT?

  What's the best way to set up the DNS server as a member of an existing domain with nameservers elsewhere for a public-facing server with no NAT?
  We own the domain myexample.com and it's name servers and zone files are on a hosted linux server with mail/web server services.
  We now have a Mac server hosted elsewhere and we want it to be a subdomain of our myexample.com i.e. macserver.myexample.com.
  We haven't enabled NAT or DHCP so the Mac server host network IP is a public IP. There is no LAN.
  When setting up the DNS server, what should the primary zone be? macserver.myexample.com, or myexample.com?
  Any advice would be great. Mr Hoffman....are you out there?

  You do need valid DNS services.  But you don't need to provide DNS on the same server.  And if you're not dealing with NAT, things can get easier.
  The easiest approach available is to not run your own DNS services here.   This assumes the OS X Server box is configured on a static IP address, but then that's something OS X Server needs/wants/ expects.
  Use the DNS provided by your domain registrar, and your ISP.    Or maybe on that Linux box, if that's publicly authoritative for the domain.
  Enter the host name and the IP address into the public DNS services that you have configured for the domain, or that you have at your registrar or ISP, or on that Linux box.
  You will need to have your ISP for the static IP configure a PTR record (reverse DNS) for the server, particularly if you're planning to run mail or related.

• How do I set a manual IP address and manual DNS servers for my HP Photosmart 7525 Printer?

  Cannot print.  Had difficulty when printer was initially set up.  Assstance from "happytohelp01" resolved the issue by advising me; a manual IP address andmanual DNS servers for the printer.  I did not write down the information and now my printer is not working (it did work for about a month), now nada.  I initially had problems connecting to the web server - now its doing the same thing, but I don't know what IP adderss and DNS to use.  Please help if you can.
  This question was solved.
  View Solution.

  Hi @LaceyNo1,
  Welcome to the HP Forums!
  I understand that you are wondering, how to set a manual IP address, and manual DNS servers for your HP Photosmart 7525 Printer. I am happy to look into this for you!
  After some searching, I believe I have found the post, that my colleague @happytohelp01, helped you with. Located at this post, Re: Photosmart 7525.
  Hope this is what you were looking for, and have a good day!  
  RnRMusicMan
  I work on behalf of HP
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" to say “Thanks” for helping!

• Looking for a manual to Maverick Server. Where can I find it?

  Looking for a manual to Maverick Server. Where can I find it?

  Hi ..
  Start here >   OS X Server - Apple Support
  Once you have OS X Server installed, from the OS X Server menu bar (top of your screen) click Help > OS X Server Help

• Adding a new DNS zone to OD master for use as mail server

  hi all,
  i recently migrated form apple's postfix to kerio mail server. i am usung an xserve to run OD master, DNS, Jabber, Windows PDC and kerio mail.
  server name is mail.domain1.com and i am hosting it on local IP 192.168.0.4 and using NAT on my firewall.
  i would liek to setuop another kerio domain and mail server on the same box but not sure how to approach DNS.
  i need to add mail.domain2.com
  i am abel to add the second mail server in kerio but not sure if i need to setuo a second DNS zone on the same server on order to be able to have my local clients conect to the new domain. i only have 4 users for domain2.com and plan to use kerios built in autrhentication so i dont realy need another LDAP or user authentication server for now.
  currently i am using the hosting package of my provider to server mail.domain2.com as well as www.domain2.com
  i would liek to keep the site wit he hosting company but just move the mail server with my kerio server. that is teh setup i have for domain1 - i host mail server mail.domain1.com on premices and i have my domain reqistration site host the site for www.domain1.com
  i assme i can do this with virtual domains?
  any help is appreciated.
  thanks
  martin

  hi all,
  i recently migrated form apple's postfix to kerio mail server. i am usung an xserve to run OD master, DNS, Jabber, Windows PDC and kerio mail.
  server name is mail.domain1.com and i am hosting it on local IP 192.168.0.4 and using NAT on my firewall.
  i would liek to setuop another kerio domain and mail server on the same box but not sure how to approach DNS.
  i need to add mail.domain2.com
  i am abel to add the second mail server in kerio but not sure if i need to setuo a second DNS zone on the same server on order to be able to have my local clients conect to the new domain. i only have 4 users for domain2.com and plan to use kerios built in autrhentication so i dont realy need another LDAP or user authentication server for now.
  currently i am using the hosting package of my provider to server mail.domain2.com as well as www.domain2.com
  i would liek to keep the site wit he hosting company but just move the mail server with my kerio server. that is teh setup i have for domain1 - i host mail server mail.domain1.com on premices and i have my domain reqistration site host the site for www.domain1.com
  i assme i can do this with virtual domains?
  any help is appreciated.
  thanks
  martin

• DNS for multi-site same server scenario

  I setting up the DNS for a multi-site server, I understand that the second (and subsequent) site needs to be an alias of the first.
  I have tried setting up the DNS entires as aliases (CNAME) as well as A records to no avail.
  I am sure that it is me, but what am I missing?
  I am unable to access these sites locally so I am positive that no on can access the site outside of the firewall.
  Thank you!

  There's not much detail there to go on...
  In general, yes, you should create one A record for the host, e.g.:
  webserver.domain1.com. IN A 192.168.1.2
  Then other domains should, ideally, point to this via a CNAME:
  www.domain2.com. IN CNAME webserver.domain1.com.
  Technically, it's OK to have additional A records pointing to the same IP, it just makes it a little harder to keep track of, and changing server addresses is a PITA (there's only one place to change it when using CNAMEs).
  As to what your issue is, there's no way of knowing without seeing your domain records and the name server logs. bind is pretty good about logging errors and often provides a good clue when things are amiss. If I had to hazard a guess, though, I'd say you missed a trailing . on the CNAME records, but that's largely a shot in the dark without more information.

• Dns setting require for mail server 2013

  Hello Support,
  I have install exchange server 2013 and working fine but right now i have some change in DNS server record and my mail services stop. what record add to start my mail services ( sent and received). till now exchange server mail box give the error mail not
  connected with server. Please revered ASAP.   

  couple of things to notice. if you saying your exchange services stopped... this wont happen because of DNS or are you saying you exchange is not working/mail flow.
  now i would suggest to quickly check the mail services. run a test for inbound and outbound at exrca.com there you will have the proper answer that what you have missed.
  and at last.. for DNS.. you need MX and A record for your email server for basic functioning .. and for autodiscover couple of more. lets verify the MX and A record first and then verify the send and receive connector. to verify MX do a Nslookup as below
  >cmd
  >nsloookup   {This should resolve to your local DNS if you running this from exchange server, which is recommended and should not time out}
  >set type=mx
  > your-domain.com {This should result "A" record / FQDN of your mail server}
  > set type=A {To verify the above FQDN should point to right IP}
  > mail.your-domain.com [assuming that in MX output you got mail-your-domain.com]
  > 1.1.1.1  [IP of your email server]
  if you are able to verify above then your chances are you dont have issue with DNS.
  Make sure from oursite you are able to telnet t tour exchange server on port 25 and from inside you are able to resolve names from your exchange server and also have internet access.if you able to verify till this point then its the turn now to verify send
  and receive connector. one easy way is exrca.com and then share the results.
  to verify if your exchange is configured properly please follow this link.
  http://www.techieshelp.com/exchange-2013-step-by-step-configuration/                                            
  MARK AS USEFUL/ANSWER IF IT DID
  Thanks
  Happiness Always
  Jatin

• Long delay for login list to appear Mavericks Server

  I am currently looking at an issue where the login list of users takes up to 30 seconds to appear after a user has logged out of their account. This might not sound like much time, but is a long time for the user waiting to get the list. Any ideas on where to look for a remedy, or what tests might be applied would be appreciated.
  Clients are all 2012 - 2013 iMacs and Macbook Airs - About 140 nodes
  Server is a new Mid 2012 Mac Pro Server running Mavericks server with all updates. Open Directory network.
  Network is Gigabit with a 3com 4500 Layer 3 switch and Gig Lan switches.
  Message was edited by: Don Roedl - To edit out my personal machine, which is not relevant to the issue.

  Hello Don
  We have experienced the same issue.
  Are all clients 10.9 clients or 10.8 ?
  If 10.8 home directories should be served as AFP protocol. If 10.9 clients then it is SMB  ( SMB 2 )   OS X 10.10 Yosemite has moved from SMB2 to SMB3.
  Make sure in clients that you have "Show fast user switching" ticked off.
  Otherwise, the user logs out but the client machine will almost never unmount the previous user home directory shared point, the next user will not be able to log in.
  In Server.app under File Sharing you see idle users even after successful log out. It was our case.
  Some people on the internet went to the terminal to add precious terminal commands to force kill idle users after a "x" hours for instance.
  http://krypted.com/mac-security/missing-server-app-settings-for-afp/
  10.8 and 10.9 have differences.
  I suggest you read http://www.amazon.com/Apple-Pro-Training-Essentials-Supporting-ebook/dp/B00HJUBR Q0
  Even if you have lots of experience with OS X.

• Code-signing Certificate Provider for Mavericks Server?

  Our Digicert Code Signing Certificate [which worked fine in Mountain Lion Server but doesn't work in Mavericks Server no matter what I try] is about to expire, and I'm wondering if anyone could recommend a vendor whose code-signing certificates definitely work with Mavericks Server?

  I have just created a self-signed code-signing certificate, I used XCA to generate it which is a front-end for openssl. Obviously being generated from a self-signed rootCA it is not going to be trusted by the outside world but it is good enough for an internal Profile Manager setup since the enrollment process will automatically trust your own self-signed rootCA.
  Anyway, when trying to install it I did come across a gotcha which might help you and others here. I found that if I imported the certificate in to Keychain Access e.g. by double-clicking on it, then Server.app did not list it as an available certificate for Profile Manager code-signing. However if instead I used the option in Server.app under Profile Manager to import the code-signing certificate it was accepted.
  In theory importing via Keychain Access should work as well but it did not, so if you have been doing it that way try importing via Server.app instead.
  If you have already imported it via Keychain Access just delete it from your Keychain and try again.
  With regards to the suggestion from ajm_from_WA for buying one from www.ssls.com I could not find any code-signing certificates listed on their website. These are different to ordinary website certificates.

• Mavericks Server, separate OU in LDAP for Teachers, Students

  We are a school using Mavericks Server 10.9.4: 1 Master, 4 Replicas, 7 facilities, 1700 Users. OD manages our LDAP user database. We need to put teachers/staff into a separate OU in LDAP from the students. Reason is we use WebHelpDesk and CASPER, which also reference LDAP for their User Data and we can't have Student Accounts in those applications. I don't have the first idea where to start. Any help is MUCH appreciated.

  Hi,
  the form alone will only help you with IDM just like you experienced. The reason is that in LDAP and AD what you are trying to do is not an update but a rename in IDMs terminology.
  So what you have to do is:
  Find out that the user has to move and move him in IDM in the form. Put a field in your form like issueRename and set it to true.
  Clone your updateUser workflow and add a new activity issueRename. In the provisioning activity insert a new transition to issueRename if user.issueRename equals true.
  The new activity checks out a rename view modifies it and checks it back in to then continue where the provisioning activity would have gone if you had not inserted the rename step.
  To figure out how to manipulate the view to reach your goal use the bpe on a user with AD and LDAP and check out his rename view. Modify it, save it and check if it worked. When you got it working do the same what you did in bpe interactivly with a script action between renameView checkout and checkin.
  Regards,
  Patrick

• Mavericks Server - DNS wont start

  Upgraded from Mountain Lion + Server to Mavericks and all looks good except that the DNS service wont start. Immediately goes to Off as soon as I click on the enable button.
  These is the log after flush the DNS and try to restart the service:
  Oct 25 13:02:24 mtserver.support.mtinformatica.biz com.apple.serverd[91]: ERROR: SMJobSubmit: The operation couldn’t be completed. (kSMErrorDomainLaunchd error 9 - The job dictionary specifies that it is disabled.)
  Oct 25 13:02:24 mtserver.support.mtinformatica.biz mDNSResponder[66]: SIGHUP: Purge cache
  bash-3.2# serveradmin start dns
  dns:state = "STOPPED"

  Upgraded from Mountain Lion + Server to Mavericks and all looks good except that the DNS service wont start. Immediately goes to Off as soon as I click on the enable button.
  These is the log after flush the DNS and try to restart the service:
  Oct 25 13:02:24 mtserver.support.mtinformatica.biz com.apple.serverd[91]: ERROR: SMJobSubmit: The operation couldn’t be completed. (kSMErrorDomainLaunchd error 9 - The job dictionary specifies that it is disabled.)
  Oct 25 13:02:24 mtserver.support.mtinformatica.biz mDNSResponder[66]: SIGHUP: Purge cache
  bash-3.2# serveradmin start dns
  dns:state = "STOPPED"

• Setting up Maverick Server: hiccoughs along the way

  Hi I'm trying to set up Mavericks Home Server. I'm a server novice. It is a rather time consuming and frustrating process. It is by no means something an average domestic computer user should consider, despite the apple blurb that makes it sound easy. OK enough rant (I'm clearly frustrated and have put in many unproductive hours with this)
  I have bought a new mac mini, and followed Terry Walsh's guide (it was partly its availablitly that convinced me to take the plunge). I have set up a domain name, SSL certificate, and 6 network users. I have two problems. I don't know if they are related.
  On a client I can log into one of the network user accounts, but then when i log out and try to log into another user, I get an error message saying the user account home folder "isn't in the usual place' - it lets me log into the account but with lots of ?? down in the dock.
  I also noticed in the alerts section on the server that there was a reverse DNS problem (host name doesn't match computer name or something..? this might affect users ...). I have a dynamic IP address and an update client from dyndns which seems to work.
  Any help would be much appreciated. Thanks so much

  Then you've misunderstood me and extended the point about using DynDNS as a service to resolve a registered DNS name to a dynamic IP and confused it with the discussion about setting up properly an internal DNS server and DNS namespace.
  "with the use of dynamic DNS as the server's own DNS and the lack of proper local reverse translations" - excuse me but where did I make such a statement? Sorry, but it seems to me you have a bit of a fixation on 'dynamic DNS'. Did you read the multiple posts where I was getting to check that his forward and reverse lookups on his local DNS were working? Where was I talking about using "dynamic DNS" for reverse lookups??
  I'm going to have to disagree with your statement "but this dynamic DNS configuration does not work properly for OS X Server local DNS services." because you are being misleading and again making the assumption of mixing external with internal DNS.  And again I did not make such a statement - you interpreted it as such because again, it seems to me, you have a thing about DynDNS (from your website).
  You and I both know about the need for the OS X DNS server to be correct & authoritative for the domain in the network space it's sitting in - which is usually private. That domain could either be something bogus like - "mydomain.some_tld_we_hope_is_never_taken_for_the_internet" or an Internet legal domain like "example.org". If one uses an Internet legal domain like 'example.org' then as long as the OS X DNS server stays authoritative for DNS for that only inside the LAN (which it has to) there is no issue. There is no issue using the OS X DNS server in a split-horizon setup.
  In the situation where one has a registered domain name (me) I use DynDNS to provide public Internet name resolution for that registered domain name. Perfectly OK and functional way to work. You need to be more clear about the distinction between public, Internet, name resolution and internal (LAN) name resolution.
  "You don't have a registered domain name.   You've (technically) acquired permission to use a subdomain (usually as a host name) from the organization that registered whichever dyndns domain you're using."  What do you base that on? The OP has never shared his domain name so how do you know what he's got??
  "If you're using dynamic DNS, you're probably also on a dynamic IP address". Sorry but I'm going to have to say that you are confusing things even further. You jump from 'dynamic DNS' (which really you need to clarify what you mean by that phrase) to dynamic IP when we are talking about DNS inside his - static - LAN address range. If you are meaning "if you're using the DynDNS service to dynamically update DNS records for your Internet domain when your site's dynamic IP address changes" well obviously that is self-evident. However in the previous paragraph you stated the OP "don't have a registered domain name". You can't have it both ways.
  The OP - for his home network - is not trying to have a "dynamic DNS" for his internal network but a 'static' authoritative DNS.
  Also you seem (??) to be making the assumption that the OP is going to go out and buy a fixed IP from his ISP - I doubt it.
  "I'm also going to disagree with FromOZ on the use of forwarders — those add an extra hop, and — unless you're using DNS-level logging or a DNS-based network nanny filter — don't really contribute much to the whole configuration when you're running a real DNS server.  With OS X Server, you really want to run DNS on your local network, too." Again you mix two concepts and confuse things.
  No forwarders - well then you better tell Apple to remove the option for Forwarders from DNS settings in OS X server. They mustn't know what they are talking about.
  "those add an extra hop" - please... as if the OP is going to going to notice that. Anyway the ISP is likely going to have 99.99% of the queries the OP's network wants cached on their DNS servers already, so actually it will be less hops because the OP's DNS server is not going to have to do recursion queries of the whole DNS chain to resolve addresses.
  "With OS X Server, you really want to run DNS on your local network, too" ?? nowhere in the whole discussion thread have I made the statement "you must not run an (authoritative) DNS server on your local network" in fact the opposite was the case, I was helping the guy to make sure his local DNS was properly setup to serve local (authoritative).
  Sorry, but I really have to say that you really added confusion to the discussion in your last post.
  I think the OP is best served by purchasing a solid reference book - which is why I have been regularly pointing him to the volume which is specifically about OS X Mavericks Server.

• Mavericks Server and Messaging

  Does  Mavericks messaging server work with messaging app on iPads , or do you still need to find some crappy 3rd party client for the iPads?

  markuna wrote:
  So far, so good. What puzzles me is the dot behind the hostname in the second query. Is this the root of all evil?
  If so, how to get rid of it?
  The trailing dot is actually a standard part of the DNS domain name.
  It's been omitted or suppressed by web browsers for many years, so most folks don't realize it's even around.  The dot represents the root DNS servers. 
  These DNS root servers are the root of the DNS hierarchy.  
  DNS parses and traverses from right to left, from root to com to example to www, for instance, for the www.example.com or www.example.com. domain. 
  You'll sometimes see this syntax — with the trailing dot — referred to as a fully-qualified domain name (FQDN).
  (There are some common parsing behaviors that can arise when a domain specification is not an FQDN too, but that discussion is probably best left for another time.)
  If you'd like, you can enter the trailing dot in most any web browser — it'll be accepted.

• Mavericks Server as a router?

  I'm wanting to simplify our office network infrastructure. I'd like to have a Mac mini Mavericks Server and an Airport Extreme. The OS X Server documetation says that in order for Mavericks Server to be able to manage an Airport Base Station, the base station has to be set up in router mode; however, with this configuration, it seems like you couldn't, say, use the DHCP server that OS X Server has...
  So then the option would be to put the base station in bridge mode (how I currently do it), and use the Mac mini server as a router (using a second network interface). But Mavericks Server, as far as I can tell, has no routing stuff built in like previous versions of Mac OS X Server. The documentation on Mavericks Server (if you can really call it that) makes no mention of any sort of Apple solution for basic, small business network infrastructure. And my Googling for any other discussions on the topic seems to be failing me. There's a bit of talk of configuring pf manually to provide NAT services, and I expect there'd also be some manual routing issues.
  Am I chasing a pipe dream to hope that I can use just a Mac mini server and Airport Extreme for my office's connectivy solution? What are other people doing?
  Right now, we have a Mac OS X Server running 10.6.5 (upgrades are always so painful, and this one works) to provide RADIUS service to an Airport Extreme for our wifi, but our router is a FreeBSD box. This more or less is fine, but I'm hoping to make my life a bit easier by having one less thing to manage. But if I've got to setup pf and stuff by hand anyway, I might as well keep this in FreeBSD where this sort of thing is much more common and better supported...

  Debora Swier wrote:
  I am setting up an entirely new network with a CIPA firewall/gateway and Mac OSX server (2 x MacMini; one as main server and one as cache server).  Do I need to set up the CIPA first and then set up my Mac Server?
  You're going to have to establish the IP address space to start with, and the gateway-router-firewall-NAT box is usually the first piece of configuring that.  That box will usually first reference off-LAN DNS, too.
  To start with, get out of both 192.168.0.0/24 and 192.168.1.0/24, and get into an IP subnet somewhere else in the 192.168.0.0/16 block, or somewhere in the 172.16.0.0/12 block, or somewhere ("weird") in 10.0.0.0/8 private IP blocks.  This to avoid problems with eventual use of VPN connections into your network.
  I'll usually assign the lowest-numbered IP addresses to the  gateway-router-firewall-NAT box and to the server(s) and printers and other devices that need fixed (static) IP addresses, then leave a gap of maybe 20 or 50 IP addresses depending on the network, and then allocate the DHCP pool from the top 50 or 100 IP addresses in the subnet.  This because the addresses I type more often are shorter, and the volatile (dynamic, DHCP-set) addresses are in a higher and less-memorable range.  How much you allocate to the static hosts and how big the dynamic pool is depends on how much you're expecting to add to the configuration.  Maybe 1 to 50 or 1 to 99 for static, then maybe 100 or 150 or 200 to 254 for DHCP pool, for instance, and depending on how many static and how many dynamic devices are expected.  Don't cramp the static address pool — leave room for adding hosts there.  If you expect or if you do have a lot of dynamic hosts around, then you're likely going to be working with a router and multiple subnets and/or otherwise shuffling that DHCP pool around.  The DHCP stuff is more flexible and dynamic, the range of addresses available for static-configured servers is, well, static.)
  The default behavior of most gateway-router-firewall-NAT boxes is usually secure, and those usually only allow outbound connections, which you'll be using (when you first get going) to load software and updates and related.
  Once the OS X Server IP is set and local OS X Server DNS services are configured — do not skip this, do not reference off-LAN DNS serves, do not try to use ISP DNS servers or Google DNS servers here, set up local DNS services.  (The only reasons to skip this: you're at public IP addresses and can use public DNS servers, or you already have LAN-local DNS server(s) configured — and warning: while many will reference DNS services, very few gateway-router-firewall-NAT boxes actually have DNS servers.  If you're not able to enter a list of local host names and local addresses, you do not have a DNS server in the box.  You'll usually have what's known as a DNS resolver, and that won't work.)
  Once you have OS X Server DNS tested and working, then reconfigure the gateway-router-firewall-NAT box to reference the OS X Server DNS server, and not the ISP DNS server(s).  Again, do not reference off-LAN DNS servers here.  Just the DNS servers located "behind" your gateway-router-firewall-NAT box.  This will then allow the other clients on your network to acquire the proper DNS server address.
  At your option, you can configure DHCP server on the gateway-router-firewall-NAT box, or on the OS X Server box.
  I suspect you're referencing a CIPAFilter box, and that would imply this isn't a residential network, and that you may well be creating a wholly new network for an educational organization — there's rather more to setting up such an environment than just the firewall and the address space.  You're headed toward establishing Open Directory and some related pieces, right after setting up the IP address space and DNS services, for instance.
  This CIPAFilter box may well filter based on DNS translation requests from local clients, which means there could be other requirements here — some of these boxes use DNS-based filtering, which means somebody will have to figure out how to get OS X Server DNS and any DNS services in this box working.  It might be enough to reference this CIPAFilter box as the DNS forwarder within the OS X Server configuration.
  Here's a longer write-up on networking boxes and bits and bobs.  How that CIPAFilter works, I don't know, and would have to have the model number and then spend some time with the documentation to answer that one...
  As is probably becoming obvious from the above wall of text you've just read, this probably isn't going to be the same question, and — to avoid melting my poor brains with the sorts of confusion that tend to arise in these conflated threads — probably should be started as your own thread somewhere here in the OS X Server forum.  (Ayup, IP networks and DNS services I can do.  Conflated forum threads tend to confuse me.    Go figure.)