How to set up DNS behind a NAT router...

I am trying to configure DNS in Panther Server as the SOA for my domains and as a LAN name server. I've read several explainations about setting up DNS including technical document 106853 "How to set up DNS in a NAT environment" which says:
Note: For Mac OS X Server 10.3 or later, you should use the Server Admin
application to configure DNS and NAT. Please see the Network Services
Administration Guide for additional information.
Seeing how picky BIND is, this sounds like a good idea, except I can't configure views like that.
Questions:
1) What happens if I create an A record in my main domain for newmac.mydomain.com-->10.0.1.2? People outside the LAN can't get to it, right?
2) Can I create really simple names for the LAN like newmac-->10.0.1.2?
Thanks!

You can use "system-config-network" command to configure your DNS configuration.

Similar Messages

How to set up the client-specific consolidation routes

Hi!
I am setting up TMS-functionality in my 2-system landscape (DEV, PRD) and would like to use 2 Clients in the DEV-system (100> Cust and 200> Test).
<b>How can I set up the tranport routes between the Clients 100 and 200 in the same system DEV?</b>
I read, the client-specific consolidation route should be applied in this case?!
(also some parameter settings should be edited, e.g. CTC)
<b>Can some one give me a detail technical description how to set up the client-specific consolidation routes between Client 100 and 200 in DEV-system?</b>
Thank you!
regards

Hi Axel,
You have activate Extended transport route.
refer this link to helpout for the same
http://help.sap.com/saphelp_47x200/helpdata/en/2e/709533ef9b11d184850000e8a57770/frameset.htm
Reward points if helpful.
Regards
Ganesh

How to set up DNS on OEL ?

Hello buddy:
How can I set up DNS on OEL ? Just for install 11g R2 RAC

You can use "system-config-network" command to configure your DNS configuration.

How to use a fixed port for remote assistance in windows 8.1 behind a nat router freebox?

Hello,
Before to use remote assistance in windows 8.1, i need to configure my nat router freebox.
But remote assistance ( msra.exe ) use a dynamique port and never the same.
How to use a fixed port for remote assistance ini windows 8.1 ?
And why i can't use easy connect ?
i read that the router must implement the PNRP protocol. I think it's a propriatary microsoft's protocol unknow on my router.
Thanks

Hello,
Very good. It's a big range ( 255 mini from 49152 ) for a single port but if it's the only one possibility...
You are very helpfull ( i don't know if it's a good english but you make me very happy )
Merci beaucoup

RV180 - DDNS behind 2nd NAT router

Hello community,
is it possible to use the DDNS feature (dyndns.com) behind a 2nd NAT router?
Network is as follows:
INTERNET - NAT-Router (unknown device) - Cisco RV-180 (NAT) - Clients
Kind Regard,
Michael

If you put your dyndns client in front of the rv180 or one the nat router's dmz, you should get the correct IP address. I usually use the DMZ port on a nat router when putting a vpn router behind a nat one--this solves a lot of the IP address issues for the vpn router.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

How to set two DNS domain in one Remote VPN group policy

Hello experts
I am using ASA 8.2 to provide IPsec remote VPN for our staff. And in the group policy I set default domain name which is needed for our DNS server to resolve internal URLs. But the problem is now we have two domain names on our DNS server, and host names in two domains are differents. So if I setup one domain name in the group policy, URLs in the other domain cannot be resolved when using VPN. But ADSM seems doesn't allow me to setup two domain names for the attribute 'Default Domain'. What can I do?
Thanks a lot.

Come on Experts, please help. Any way to achieve that, or it's a mission impossible.

How to set a DNS suffix?

Howdy!
Is it possible to insert a DNS suffix somewhere in OSX 10.4.8? I've been googling forever, but all that comes up about DNS suffixes is Windows related.
Any ideas?

What do you mean by 'DNS suffix'?
If you mean a domain name that's automatically appended to hostnames when resolving, add the domains you want to the 'Search Domains' in Network preferences.

Internal DNS server and NAT routing issue.

Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
Thanks

Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying.

How to set up automatic connection to a router's login page

When I try to use a public wifi (say at the library) that requires a simple login, my Firefox does not automatically seek the login page. How can I make that automatic? Of course, I am manually connecting to the router and opening my Mozilla, but it simply times out because it finds nothing. In order to make it work, I always have to type in IP address. How do I make Mozilla automatically find the login page once connected to the router?

jscher2000,
I tried your suggestions: (i) When I clicked a bookmarked page (wsj.com) it continued to spin its wheels and ultimately timed out. (ii) Ctrl+Shift+r did absolutely nothing also.
Also, I tried your suggestions in both Mozilla Firefox and Internet Explorer to no avail.
There must be a simple setting in either of the two browsers options menus that tells it to automatically seek out a router's login page. Why would this not be occurring on my four month old laptop.
Thanks for helping.

?? How to set up actiontec MI242wr rev F router to accomodate Static IP addresses, port forwarding?

I just got a new Verizon/Actiontec replacement router and I want to configure 4 or 5 static IP addresses beginning at 192.168.1.201 and above.
At this point, I have changed the DHCP range from 192.168.1.2 - 192.168.1.250, to 192.168.1.2 - 192.168.1.200, so that is now the DHCP pool. That presumably leaves anything above 192.168.1.200 open for static IP assignments.
a) So now how do I create a Static IP reservation for a device? (what router screens should I use? do the device(s) that I want a static IP have to be connected?, etc.)
b) Once I have the static IP address reserved/configured, how can I make the appropriate port forward rule(s) for the devices? Specifically, I want to allow SSH connections to each of the static IP addresses/devices.
(I tried this once but the router complained after I made the first port forwarding rule saying that it was already in use!?!? and I want to avoid this problem again).
Thanks
-J

thanks for your suggestion. I figured out what to do...I let each device receive an address by DHCP, and then in the router, I went to Advanced -> Connections, double clicked on the device to get more details and set the "Static Lease" check box.
What this does is a address reservation for the device, but still configures it via DHCP.
It would be nice if the router manual noted this small detail, that devices can be configured as having a static address 'reservation' that is administered by the DHCP service, OR, one can set a 'static IP address' by ensuring that the device address is outside of the DHCP pool.

How to set up NAT for two servers using same port with ASDM ASA 5505

Hi there,
We have a new installation of a ASA 5505 and are trying to get some NAT issues straightened out. Here is the scenario: On our internal network, we have two servers running Filemaker Server, a relational database server that clients connect with using port 5003. Our goal is to be able to allow users from the outside to access either of these servers as needed. I know how to set up a simple static NAT rule and matching Access rule in ASDM which would be fine for a case in which only one server using a given port is running on a network, but for simple static rules I seem to be blocked from entering a different translated port number from the orginal port number, which becomes a problem when two servers we need to access from the outside are running software using the same port number.
What is the simplest way to address this need? I am guessing that I need to set up a scenario like this, where port 5004 (or any arbitrarily choosen unused port, can be used to access the second server:
Outside user enters FQDN:5004 and this translates to Database server # 1 as 192.168.1.40:5003
and
Outside user enters FQDN:5003 and this translates to Database server # 1 as 192.168.1.38:5003
If so, what is the easist way to get this done? Or is there a better what to handle this scenario?
Thanks in advance,
James

I would create two objects and use object NAT
object network Obj_5004
host 192.168.1.40
object network Obj_5004
nat (inside,outside) static service tcp 5003 5004
object network Obj_5003
host 192.168.1.38
object network Obj_5003
nat (inside,outside) static service tcp 5003 5003
Of course you will need to open your outside interface for tcp ports 5003 and 5004 to make this happen

How to set up TC for ethernet connections to MacBook and MacMini?

Hi MacGurus
Current setup:
- ISP provided modem for incoming signal.
- TC (1st generation from 2008) connected to ISP modem via ethernet cable (TC port: the one next to USB port with roughly an O-symbol). Is this the correct port to use?
- Our ISP provider only supports 5 IP addresses and in our network we also have PCs/mobiles occupying IP addresses.
- The back-up from MacBook to TC works fine through the connected ethernet cable between MacBook and one of the three ethernet (not the above mentioned O-symbol) ports on the TC.
This is what I would like to do:
- Ethernet cables from TC to both a MacBook (from 2008) and a MacMini (from 2008), i.e not use wireless transmission
- Switch off wireless function on TC.
- Use the TC to provide IP addresses for both the MacBook and MacMini in order to leave the other IP addresses for the PCs/mobiles.
Is there any other information needed from me in order to help solving the problem?
Thank you very much in advance.
Cheers/WA

Thx for quick response, below some "answers".
It helps if you spell out a few things.
- ISP provided modem for incoming signal.
Who is the ISP? And what model is the modem provided? Is this dsl or cable or fibre or something else? *** ADSL
- TC (1st generation from 2008) connected to ISP modem via ethernet cable (TC port: the one next to USB port with roughly an O-symbol). Is this the correct port to use?
The answer depends.. is the ISP modem also a router? Is the TC setup to bridge or route? *** Yes, the modem is also a wirelss & ethernet router. *** I do not know if the TC is bridge or route, how can I see that?
- Our ISP provider only supports 5 IP addresses and in our network we also have PCs/mobiles occupying IP addresses.
Here is where I am getting confused actually.. Most ISP supply just 1 IP.. the router translates that single public IP to all the computer and devices on your network which run on a private IP network.
Is the ISP giving you 5 public addresses?? Are they ipv4 or ipv6? Setting up blocks of ip addresses is more a business setup.. where multiple devices need direct internet access eg servers.. without being hidden behind a NAT router.
So the more info you can give the better.
*** Sorry for confusion. It is likely that the ISP provider gives 1 IP address, and that the modem generates up to 5 IP addresses. It is most certainly only a standard private setup, no business setup.
This is what I would like to do:
- Ethernet cables from TC to both a MacBook (from 2008) and a MacMini (from 2008), i.e not use wireless transmission
- Switch off wireless function on TC.
- Use the TC to provide IP addresses for both the MacBook and MacMini in order to leave the other IP addresses for the PCs/mobiles.
What IP addresses are you getting now?
If you plug ethernet to the macbook and mini now.. and turn off wireless, what IP address are they getting??
If the TC is in router mode they should get 10.0.1.x IP and be able to ping and share with each other.. without needing to do anything.
*** I am now connected to the modem (wireless), as I cannot connect through the ethernet cable.

Two Xserves running 10.5 Server and setting up DNS...

Hello.
I have two Xserves (a G5 and a new Intel), both with fresh installs of 10.5 Server on them.
Xserve #1 not going to be hosting any external services (FTP, web, email) and only housing internal, mission critical & confidential data (the server is set up with a mirror RAID on the OS drive as well as mirror RAID on the storage drives + nightly tape backups for offsite storage). Right now there are no plans for enabling iCal on this server as we're trying to keep the server as basic as possible (as we can afford zero downtime on this server), but if the initial setup of 10.5 requires configuration at first run to allow this type of thing, I'd like to deal with it now so as to keep my options open (as I know iCal on 10.5 requires Open Directory enabled).
Xserve #2 is going to host FTP (for external clients) and internal file sharing for the design/production department (basically, for transferring files back and fourth between departments, so no data via this share will be "critical" as it's only temporarily on the server and will always exist in other locations). Even though this server will not host "critical" data, it will share the same backup/RAID scheme as Xserve #1.
So, I'm curious as to how I set up DNS in this situation (so we can associate a domain name to our static IP address). We already have our main domain setup via 3rd-party hosting service (for web & email as we do not want to bring these services in-house), but we're purchasing a second domain that will be associated with company (via a static IP, so we can give a domain name instead of IP address for people needing to connect to the FTP server, make it easier for employees to remember the address for remote connections, etc.).
Because Xserve #2 is going to be hosting FTP, would it make sense to setup DNS on this server and not set it up on Xserve #1? Also, and this could just be me being paranoid, but because Xserve #1 will be housing "critical & confidential" data I want to eliminate as much contact with the outside world as possible with this server, so this is another reason I feel Xserve #2 should have DNS running instead.
Oh, and not sure if this makes any difference, but between the WAN and the LAN is a SonicWALL firewall and currently it deal with port forwarding, etc. depending on what services are being requested from the WAN (ie. remote machine connections, FileMaker remote connections, etc.).
Any advice would be appreciated!
Regards,
Kristin.

There's a couple of things in your post I don't understand:
the server is set up with a mirror RAID on the OS drive as well as mirror RAID on the storage drives
How are you doing this? Both XServes support only three internal drives and two mirrors require 4 drives. Where does the fourth drive come into play?
I'm curious as to how I set up DNS in this situation
There are numerous ways of doing this, but with a single static IP address your best bet is to leave DNS where it is - managed by your hosting provider. Just add a record in the domain zone (e.g. ftp.yourdomain.com) that has the IP address of the public interface your SonicWall firewall. You don't need a separate domain for this. You also don't need to setup internal DNS for this (although you may need internal DNS if you're running Open Directory.
Because Xserve #2 is going to be hosting FTP, would it make sense to setup DNS on this server and not set it up on Xserve #1?
Assuming you're referring to setting up a DNS server - use them BOTH. Make one of the servers the primary server (I'd pick the internal-only server for this) and set the other server to be a slave (so it copies all the zone data from the primary server). That way you have a replica of the data to provide additional resilience.

How to set up Airport Express to extend Buffalo WHR HP 54g wireless router

Contrary to what official Apple policy is, it is possible to use Airport Express as a remote repeater using a Buffalo router.
I sent hours setting up this network and wish to share what I learned
I only wanted to use the Airport Express as a repeater to distribute the internet to the far reaches of the house--no iTunes, no Printer, and I did not bother setting security. If you want to add any of those features please make sure that the basic setup is working as described below. I have no idea how to successfully set up these features. My advice is to search the internet for guidance.
Anyway: how to set up the Buffalo wireless access router to work with Airport Express
Setting up the Buffalo:
From the routers home page of 192.168.11.1, hit the "advanced" box at the top
1.     Go the "Wireless config"   "basic" item. Give name to your network (spaces are allowed), lets call it "WIRENAME" and select wireless channel 1 or 6 or 11. These channels have the least interference and will tend to work when the others do not.
2.     Go the the "repeater" item under Wireless config. . " Enable" repeater/bridge (WDS). Next register the MAC address of the Airport Express. Record both the LAN and Wireless MAC addresses.
That is about it. Your Buffalo system Info page should look like this
Model
WHR-HP-G54 Ver.1.40        (1.0.37-1.08-1.04)
                    AirStation Name              AP001D73DEB2D6                    Operational Mode                Router Mode                    WAN
DHCP
Connection Status
Communicating
Operation
IP Address
myinfo
Subnet Mask
255.255.255.248
Default Gateway
my info(Via DHCP)
DNS1(Primary)
my info (Via DHCP)
DNS2(Secondary)
my info (Via DHCP)
Host Name
my info (Manual Setup)
Domain Name
earthlink.net (Via DHCP)
MTU Size
1500
DHCP Server Address
10.108.48.1
Lease Acquired Time
2006/01/04 12:03:15
Lease Period
2006/01/05 12:03:15
Wired Link
100Base-TX                                (Full-duplex)
MAC Address
00:1D:73:xx:xx:xx
                    LAN
IP Address
192.168.11.1
Subnet Mask
255.255.255.0
DHCP Server
Enabled
MAC Address
your address recorded in the repeater tab
               Wireless(802.11g)
Wireless Status
Enabled
SSID
                                      WIRENAME
Encryption Mode
Not Configured
Wireless Channel
11Channel                 (Manual)
125* High Speed Mode
                             Disabled
MAC Address
your address recorded in the repeater tab
For the Airport express: here is a summary of what the settings are: Start Airport Express Utility and when it comes up
Select "Manual" setup
On the Base station tab: Give Airport Express a name, any name and any password. Do not select the box: Allow setup over the internet with Bonjour
On the wireless tab: Wireless mode: Participate in a WDS network
Network name: the name you gave in the Buffalo router: EG: WIRENAME
Radio mode: 802.11n(802.11b/g compatible)
Channel : the same as you set in the Buffalo
Wireless security: None
WDS tab: WDS mode: WDS remote
Check: allow wireless clients
WDS main: the MAC address of the wireless (not LAN) side of the Buffalo router
Access control tab: MAC address access control: Not enabled
At the top of the control box , click on the Internet icon
     Internet connection: Connection sharing: Off (Bridge Mode)
     TCP/IP: Configure iPV4 : Using DHCP
     I put in the address of the DNS servers listed on the Buffalo System info page above.
At the top of the control box Music Icon: I did not enable AirTunes
Printer icon: did not set this up
Advanced icon: leave every thing alone
That is it. Just do everything as above and your Airport Express will act as a repeater. (And save yourself a couple of days struggle.)
Phil

Many thanks for the info.
In case you were not aware,the following list of Apple WDS compatible devices has appeared on numerous sites and in numerous Internet links and articles regarding this subject:
3com OfficeConnect ADSL Wireless 11g Firewall Router model 3crwdr100a-72 but ONLY with NO encryption
Belkin F5D7230-4 and F5D7231
BT Voyager 2091 or 2100
Buffalo WGR-G54
Linksys WRT54G or WRT54GS (though v4)
Netgear WGR614 v6

Setting iOS DNS for All WiFi Networks

This article describes how to set the DNS for WiFi connections on iOS:
http://techinch.com/blog/change-your-dns-settings-on-iphone-ipod-touch-and-ipad
The problem is that it specifies DNS for an individual network
connection, not for all connections.
Does anyone know a way to change iOS DNS for all WiFi networks in one
fell swoop?

I have my ios devices DNS set via DHCP
You'd have to move to an MDM solution if you want over the air, push profile configuration setting to the devices
such as osx server Profie Manager. You may be able to do it with custom settings, I haven't tried it myself
The basic wifi setting in OSX server PM only allow settings for wifi SSID password etc
no DNS settings ip address etc. alternative MDM solutions may give you more options

How to set up DNS behind a NAT router...

Similar Messages

Maybe you are looking for