DNS - Machine Record vs Alias?

Similar Messages

• DNS, A Record (Machine Record) & Pointer Record (PTR)

  Hi,
  When I contacted my ISP to have the Pointer Record (PTR) & A Record (Machine Record) assigned to my static IP address, I think the technician assigned the A Record as "www.example.com". When I installed SLS on my server, I gave it the name of "macserver.example.com".
  I'm now having some problems setting up my users services and think maybe the A Record assigned by the ISP should have been named "macserver.example.com". Am I correct? And, if so, when I contact the ISP am I using the proper terms? And is there anything else that I should let the ISP know?
  TIA
  John

  Hi,
  I assume your ISP contacted your local top level domain (registrar) and made the necessary changes, creating a name server (NS) for your IP. I don't understand though... do you have a registered domain? Like something.com or whatever? Because example.com is NOT a real domain.
  If you only need a DNS system for the local network you don't need such a domain. You can set whatever DNS name for your server if that is the case.

• DNS "A" Record Preventing Networked Users from Seeing Own Website

  I just set up a DNS "a" record in Server Admin to point "mail.xyz.com" to my server's internal ip (10.0.1.1).
  I did this so users could stay on the network with sending and receiving mail, as opposing to going out onto the web to do so. (I have MX records on Network Solutions point "mail.xyz.com" to my server's external ip.) All of their mail clients list "mail.xyz.com" as the mail server, instead of the server's internal ip.
  Trouble is, when users on the network try to access our website, "xyz.com," their browsers now return an error, saying they cannot find the server.
  Any idea?
  Lost count   Mac OS X (10.4.9)  

  Steve and David --
  This works. I am using Server Admin. To reiterate, I
  added a zone "mysite.com" and a primary server "mail"
  and pointed it at my server's internal ip so my users
  can stay "inside" while checking mail.
  Then, to follow your suggestion, I added a machine
  named "www" to zone "mysite.com" pointed to my
  server's external ip.
  Some questions: How can I be sure the client's
  machines are going interally to the server for mail?
  (When I dig it in terminal, "mail.mysite.com" returns
  an "a" record for the server's internal ip -- I
  suppose that is sufficient.)
  Yep!
  Should the primary name server for the zone be "mail"
  with "www" as an added machine, or vice versa?
  The primary name server just identifies the machine which is responsible for holding records for that zone (domain). Add www as a 'machine' - think of each 'machine' as a specific IP address which identifies a host, hence IP / Name partnership. Any other hostname on same IP is an 'alias' (which becomes a CNAME record in the dns file).
  You say I have to do this with "any record hosted in
  my public dns as a mirror." I am running three
  websites from my server, all with public dns pointed
  at my server. (I use the same mail
  server--mail.mysite.com--for all three.) Do I need to
  set up a "www" record for each website? I have no
  problem accessing the sites from internal client
  machines.
  the basic issue is that any zone (domain) defined in your own dns becomes 'authoritative' for that domain. So when clients ask your internal dns about any zone (domain) which is defined in it, and your server does not have that record, it will respond with "no such record" and your clients must take that on face value.
  Therefore, you only need to mirror records for domains which you have defined in your own dns. If you have external www.domain1.com and www.domain2.com but only have domain1.com established on your internal dns, then you only need that domain's www record mirrored. Your server will therefore not be authoritative for domain2.com and will pass all requests out to whichever external dns is authoritative for it.
  -david

• Newbie help with Fixed IP configuration / Machine Record

  I have a Mac Mini running Snow Leopard Server. It has a fixed IP, and runs a variety of web services, iCal Server and Address Book Server. I've been having problems getting VPN to work (can connect from client OK, but not able to get any traffic through the VPN subsequently).
  In the process of trying to work out what is wrong with VPN, I noticed an oddity with the 'machine record' in DNS. The server was configured initially while connected to a LAN, but now runs with a fixed IP / FQDN outside the LAN.
  DNS is set up with the original machine name (sls.2gc.org) assigned to the original 192.x.x.x address it had when first configured. The reverse entry is also based on this 192. number.
  This name and 192.x.x.x number also appears in the 'Workgroup Manager' in the machine record.
  The new configuration has the machine assigned to a FQDN that is not the same as the original machine name (2gc.org, rather than sls.2gc.org), and a different IP address (77.44.50.51).
  Question is do I need to do anything (does the mapping to 192.x.x.x matter). If so, do I simply run changeip to correct the number / name, or do I have to also manually change the Workgroup Manager and DNS entries too?
  Thanks in advance for any help.

  You need a second IP for the server which you can use to get at services in the server itself.
  If you try to use the main IP, even when the VPN is up, the traffic will not go through the VPN but direct and will then be stopped by the firewall.
  From what IP-range does the VPN client get it's IP?
  If you need to go through the VPN and then to Internet (via the server) you need to have NAT running.
  NAT requires the firewall running and you'd also need ipforwarding (automatically on when firewall/NAT is on).
  The server can have a second (private) IP added to an alias en0 ethernet interface.
  I'd prefer using a NAT router/firewall between server and Internet or a second (LAN) interface in the server. Some use Apple USB -> ethernet adapter but you also have the AirPort one (but it won't make a good AP and you only get WEP encryption).

• SPA 5xx and 9xx phones registering to all proxies with DNS SRV records

  A weird situation -- I use DNS SRV records to prioritize the two Asterisk servers to register to (east coast vs west coast).  However it seems that phones are often registering to BOTH servers and show as live on both at the same time.  There seems to be little rhyme or reason as to when it occurs, but it's weird.  Fortunately the phone does seem to be preferring the higher priority SRV record but I can't figure out why it is registering to both.
  This happens with SPA-942s (6.1.5a) and SPA504Gs (7.4.9c). 
  Any ideas what makes this happen?  On the surface it seems like a good thing, but functionally the phones are registering the same port numbers and only the priority server can get through firewalls with traffic for the phones.  This screws up my "presence" indicators within the system.
  DNS SRV RECORDS:
  _sip._udp.west.server.net  (for west coast customers)
  Priority 10:  west coast machine
  Priority 20:  east coast machine
  _sip._udp.east.server.net (for east coast customers)
  Priority 10:  east coast machine
  Priority 20:  west coast machine

  We determined this was not actually happening.  There was a syncing taking place in the background that was giving the impression this was happening but it really was not.

• Unable to run the application via DNS CName record.

  I have  Windows Server 2008R2 running an application that connects to a database via a DNS CNAME record. The application was working fine until after yesterday when it could no longer
  connect to the database. The database server is up and running without any issues. You have verified remote connectivity to the database server from your workstation.
  How would you troubleshoot the issue and what are the steps to resolve it?

  It might be that the application does not support using aliases for DNS resolution. You will need to contact your application developer/vendor for assistance.
  To make sure that DNS resolution works properly from the infrastructure level, you can simply use
  nslookup and make sure that the resolution is done properly.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• DHCP Reservation Sync and DNS Host record sync etc shown in IPAM GUI

  Hello all,
  I am aware of the scripts in the TechNet script center to sync DHCP leases etc to IPAM, however my question is about something else -
  If you highlight an IP address (IP address inventory->select an IP), You can see fields that say: "DHCP reservation sync", "DNS PTR record sync" and "DNS host record sync" as below:
  I was curious as to what these are for. Is there some built-in sync functionality for these that I perhaps have not enabled? (Don't see such options any where..)
  thanks,
  -Ravi

  Hi  Ravi ,
  The three columns tell us the information of the synchronization between IPAM server and DNS server (or DHCP server) .
  Here is the detailed guide for using IPAM :
  Using the IPAM Client Console :
  https://technet.microsoft.com/en-us/library/jj878351.aspx#inventory
  IPAM can sync DNS and DHCP records .
  The IPAM database is separate from DHCP and DNS servers on our network ,and full synchronization of hosts and IP addresses between IPAM and managed DNS or DHCP servers does not occur automatically
  unless we have configured automated tasks to perform this synchronization .
  For detailed information ,see
  DNS and DHCP record synchronization chapter in the following link :
  Multi-server Management :
  https://technet.microsoft.com/en-us/library/jj878329.aspx
  Best Regards,
  Leo
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Hostname/DNS "A Record" name

  We are having an issue with one domain bellsouth.net we are basically getting this back from them.
  12:18:29 928 MSG 10801 Recipient: [email protected]
  12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for abuse. Contact [email protected]
  12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for abuse. Contact [email protected]
  12:18:59 480 MSG 10803 Analyzing result file: /media/nss/MAIL/ndhdom/wpgate/gwia/result/rae59395.645
  12:18:59 480 MSG 10803 Detected error on SMTP command
  12:18:59 480 MSG 10803 Command: bellsouth.net
  12:18:59 480 MSG 10803 Response: 521 Error - Blocked for abuse. Contact [email protected]
  When I looked up the Detected error on SMTP command, I found some information about the Hostname, currently on our server it is setup as Hostname/DNS "A Record" name: ndhc.org (according to the internet domain holder (godaddy) the host name is ndhc.org and the "A" record name is mail. What should we have in the Hostname/DNS "A Record" name field? I believe that we have tried the servername.domain name (liberxx.ndhc.org) and that failed and I think that we also tried (mail.ndhc.org) I cannot confirm that we actually have it has been awhile since we did this project, but I am just wondering if someone can help clear this up for me. Thank you. This issue only started happen with Bellsouth.net when we switched from the NetWare GWIA to the Linux GWIA is there something else that might have been missed.

  Originally Posted by mrosen
  Hi,
  dschaldedfg wrote:
  >
  > We are having an issue with one domain bellsouth.net we are basically
  > getting this back from them.
  >
  > 12:18:29 928 MSG 10801 Recipient: [email protected]
  > 12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for
  > abuse. Contact [email protected].
  > 12:18:30 888 DMN: MSG 10802 Send Failure: 521 Error - Blocked for
  > abuse. Contact [email protected].
  > 12:18:59 480 MSG 10803 Analyzing result file:
  > /media/nss/MAIL/ndhdom/wpgate/gwia/result/rae59395.645
  > 12:18:59 480 MSG 10803 Detected error on SMTP command
  > 12:18:59 480 MSG 10803 Command: bellsouth.net
  > 12:18:59 480 MSG 10803 Response: 521 Error - Blocked for abuse.
  > Contact [email protected].
  >
  > When I looked up the Detected error on SMTP command, I found some
  > information about the Hostname, currently on our server it is setup as
  > Hostname/DNS "A Record" name: ndhc.org (according to the internet domain
  > holder (godaddy) the host name is ndhc.org and the "A" record name is
  > mail. What should we have in the Hostname/DNS "A Record" name field?
  mail.ndhc.org
  Okay, so you think we should try putting "mail.ndhc.org" into that section (Hostname/DNS "A Record" name field) instead of what we currently have "ndhc.org"
  But that error doesn't sound like it's related to DNS. It much more
  sounds like you're really blacklisted for sending spam. If it's really
  the hostname, then their system is giving out extremely stupid result
  messages. Have you tried to contact the given email address in the
  message?
  I know when we first setup the system we were having an issue with the GWIA relaying, but that has since been rectified, they are the only ones that are blacklisting us, because I have checked on other sites (blacklisting websites that is) and there is nothing about our site being blacklisted. I think basically the people that are trying to receive the messages respond back saying that they never received emails from the people here at ndhc. If memory serves they have been emailed from other accounts and those go through because Bellsouth.net is not blocking those accounts, like yahoo, gmail, etc.
  CU,
  Massimo Rosen
  Novell Product Support Forum Sysop
  No emails please!
  Untitled Document

• KMS: DNS A records

  hi,
  We have a KMS server with srv record KMSSERVER01.CONTOSO.COM pointing to 192.168.1.1
  We created DNS A record KMS.CONTOSO.COM also pointing to 192.168.1.1
  If we use the sethst parameter in KMS client and use KMS.CONTOSO.COM, will it work?
  Thanks

  Hi,
  According to the parameter I guess you used the tool ospp.vbs. It should work without issue.
  http://technet.microsoft.com/en-us/library/ee624350(v=office.15).aspx

• DNS Host Records Missing

  Hi,
  We are having an issue where DNS Host records seem to be missing, a user logs on and they don't get their group policies. They can logon again and get their group policies. However the DNS Host record is still not created on the DNS Servers.
  If we reboot the PC the DNS record is created. What is going on.
  We have 2 DC's running DNS, and one of them runs DHCP.

  Hi,
  According to your description, my understanding is that client does not registry record in DNS server when user logon. And the DNS record will be created after rebooting the client.
  DNS updates can be sent for any of the following reasons or events:
  1. An IP address is added, removed, or modified in the TCP/IP properties configuration for any one of the installed network connections.
  2. An IP address lease changes or renews with the DHCP server any one of the installed network connections. For example, when the computer is started or if the
  ipconfig /renew command is used.
  3. The ipconfig /registerdns command is used to manually force a refresh of the client name registration in DNS.
  4. At startup time, when the computer is turned on.
  5. A member server is promoted to a domain controller.
  A user logon behavior will not trigger DNS update/registry. You may Open CMD on client and type
  ipconfig /registerdns command to manually force a refresh of the client name registration in DNS. 
  If I have any misunderstanding about your question, please correct.                           
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Machine records in two different directories - ok?

  I'm running an OD master that several hundred managed workstations are bound to. There are machine records for every workstation in the directory, for MCX purposes. I'm currently building another OD master from scratch on a different server that I will bind all workstations to in the winter. The clients do not receive LDAP from DHCP, I have the search paths manually specified.
  My question is this - if I add records ("accounts") for all of the managed workstations and set up all the managed preferences in the new directory, will the the workstations themselves be affected in any way, or will nothing happen until I unbind them from the old directory and bind them to the new one? I believe this (the latter) is how it should work, but I want to be certain before creating all the accounts in the new directory.
  My concern is that the new managed prefs on the new server will in some way take effect on the workstations even though they're still bound to the old server, or that there will be some sort of conflict. Any ideas?
  Thanks for any advice.

  Hmm. That is my understanding as well.
  Though one thing - you mention
  +"If there are computer records in both directory domains, whichever's listed first in the search policy should take precedence."+
  However, as I'm planning it, the clients will only have one directory domain in their search path at a time..the records will exist in the second directory domain, but the clients won't have this second domain put in their search path until I make the switch to the new directory in production, and at the same time also remove the first directory domain from the client's search path.
  I think this answers my question. Thank you.

• DNS host records priority

  Hi,
  We are using EPM (Enterprise Project Management) in our organization.
  We have to provide access to it from three different subnets:
  Local
  Organization1
  Organization2
  The DNS already added the host record for the local IP. Ex.: srvepm 192.168.0.1
  Then we added two other host records for the other subnets.
  Ex.: srvepm 192.168.10.1
  and
  srvepm 192.168.20.1
  We have an alias to that server: epm (that is related to the srvepm server)
  It works fine. But, some machines in our organization keeps getting the other IP addresses from the DNS and this is making the service unavailable for those machines.
  What I did is unchecking the "Register this connection's addresses under networking settings.
  But when the server was rebooted the three host records were erased and it keeps shuffling it to the machines.
  Anyone knows a way to fix this problem or how can I set priority on host records so it doesn't makes that anymore?
  Hope I was able to show my problem correctly.

  Since the app is not AD aware, it's using Netmask prioritization. Here's more on it below - and sorry for all the links. It's a heavy topic with lots of factors governing it. If the app was AD aware, then we would create AD Sites, and let AD handle it.
  DNS Subnet Priortization & DNS Round Robin
  Published by Ace Fekay, MCT, MVP DS on May 29, 2010 at 3:14 PM  794  0
  http://msmvps.com/blogs/acefekay/archive/2010/05/29/dns-and-subnet-priortization-amp-dns-round-robin.aspx
  Technet Thread - "DNS issue : DHCP relay + VLANs + multiple AD Sites" 9/1/2011
  (Heavily discusses Active Directory SITES (not "web" sites), subnet priortization and subnet bits and how it uses the longest network bits first)
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/ea03c013-7484-4a24-96be-d95219b69b3f
  Technet Thread: "How to achieve different DNS reddirection according to the NIC the request came" 2/10/2012
  Discusses the use of TMG/ISA/Proxy and multiple sites (not websites)
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/9b90cc25-1d13-40e1-ab7f-9ee684a73f8b
  Technet Thread: "DNS Netmask Ordering" 5/17/2011
  Discusses how Windows Vista and Windows Server 2008 follow RFC 3484 for destination IP address selection, which does not honor DNS round robin by default. However, this can be changed by a registry entry, including a link to Microsoft KB968920 that further
  explains this.
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/32f820bf-b871-4b76-9c9b-12413e33801a
  Windows Vista and Windows Server 2008 DNS clients do not honor DNS round robin by default:
  http://support.microsoft.com//kb/968920
  DNS Round Robin and Destination IP address selection
  http://blogs.technet.com/b/networking/archive/2009/04/17/dns-round-robin-and-destination-ip-address-selection.aspx
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• DNS on Server 2008 R2: DNS A records strangely disappear

  Hello,
  I am experiencing very strange problems with my DNS (Server 2008 R2, AD integrated). Several A records for Windows clients are missing, and even if I register them as static they somehow disappear again. However, the AAAA records are still around (IPv6 is
  running in default configuration, I haven't touched that at all), but another strange thing here is, most of them are listed as STATIC records.
  At present, the DHCP server is set to NOT register the clients with DNS. DNS accepts only secure updates, scavenging is disabled. (I am somewhat reluctant to disable dynamic updates on the DNS server completely because I think the DCs register and update
  lots of records dynamically). When I register all missing A records, most affected clients loose it again within an hour or so but some seem be fine. It seems to me that about 20 % of the clients are affected.
  I have enabled Directory Service Changes auditing, and its in fact the machine account which appears to be responsible. Clients with A records generate 10 entries (ID 5136) in the DC's security log while the problematic clients generate only the
  first 5 events. So it appears to me that they can delete the record but not create a new one. All clients are set to register themselves with DNS.
  As far as I remember I had Windows clients with missing A records in the past once in a while but the problem became really serious only about one and half weeks ago.
  Does anyone have an idea of what might be going on here? Can I safely disable DNS dynamic updates without adversely affecting AD/DC functionality? Generally, we don't actually need dynamic updates.
  Cheers, Georg.

  What operating system are the clients?
  I would like to first point out how registration works with static and DHCP, and the differences depending on how DHCP is configured.
  =====================================================
  1. By default, Windows 2000 and newer statically configured machines will
  register their own A record (hostname) and PTR (reverse entry) into DNS.
  2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
  the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
  (reverse entry) record.
  3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
     Note: "This is a modified configuration supported for DHCP servers
           running Windows Server 2008 and DHCP clients. In this mode,
           the DHCP server always performs updates of the client's FQDN,
           leased IP address information, and both its host (A) and
           pointer (PTR) resource records, regardless of whether the
           client has requested to perform its own updates."
           Quoted from, and more info on this, see:
  http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
  4. The entity that registers the record in DNS, owns the record.
     Note "With secure dynamic update, only the computers and users you specify
          in an ACL can create or modify dnsNode objects within the zone.
          By default, the ACL gives Create permission to all members of the
          Authenticated User group, the group of all authenticated computers
          and users in an Active Directory forest. This means that any
          authenticated user or computer can create a new object in the zone.
          Also by default, the creator owns the new object and is given full control of it."
          Quoted from, and more info on this:
  http://technet.microsoft.com/en-us/library/cc961412.aspx
  =====================================================
  Therefore, based on that, even if you have DHCP set to not register, and the clients are 2008/Vista and newer, then DHCP is doing it. That explains why you see the system account doing it.
  Now, I think it will actually help you if you configure DHCP to register everything, configure credentials, and add the DHCP server computer object to the DnsUpdateProxy group. Don't add anything else to this group.
  This way DHCP controls everything and it's easier to track AND more importantly, DHCP can update already registered records.
  ====================================================
  In summary:
  DHCP DNS Update summary:
  - Configure DHCP Credentials.
    The credentials only need to be a plain-Jane, non-administrator, user account.
    But give it a really strong password.
  - Set DHCP to update everything, whether the clients can or cannot.
  - Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
  - Add the DHCP server(s) computer account to the Active Directory,  Built-In DnsUpdateProxy security group.
    Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group.
    For example, some folks believe that the DNS servers or other DCs not be
    running DHCP should be in it.
    They must be removed or it won't work.
    Make sure that NO user accounts are in that group, either.
    (I hope that's crystal clear - you would be surprised how many
    will respond asking if the DHCP credentials should be in this group.)
  - On Windows 2008 R2 or newer, DISABLE Name Protection.
  - If DHCP is co-located on a Windows 2008 R2, Windows 2012, Windows 2012 R2,
   or NEWER DC, you can and must secure the DnsUpdateProxy group by running
   the following command:
    dnscmd /config /OpenAclOnProxyUpdates 0
  - Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway.
  - Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
  References:
  This blog covers the following:
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx  
  Good summary
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  Another good Summary:
  Thread: "DNS problem" December 18, 2013
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/37b8b6b3-6cb1-496c-8492-09ded13bab18/dns-problem?forum=winserverNIS
  Another good discussion that Microsoft support concurred with my settings for a poster that called in to Support, which verified my configuration suggestions in my blog are correct:
  DHCP Server Not Registering A Records for Windows Clients
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e4b285d6-5795-4045-83ff-3a3c793b2cfc/
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• DNS: A record for domain?

  Trying to configure BIND in Snow Leopard Server so I can migrate current DNS to an XServe. My goal is to be able to use Server Admin for as much as possible, but I know this won't be entirely possible in my setup (wildcards, bizarre reverse delegation limit my options here). I've used generic names here on purpose, but yes, I do know what I am doing.
  Currently, I'm trying to create an A record for a domain so that I users will hit my website whether they enter domain.com or www.domain.com. I have the following entry to my domain in SA:
  +domain.com. Machine 1.2.3.4+
  I verified that this entry was correct in the zone file itself. Indeed, I found the following entry in the appropriate zone file:
  +domain.com. IN A 1.2.3.4+
  However, when I attempt to query the server using dig, I do not get an answer:
  dig a domain.com @server.domain.com
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> a domain.com @server.domain.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16570
  ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  ;; WARNING: recursion requested but not available
  ;; QUESTION SECTION:
  ;domain.com. IN A
  ;; AUTHORITY SECTION:
  domain.com. 10800 IN SOA server.domain.com. admin.domain.com. 2010070702 86400 3600 604800 345600
  ;; Query time: 10 msec
  ;; SERVER: 1.2.3.4#53(1.2.3.4)
  ;; WHEN: Fri Jul 9 06:02:13 2010
  ;; MSG SIZE rcvd: 95
  What am I missing here?

  Be aware that this is not a production server yet, and I acknowledge that this isn't fully kosher yet. I am just testing the config to see if it will work.
  Server is 206.123.100.18. Zone is a3dtech.com. Zone file:
  ;GUID=4EAE5E10-15F4-457B-8CAC-D9702FB1E186
  ;selfResolvingHostname=0
  $TTL 10800
  a3dtech.com. IN SOA ns1.a3dauto.com. admin.a3dauto.com. (
  2010070901 ;Serial
  86400 ;Refresh
  3600 ;Retry
  604800 ;Expire
  345600 ;Negative caching TTL
  a3dtech.com. IN NS ns1.a3dauto.com.
  a3dtech.com. IN NS ns2.a3dauto.com.
  * IN A 206.123.100.18
  a3dtech.com. IN A 206.123.100.18
  mail IN CNAME mail.a3dauto.com.
  svn IN CNAME daniel.a3dauto.com.
  a3dtech.com. IN MX 10 mail.a3dauto.com.

• DNS NS Record

  After DNS has been initially set up, when going back into Zones should the NS entry where you named the machine have the fully qualified check box 'checked' and the FQDN in the name area? I'm not sure when this was originally set up if the FQ checkbox had been checked and the machine name is the FQDN. Or does this automatically happen once its been setup.

  Darryl,
  If you are using the Server Admin.app, when you create your Primary Zone it wants a fully qualified zone name, so anything you type will become fully qualified; example.com will be example.com. (the extra period is there to tell BIND that the domain is 'example.com' not 'example'). In the GUI (at least under 10.5) there is ALWAYS a trailing dot forced, so the domain will ALWAYS be Fully Qualified (meaning it cannot be removed, and this is fine, you do not want to forget the period EVER)
  As an aside, when creating a new Primary Zone, Server Admin will auto-magically create the A record for your nameserver and default it to 10.0.0.1, but that is all that id done. Even if you select a mail exchange name, no A record is created.
  You will need to set up the A record which defines the machine represented by the domain to an IP.
  Peter