Local and ISP DNS

Similar Messages

• Internal and Public DNS conflict breaks mail

  History:
  We set up a new Mac Mini Server to replace our existing Server. The Mac Mini Server is setup behind a Time Capsule, which acts as our router and DHCP server. It also acts as our firewall on the public IP address and forwards mail to our internal server. Our situation is almost identical to the example situation on page 18 to 19 in the 'Getting Started' guide.
  Our ISP acts as our DNS server and they host our public website. They also used to host our mail, but we have now moved the mail to our new in-house server. We asked our ISP to update their MX records to point to our static public IP address. Public DNS records for server.mydomain.com also resolve to this IP address.
  When we originally set up the new mac mini server, the ISP had not yet updated the MX records. I am wondering if this affects how the Server sets up DNS on the local server machine?
  Issue:
  The local server machine on the local LAN is called server.mydomain.com, which resolves via local DNS (hosted by our server) to the server's internal IP address. (The local DNS server was setup automatically by the Server during initial installation / setup.) This conflicts with with public DNS records which identify server.mydomain.com with our public IP address at 205.200.19.225. This somehow causes confusion for the server which consequently seemingly randomly resets our domain (mydomain.com) and host name (server.mydomain.com) settings under Mail settings - which breaks our mail service. (We then edit these to the correct settings and all works again.)
  I spoke to an Apple tech and they advised that we reinstall the Server operating system, using a local server name that differs from the public name. e.g. server.mydomain.lan (local) vs. server.mydomain.com (public).
  *This may seem like a dumb question*: Would it be easier to keep our local host and DNS set up to server.mydomain.com and then rather have our ISP change the records for our public address / IP to mail.mydomain.com or public.mydomain.com? If we could make the change via the ISP's records versus our own, then it would save us a lot of work.
  *A second potentially dumb question:* Since we rely on our ISP for DNS name servers, could we delete / stop the local DNS server for the local network and just use straight IP addresses instead?
  *Plan of Action:*
  Assuming that there is not an easy fix via the ISP's DNS records, then I'll reinstall the operating system and use server.mydomain.lan as the local machine and domain name. If I do this, then what should I be using as the domain and host name settings in mail? .com or .lan?
  Should there be any need to manually configure DNS settings to make Mail work?

  Mr Hoffman and Corbywan - thanks for the interesting and educational discussion. I must admit that I am still a bit confused and would appreciate any further help in understanding this issue!
  *My situation:*
  - Server on a LAN, which sits behind a Time Capsule router.
  - The Time Capsule router serves DHCP and Internet to the LAN and sits on our public static IP Address.
  - Our ISP has set up MX and domain records to forward public requests for our domain to our static IP address.
  - Time Capsule acts as our firewall and forwards Mail and other incoming services to our internal server via port forwarding.
  - Local DNS service is provided by the local server so that it can provide services to the local network. Non local requests are forwarded to the ISP DNS service.
  *The problem*
  We seem to have established that Snow Leopard Server breaks when the internal domain name matches the public domain name, because of conflict between the internal and public DNS which resolve to different IP addresses for the same domain.
  *The solution*
  I am looking for the easiest and most basic way to fix this problem. My understanding is that the simplest would be to reinstall our Snow Leopard Server to a new and different local domain name.
  I am thinking of using server.example.lan for our local LAN domain name - which would be resolved to our private IP address via local DNS on the local server. I would be keeping server.example.com for our public domain name - which would be resolved to our public IP address, which would be forwarded from the Time Capsule to the internal server.
  Now where I start getting confused is this: If Snow Leopard Server requires a Fully Qualified Domain Name to do things like send mail, then do I need to register my internal domain name? And how would this resolve from a public DNS server to the internal private IP address? Or is it more an issue where as long as the internal (albeit 'fake') domain name does not conflict with an existing public domain name?
  *Other items:*
  After setup, I will verify that Snow Leopard Server has setup our local DNS correctly for local DNS service.
  If I understand correctly, I would set up Mail Settings - 'Domain Name' as the local domain name: i.e. example.lan and I would set up the Host Name as server.example.lan - is this correct? Would this work if these are not FQDN?
  How does the mail server reconcile these local domain names with the public domain names? I assume that I need to check the box at Mail - Settings - Advanced - Hosting: "Include server's domain as local host alias" ? Or would I manually add an alias to the Local Host Aliases under the same tab?
  Thanks!

• OS X 10.4.11 Server - configured name and reverse DNS do not match / DNS

  Hi all,
  I have looked for similar posts but all seem to have different scenarios, hoping to get an answer from someone more experienced than myself before I do anything silly.
  Help much appreciated!
  Scenario:
  We run a 10.4.11 OS X Server on an XServe, hosted at an ISP. ISP provides all DNS services, incl. the reversed DNS entry.
  I am currently only running the following services (based on the display in ServerAdmin):
  AFP
  Firewall
  iChat
  Mail
  QuickTimeStreaming
  Web
  All others (incl. DNS) are grayed out. (As ISP instructed us not to add a DNS service on our box, that's "normal" according to my experiences with dedicated /co-location server hosting).
  We never used changeip after the initial setup, meaning the server's
  Current Hostname = somename.local and
  DNS Hostname = mail.ourdomainname.net
  So in system.log I find this re-occuring entry:
  Jul 8 11:41:22 somename servermgrd: servermgr_dns: configured name and reverse DNS name do not match (somename.local != mail.ourdomainname.net), various services may not function properly - use changeip to repair and/or correct DNS
  Finally, my question:
  As Mail and Web services etc. are currently running OK from what I can tell,
  1) do I HAVE to change this at all?
  2) Would it be much better / why?
  3) Could I change this using the following command
  (111.11.111.1 indicating the server's IP address)
  changeip 111.11.111.1 111.11.111.1 somename.local mail.ourdomainname.net
  4) without running a DNS server on the machine, i.e. DNS service is not required for this to work?
  5) obviously I want to be able to use Server Admin after I issue this command...
  6) can I fall back easily in case this would screw it up, or is there no risk whatsoever doing this in my case?
  THANK YOU so much for any help!

  Hi Jonas
  If port 443 is already being used on the same box as KMS then it will complain and probably not start the service? I've seen this with LDAP port 636. This is when Kerio is installed on a server configured as an OD Master. Clearly the port can't be used by both servers.
  It might be easier to change the port your sites are currently using to something else? Although don't do anything yet. Pose the question to Kerio Support and see what advice they offer.
  Yes moving the mail to a local folder on the mail client will do it.
  Is Kerio going on the same box? If its a different box (presumably different IP address?) Then what you can do is to port forward to the new server's IP address instead of disabling it. This way while you are bringing the new server on line users can still send mail right up until the time you give instructions on changing their inbound/outbound mail server details. Of course they won't be able to receive but if you time it right they may not even get an error message? Depends on what their schedules are.
  If it was me I would choose IMAP every time. As the mail admin you have full control and a central location for easy backup. KMS has a built in archiving feature that makes this a simple process. This is an easier option than going round individual client machines and making sure mail held locally in POP accounts are backed up. Besides there is always someone who falls through the loop and I'm not taking into account drive failures. It makes good sense anyway as there is talk of legislation being introduced to make this a requirement for businesses who run their own mail servers. This is certainly true for certain parts of the US and what usually happens there is generally taken up in the UK and most parts of Europe.
  Kerio's WebMail Client means users don't even have to have their own computer. Just as long as they have access to one that has access to the internet they can send/receive mail. No need for dedicated mail applications such as Apple Mail, Thunderbird, Entourage etc. How mail is uses remains consistent for all users.
  Yes. I did this not so long ago with Leopard's built in Mail Server. I sent an e-mail defining a time when no inbound mail would be received. Disabled port forwarding for SMTP port 25 and approx 30 minutes after that another mail stating no outbound mail should be sent. Once everything was swopped over (we were changing from a G4 10.4 server to a G5 10.5 Server) port 25 was enabled, new server brought online and everyone was mailing again with no appreciable downtime.
  These boxes were to have the same IP address hence the slightly different approach.
  Does this help?
  Tony

• WRT600N and static DNS

  On my old WRT54G, if I setup a static DNS server to point to my local Linux box, that's what all my DHCP clients get. However, I've noticed that on WRT600N, my DHCP clients are pushed the addresses of my ISP DNS servers (two of them), followed by WRT600N local IP address, followd by the static DNS address I configured.
  On example, here's what my DHCP clients were sent by WRT54G:
  192.168.0.3
  Here's what WRT600N (configured exactly the same as WRT54G was) sends to them:
  68.87.76.178
  68.87.78.130
  192.168.0.1
  192.168.0.3
  Obviously, this is bad. If I configured the static DNS address, then I obviously have a reason for doing so, and that address should be the only one (or at least the first one) that DHCP clients will get (otherwise, there's not much point in having that option in router's configuration). Is there any way to force WRT600N to behave like WRT54G used to?

  maui29111 wrote:
  you cannot just assign a static DNS server on the router, because the DNS server that it's sending is valid and from your isp itself, if evcer you have a static account from isp then that's the time where you can force the router to use a static ip address
  Actually, no. Even if you are using DHCP to obtain an IP address, there is nothing preventing you from configuring DNS servers manually (using static DNS servers). DHCP is not all or nothing. You are free to use DHCP to obtain IP address, and override addresses of DNS servers (or any other info).
  Here's an example of such usage. Linksys router acts as Internet gataway (using DHCP to obtain external IP address from ISP). It also acts as DHCP server for local clients. I have a DNS server on my local network. This DNS server is used to resovle the names of the hosts on my local network, and it also acts as caching DNS to resolve names of the hosts on the Internet. Hence, I do not wish Linksys router to send my ISP's DNS server to clients on local network. I want it to send the address of my local DNS server.
  On WRT54G this configuration was possible. You just enter static addresses of your DNS server, and it would send those to the DHCP client, instead of forwarding ISP's DNS servers. WRT600N doesn't allow this type of configuration.

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Hostname is .local and Kerberos problems

  Hi
  Having problems with our new xserve. The computername as set in server admin is 'serverx' which is giving a local hostname of serverx.local. I have DNS running with one zone of <domainname>.org.uk, servername of serverx giving a FQSN or serverx.<domainname>.org.uk
  However i had an email out from the mailman mailing list asking for permission to allow a post to a mailing list and it had the link to click on as http://Serverx.local/mailman/.....
  Obviously i'd like this to be http://serverx.<domainname>.org.uk
  This also extends to the server's searchbase, which on the old server we migrated from was dc=<hostname>,dc=org,dc=uk which now is showing as dc=serverx,dc=local under opendirectory - settings - protocals
  The Open directory pane shows everything running apart from Kerberos which is stopped. If i try and kerberize the server using the realm name of <DOMAINNAME>.ORG.UK it whirrs away before returning me to the 'kerberize the open directory master' dialogue. Looking at the slapconfig log i get the errors...
  The KDC is not running error = 3
  failed to configure error = 3
  Is there a way to change this so that the domain name and seachbase are correct and how do i get the KDC to run so i can kerberize the server.
  Hope some of that makes sense...
  Thanks
  Quad 2GHz Intel Xserve   Mac OS X (10.4.9)   2GB ram

  I had similar issues with .local and trying to migrate away. I decided to manually massage a backup into the non-.local domain. It worked for me, but I will stress that you should make a copy of your backup to do this on.
  First, decide what new domain you want to use. If you're building on a private network, you can use a non-valid domain, like '.int' . Setup your DNS.
  Use Server Admin to make a backup of your OD Domain. Make a copy. Burn it to CD. We don't want the original to change.
  Kerberize to the new domain. Make a new backup and burn it to CD as well.
  Open a modifiable copy of the backup. In it are many files, most of them are straight text files of one flavor or another. Time to get dirty...
  Backup.ldif is the big file to work with. You must go in and change all of the olddomain.locals to newdomain.tla (this is pseudocode, please use your own domains where you see these two.) You must also change all of the dc=olddomain,dc=local to dc=newdomain,dc=tla . The fun about this file is that Apple wraps it manually, which makes search and replace tedious, as there will be some of these things at the end of lines. The good news is that they are far from random, so you can search for parts of the name (local is a good search) and find the next iteration. Here are a couple examples...
  ...dc=ol
  ddomain,dc=local
  ...dc
  =olddomain,dc=local
  ...dc=olddoma
  in,dc=local
  The key is to search and replace the whole thing at once. I used textedit and pasted the entire offending text into the find box, then replaced with the proper new dc= values. You need not worry about wrapping, the importer doesn't care. The key is to make sure that you get it all.
  Now do the same with all of the other files. I didn't touch authservermain, which already had the new Kerberos domain in it. I did modify these files...
  Backup.ldif
  authserverreplicas
  authserveroverflow.x
  DSLDAPv3PluginConfig.plist
  slapd_macosxserver.conf
  local.dump
  local.krb5realm
  Make sure to check the other files, as different configurations will yield info in different files.
  Once you are done with this, it's time to turn your nice pretty domain into a standalone. It appears that the archive and restore tools are much better in 10.4.x that older versions, so it actually works to restore things. There was one caveat. My standalone seemed to ignore the /etc/krb5adm.keytab, which then caused the conversion to Master domain to hang. Move to krb5adm.keytab.old it in case you need to restore.
  Make your server a Master again, this time with the new FQDN and search string.
  Import your modified backup. Your users should now be in place, although I lost my domain admins in the process.
  Finally, backup your domain, revert to standalone, toss the .keytab, convert to Master, and restore. This last step converts the bdb back into text, then back to the bdb. I was having a little strangeness until I did this step, which I believe clears up some cruft.
  Here are the benefits that I've seen in this process...
  - Passwords translate
  - migration is complete to new domain
  - easily restorable and/or recoverable
  Of course, your mileage may vary.

• A question about DNS records and split DNS

  Hello
  Can someone please help me with the following question
  If I have an AD integrated DNS zone (currently running on Windows 2003 R2, soon to be updated to 2012 R2)
  lets call the domain MyDomain.Local and here I have all my local Server, Computer and related records (A, CNAME MX etc.)
  Also I have an external internet domain lets call is MyCorp.Com (both of these domain are completely separate)
  I have a requirement for an internal URL (Web Server) to point to an internal host, however for various reasons (which I will not go into here), the company wants the format of this internal URL to include the MyCorp.Com element in the overall URL
  Now the MyCorp.Com domain is hosted externally to the company by a dedicated provider (we just login via a secure portal if we want to add for example and A record to the MyCorp.Com domain) the MyCorp.Com domain is completely separate from the MyDomain.local
  domain which is hosted on internal DNS Servers
  Question:
  without using split DNS can I, create a zone called New.MyCorp.Com on our internal AD integrated DNS Servers (to live along side the standard MyDomain.local) than add an A record to this zone say Host.New.MyCorp.Com
  So internal users can locate Host.New.MyCorp.Com without being directed out to the internet (for MyCorp.Com) but internal users will still be able to resolve SomeOtherHost.MyCorp.Com as they do now
  Thanks very much in advance
  AAnotherUser__
  AAnotherUser__

  Hi AAnotherUser_,
  Based on your description, the internal domain name is different from the external domain name, and the web server is hosted internally. And the goal is that the internal user can
  access the web server by using an URL which include the MyCorp.com.
  In this scenario, internet users access your domain name by connecting to the WAN IP address of your router. However, to make the internal users access the website, you would need
  to create the external domain name as a zone on your internal DNS server.
  After creating the DNS zone, right click the zone you created, choose New Host Record.
  Type in the hostname, such as ‘www’, and provide the internal private IP address of your internal web server.
  For more details, please refer to Ace’s blog below, the
  Scenario 2: Different Internal and External but you are hosting the webserver internally
  http://blogs.msmvps.com/acefekay/2009/09/03/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name/
  Best Regards,
  Tina

• Resolve.conf, dnsmasq and external DNS servers

  I am using dnsmasq to filter out ad urls, so my  /etc/resolv.conf looks like that:
  # Generated by dhcpcd from wlan0
  nameserver 127.0.0.1
  domain home
  nameserver 192.168.1.254
  # /etc/resolv.conf.tail can replace this line
  However, it looks like after getting through the url filtration layer of dnsmasq, the URLs are being resolved by a DNS sever of whatever Access Point I am connected to. This create problems, because they often render me unable to connect to services like sourceforge.net, etc.
  So, instead of that, I would like my system to fall back to Google and OpenDNS after filtering urls through dnsmasq.
  But how can I do that? This is a specific case and wiki does not cover it.
  Last edited by Lockheed (2013-05-19 16:50:43)

  $ cat /etc/resolv.conf
  # Generated by dhcpcd from wlan0
  nameserver 127.0.0.1
  nameserver 8.8.8.8
  domain home
  # /etc/resolv.conf.tail can replace this line
  The google DNS is what I put in there earlier to be able to use internet after dnsmasq stopped starting.
  $ cat /etc/resolvconf.conf
  # Configuration for resolvconf(8)
  # See resolvconf.conf(5) for details
  resolv_conf=/etc/resolv.conf
  # If you run a local name server, you should uncomment the below line and
  # configure your subscribers configuration files below.
  name_servers=127.0.0.1
  # Write out dnsmasq extended configuration and resolv files
  dnsmasq_conf=/etc/dnsmasq-conf.conf
  dnsmasq_resolv=/etc/dnsmasq-resolv.conf
  $ cat /etc/dnsmasq.conf
  # Configuration file for dnsmasq.
  # Format is one option per line, legal options are the same
  # as the long options legal on the command line. See
  # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
  # Listen on this specific port instead of the standard DNS port
  # (53). Setting this to zero completely disables DNS function,
  # leaving only DHCP and/or TFTP.
  #port=5353
  # The following two options make you a better netizen, since they
  # tell dnsmasq to filter out queries which the public DNS cannot
  # answer, and which load the servers (especially the root servers)
  # unnecessarily. If you have a dial-on-demand link they also stop
  # these requests from bringing up the link unnecessarily.
  # Never forward plain names (without a dot or domain part)
  #domain-needed
  # Never forward addresses in the non-routed address spaces.
  #bogus-priv
  # Uncomment this to filter useless windows-originated DNS requests
  # which can trigger dial-on-demand links needlessly.
  # Note that (amongst other things) this blocks all SRV requests,
  # so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
  # This option only affects forwarding, SRV records originating for
  # dnsmasq (via srv-host= lines) are not suppressed by it.
  #filterwin2k
  # Change this line if you want dns to get its upstream servers from
  # somewhere other that /etc/resolv.conf
  #resolv-file=/etc/resolv-dnsmasq.conf
  # By default, dnsmasq will send queries to any of the upstream
  # servers it knows about and tries to favour servers to are known
  # to be up. Uncommenting this forces dnsmasq to try each query
  # with each server strictly in the order they appear in
  # /etc/resolv.conf
  strict-order
  # If you don't want dnsmasq to read /etc/resolv.conf or any other
  # file, getting its servers from this file instead (see below), then
  # uncomment this.
  #no-resolv
  # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
  # files for changes and re-read them then uncomment this.
  #no-poll
  # Add other name servers here, with domain specs if they are for
  # non-public domains.
  #server=/localnet/192.168.0.1
  server=208.67.222.222
  server=208.67.220.220
  # Example of routing PTR queries to nameservers: this will send all
  # address->name queries for 192.168.3/24 to nameserver 10.1.2.3
  #server=/3.168.192.in-addr.arpa/10.1.2.3
  # Add local-only domains here, queries in these domains are answered
  # from /etc/hosts or DHCP only.
  #local=/localnet/
  # Add domains which you want to force to an IP address here.
  # The example below send any host in double-click.net to a local
  # web-server.
  #address=/double-click.net/127.0.0.1
  # --address (and --server) work with IPv6 addresses too.
  #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
  # You can control how dnsmasq talks to a server: this forces
  # queries to 10.1.2.3 to be routed via eth1
  # server=10.1.2.3@eth1
  # and this sets the source (ie local) address used to talk to
  # 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
  # IP on the machine, obviously).
  # [email protected]#55
  # If you want dnsmasq to change uid and gid to something other
  # than the default, edit the following lines.
  #user=
  #group=
  # If you want dnsmasq to listen for DHCP and DNS requests only on
  # specified interfaces (and the loopback) give the name of the
  # interface (eg eth0) here.
  # Repeat the line for more than one interface.
  #interface=lo
  # Or you can specify which interface _not_ to listen on
  #except-interface=
  # Or which to listen on by address (remember to include 127.0.0.1 if
  # you use this.)
  #listen-address=127.0.0.1
  # If you want dnsmasq to provide only DNS service on an interface,
  # configure it as shown above, and then use the following line to
  # disable DHCP and TFTP on it.
  #no-dhcp-interface=
  # On systems which support it, dnsmasq binds the wildcard address,
  # even when it is listening on only some interfaces. It then discards
  # requests that it shouldn't reply to. This has the advantage of
  # working even when interfaces come and go and change address. If you
  # want dnsmasq to really bind only the interfaces it is listening on,
  # uncomment this option. About the only time you may need this is when
  # running another nameserver on the same machine.
  #bind-interfaces
  # If you don't want dnsmasq to read /etc/hosts, uncomment the
  # following line.
  #no-hosts
  # or if you want it to read another file, as well as /etc/hosts, use
  # this.
  addn-hosts=/etc/hosts.block
  #hostsfile=/etc/hosts.block
  # Set this (and domain: see below) if you want to have a domain
  # automatically added to simple names in a hosts-file.
  #expand-hosts
  # Set the domain for dnsmasq. this is optional, but if it is set, it
  # does the following things.
  # 1) Allows DHCP hosts to have fully qualified domain names, as long
  # as the domain part matches this setting.
  # 2) Sets the "domain" DHCP option thereby potentially setting the
  # domain of all systems configured by DHCP
  # 3) Provides the domain part for "expand-hosts"
  #domain=thekelleys.org.uk
  # Set a different domain for a particular subnet
  #domain=wireless.thekelleys.org.uk,192.168.2.0/24
  # Same idea, but range rather then subnet
  #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
  # Uncomment this to enable the integrated DHCP server, you need
  # to supply the range of addresses available for lease and optionally
  # a lease time. If you have more than one network, you will need to
  # repeat this for each network on which you want to supply DHCP
  # service.
  #dhcp-range=192.168.0.50,192.168.0.150,12h
  # This is an example of a DHCP range where the netmask is given. This
  # is needed for networks we reach the dnsmasq DHCP server via a relay
  # agent. If you don't know what a DHCP relay agent is, you probably
  # don't need to worry about this.
  #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
  # This is an example of a DHCP range which sets a tag, so that
  # some DHCP options may be set only for this network.
  #dhcp-range=set:red,192.168.0.50,192.168.0.150
  # Use this DHCP range only when the tag "green" is set.
  #dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
  # Specify a subnet which can't be used for dynamic address allocation,
  # is available for hosts with matching --dhcp-host lines. Note that
  # dhcp-host declarations will be ignored unless there is a dhcp-range
  # of some type for the subnet in question.
  # In this case the netmask is implied (it comes from the network
  # configuration on the machine running dnsmasq) it is possible to give
  # an explicit netmask instead.
  #dhcp-range=192.168.0.0,static
  # Enable DHCPv6. Note that the prefix-length does not need to be specified
  # and defaults to 64 if missing/
  #dhcp-range=1234::2, 1234::500, 64, 12h
  # Do Router Advertisements, BUT NOT DHCP for this subnet.
  #dhcp-range=1234::, ra-only
  # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
  # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
  # hosts. Use the DHCPv4 lease to derive the name, network segment and
  # MAC address and assume that the host will also have an
  # IPv6 address calculated using the SLAAC alogrithm.
  #dhcp-range=1234::, ra-names
  # Do Router Advertisements, BUT NOT DHCP for this subnet.
  # Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
  #dhcp-range=1234::, ra-only, 48h
  # Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
  # so that clients can use SLAAC addresses as well as DHCP ones.
  #dhcp-range=1234::2, 1234::500, slaac
  # Do Router Advertisements and stateless DHCP for this subnet. Clients will
  # not get addresses from DHCP, but they will get other configuration information.
  # They will use SLAAC for addresses.
  #dhcp-range=1234::, ra-stateless
  # Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
  # from DHCPv4 leases.
  #dhcp-range=1234::, ra-stateless, ra-names
  # Do router advertisements for all subnets where we're doing DHCPv6
  # Unless overriden by ra-stateless, ra-names, et al, the router
  # advertisements will have the M and O bits set, so that the clients
  # get addresses and configuration from DHCPv6, and the A bit reset, so the
  # clients don't use SLAAC addresses.
  #enable-ra
  # Supply parameters for specified hosts using DHCP. There are lots
  # of valid alternatives, so we will give examples of each. Note that
  # IP addresses DO NOT have to be in the range given above, they just
  # need to be on the same network. The order of the parameters in these
  # do not matter, it's permissible to give name, address and MAC in any
  # order.
  # Always allocate the host with Ethernet address 11:22:33:44:55:66
  # The IP address 192.168.0.60
  #dhcp-host=11:22:33:44:55:66,192.168.0.60
  # Always set the name of the host with hardware address
  # 11:22:33:44:55:66 to be "fred"
  #dhcp-host=11:22:33:44:55:66,fred
  # Always give the host with Ethernet address 11:22:33:44:55:66
  # the name fred and IP address 192.168.0.60 and lease time 45 minutes
  #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
  # Give a host with Ethernet address 11:22:33:44:55:66 or
  # 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
  # that these two Ethernet interfaces will never be in use at the same
  # time, and give the IP address to the second, even if it is already
  # in use by the first. Useful for laptops with wired and wireless
  # addresses.
  #dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
  # Give the machine which says its name is "bert" IP address
  # 192.168.0.70 and an infinite lease
  #dhcp-host=bert,192.168.0.70,infinite
  # Always give the host with client identifier 01:02:02:04
  # the IP address 192.168.0.60
  #dhcp-host=id:01:02:02:04,192.168.0.60
  # Always give the host with client identifier "marjorie"
  # the IP address 192.168.0.60
  #dhcp-host=id:marjorie,192.168.0.60
  # Enable the address given for "judge" in /etc/hosts
  # to be given to a machine presenting the name "judge" when
  # it asks for a DHCP lease.
  #dhcp-host=judge
  # Never offer DHCP service to a machine whose Ethernet
  # address is 11:22:33:44:55:66
  #dhcp-host=11:22:33:44:55:66,ignore
  # Ignore any client-id presented by the machine with Ethernet
  # address 11:22:33:44:55:66. This is useful to prevent a machine
  # being treated differently when running under different OS's or
  # between PXE boot and OS boot.
  #dhcp-host=11:22:33:44:55:66,id:*
  # Send extra options which are tagged as "red" to
  # the machine with Ethernet address 11:22:33:44:55:66
  #dhcp-host=11:22:33:44:55:66,set:red
  # Send extra options which are tagged as "red" to
  # any machine with Ethernet address starting 11:22:33:
  #dhcp-host=11:22:33:*:*:*,set:red
  # Give a fixed IPv6 address and name to client with
  # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
  # Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
  # Note also the they [] around the IPv6 address are obilgatory.
  #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
  # Ignore any clients which are not specified in dhcp-host lines
  # or /etc/ethers. Equivalent to ISC "deny unknown-clients".
  # This relies on the special "known" tag which is set when
  # a host is matched.
  #dhcp-ignore=tag:!known
  # Send extra options which are tagged as "red" to any machine whose
  # DHCP vendorclass string includes the substring "Linux"
  #dhcp-vendorclass=set:red,Linux
  # Send extra options which are tagged as "red" to any machine one
  # of whose DHCP userclass strings includes the substring "accounts"
  #dhcp-userclass=set:red,accounts
  # Send extra options which are tagged as "red" to any machine whose
  # MAC address matches the pattern.
  #dhcp-mac=set:red,00:60:8C:*:*:*
  # If this line is uncommented, dnsmasq will read /etc/ethers and act
  # on the ethernet-address/IP pairs found there just as if they had
  # been given as --dhcp-host options. Useful if you keep
  # MAC-address/host mappings there for other purposes.
  #read-ethers
  # Send options to hosts which ask for a DHCP lease.
  # See RFC 2132 for details of available options.
  # Common options can be given to dnsmasq by name:
  # run "dnsmasq --help dhcp" to get a list.
  # Note that all the common settings, such as netmask and
  # broadcast address, DNS server and default route, are given
  # sane defaults by dnsmasq. You very likely will not need
  # any dhcp-options. If you use Windows clients and Samba, there
  # are some options which are recommended, they are detailed at the
  # end of this section.
  # Override the default route supplied by dnsmasq, which assumes the
  # router is the same machine as the one running dnsmasq.
  #dhcp-option=3,1.2.3.4
  # Do the same thing, but using the option name
  #dhcp-option=option:router,1.2.3.4
  # Override the default route supplied by dnsmasq and send no default
  # route at all. Note that this only works for the options sent by
  # default (1, 3, 6, 12, 28) the same line will send a zero-length option
  # for all other option numbers.
  #dhcp-option=3
  # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
  #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
  # Send DHCPv6 option. Note [] around IPv6 addresses.
  #dhcp-option=option6:dns-server,[1234::77],[1234::88]
  # Send DHCPv6 option for namservers as the machine running
  # dnsmasq and another.
  #dhcp-option=option6:dns-server,[::],[1234::88]
  # Ask client to poll for option changes every six hours. (RFC4242)
  #dhcp-option=option6:information-refresh-time,6h
  # Set the NTP time server address to be the same machine as
  # is running dnsmasq
  #dhcp-option=42,0.0.0.0
  # Set the NIS domain name to "welly"
  #dhcp-option=40,welly
  # Set the default time-to-live to 50
  #dhcp-option=23,50
  # Set the "all subnets are local" flag
  #dhcp-option=27,1
  # Send the etherboot magic flag and then etherboot options (a string).
  #dhcp-option=128,e4:45:74:68:00:00
  #dhcp-option=129,NIC=eepro100
  # Specify an option which will only be sent to the "red" network
  # (see dhcp-range for the declaration of the "red" network)
  # Note that the tag: part must precede the option: part.
  #dhcp-option = tag:red, option:ntp-server, 192.168.1.1
  # The following DHCP options set up dnsmasq in the same way as is specified
  # for the ISC dhcpcd in
  # http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
  # adapted for a typical dnsmasq installation where the host running
  # dnsmasq is also the host running samba.
  # you may want to uncomment some or all of them if you use
  # Windows clients and Samba.
  #dhcp-option=19,0 # option ip-forwarding off
  #dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
  #dhcp-option=45,0.0.0.0 # netbios datagram distribution server
  #dhcp-option=46,8 # netbios node type
  # Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
  #dhcp-option=252,"\n"
  # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
  # probably doesn't support this......
  #dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
  # Send RFC-3442 classless static routes (note the netmask encoding)
  #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
  # Send vendor-class specific options encapsulated in DHCP option 43.
  # The meaning of the options is defined by the vendor-class so
  # options are sent only when the client supplied vendor class
  # matches the class given here. (A substring match is OK, so "MSFT"
  # matches "MSFT" and "MSFT 5.0"). This example sets the
  # mtftp address to 0.0.0.0 for PXEClients.
  #dhcp-option=vendor:PXEClient,1,0.0.0.0
  # Send microsoft-specific option to tell windows to release the DHCP lease
  # when it shuts down. Note the "i" flag, to tell dnsmasq to send the
  # value as a four-byte integer - that's what microsoft wants. See
  # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
  #dhcp-option=vendor:MSFT,2,1i
  # Send the Encapsulated-vendor-class ID needed by some configurations of
  # Etherboot to allow is to recognise the DHCP server.
  #dhcp-option=vendor:Etherboot,60,"Etherboot"
  # Send options to PXELinux. Note that we need to send the options even
  # though they don't appear in the parameter request list, so we need
  # to use dhcp-option-force here.
  # See http://syslinux.zytor.com/pxe.php#special for details.
  # Magic number - needed before anything else is recognised
  #dhcp-option-force=208,f1:00:74:7e
  # Configuration file name
  #dhcp-option-force=209,configs/common
  # Path prefix
  #dhcp-option-force=210,/tftpboot/pxelinux/files/
  # Reboot time. (Note 'i' to send 32-bit value)
  #dhcp-option-force=211,30i
  # Set the boot filename for netboot/PXE. You will only need
  # this is you want to boot machines over the network and you will need
  # a TFTP server; either dnsmasq's built in TFTP server or an
  # external one. (See below for how to enable the TFTP server.)
  #dhcp-boot=pxelinux.0
  # The same as above, but use custom tftp-server instead machine running dnsmasq
  #dhcp-boot=pxelinux,server.name,192.168.1.100
  # Boot for Etherboot gPXE. The idea is to send two different
  # filenames, the first loads gPXE, and the second tells gPXE what to
  # load. The dhcp-match sets the gpxe tag for requests from gPXE.
  #dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
  #dhcp-boot=tag:!gpxe,undionly.kpxe
  #dhcp-boot=mybootimage
  # Encapsulated options for Etherboot gPXE. All the options are
  # encapsulated within option 175
  #dhcp-option=encap:175, 1, 5b # priority code
  #dhcp-option=encap:175, 176, 1b # no-proxydhcp
  #dhcp-option=encap:175, 177, string # bus-id
  #dhcp-option=encap:175, 189, 1b # BIOS drive code
  #dhcp-option=encap:175, 190, user # iSCSI username
  #dhcp-option=encap:175, 191, pass # iSCSI password
  # Test for the architecture of a netboot client. PXE clients are
  # supposed to send their architecture as option 93. (See RFC 4578)
  #dhcp-match=peecees, option:client-arch, 0 #x86-32
  #dhcp-match=itanics, option:client-arch, 2 #IA64
  #dhcp-match=hammers, option:client-arch, 6 #x86-64
  #dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
  # Do real PXE, rather than just booting a single file, this is an
  # alternative to dhcp-boot.
  #pxe-prompt="What system shall I netboot?"
  # or with timeout before first available action is taken:
  #pxe-prompt="Press F8 for menu.", 60
  # Available boot services. for PXE.
  #pxe-service=x86PC, "Boot from local disk"
  # Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
  #pxe-service=x86PC, "Install Linux", pxelinux
  # Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
  # Beware this fails on old PXE ROMS.
  #pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
  # Use bootserver on network, found my multicast or broadcast.
  #pxe-service=x86PC, "Install windows from RIS server", 1
  # Use bootserver at a known IP address.
  #pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
  # If you have multicast-FTP available,
  # information for that can be passed in a similar way using options 1
  # to 5. See page 19 of
  # http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
  # Enable dnsmasq's built-in TFTP server
  #enable-tftp
  # Set the root directory for files available via FTP.
  #tftp-root=/var/ftpd
  # Make the TFTP server more secure: with this set, only files owned by
  # the user dnsmasq is running as will be send over the net.
  #tftp-secure
  # This option stops dnsmasq from negotiating a larger blocksize for TFTP
  # transfers. It will slow things down, but may rescue some broken TFTP
  # clients.
  #tftp-no-blocksize
  # Set the boot file name only when the "red" tag is set.
  #dhcp-boot=net:red,pxelinux.red-net
  # An example of dhcp-boot with an external TFTP server: the name and IP
  # address of the server are given after the filename.
  # Can fail with old PXE ROMS. Overridden by --pxe-service.
  #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
  # If there are multiple external tftp servers having a same name
  # (using /etc/hosts) then that name can be specified as the
  # tftp_servername (the third option to dhcp-boot) and in that
  # case dnsmasq resolves this name and returns the resultant IP
  # addresses in round robin fasion. This facility can be used to
  # load balance the tftp load among a set of servers.
  #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
  # Set the limit on DHCP leases, the default is 150
  #dhcp-lease-max=150
  # The DHCP server needs somewhere on disk to keep its lease database.
  # This defaults to a sane location, but if you want to change it, use
  # the line below.
  #dhcp-leasefile=/var/lib/misc/dnsmasq.leases
  # Set the DHCP server to authoritative mode. In this mode it will barge in
  # and take over the lease for any client which broadcasts on the network,
  # whether it has a record of the lease or not. This avoids long timeouts
  # when a machine wakes up on a new network. DO NOT enable this if there's
  # the slightest chance that you might end up accidentally configuring a DHCP
  # server for your campus/company accidentally. The ISC server uses
  # the same option, and this URL provides more information:
  # http://www.isc.org/files/auth.html
  #dhcp-authoritative
  # Run an executable when a DHCP lease is created or destroyed.
  # The arguments sent to the script are "add" or "del",
  # then the MAC address, the IP address and finally the hostname
  # if there is one.
  #dhcp-script=/bin/echo
  # Set the cachesize here.
  #cache-size=150
  # If you want to disable negative caching, uncomment this.
  #no-negcache
  # Normally responses which come from /etc/hosts and the DHCP lease
  # file have Time-To-Live set as zero, which conventionally means
  # do not cache further. If you are happy to trade lower load on the
  # server for potentially stale date, you can set a time-to-live (in
  # seconds) here.
  #local-ttl=
  # If you want dnsmasq to detect attempts by Verisign to send queries
  # to unregistered .com and .net hosts to its sitefinder service and
  # have dnsmasq instead return the correct NXDOMAIN response, uncomment
  # this line. You can add similar lines to do the same for other
  # registries which have implemented wildcard A records.
  #bogus-nxdomain=64.94.110.11
  # If you want to fix up DNS results from upstream servers, use the
  # alias option. This only works for IPv4.
  # This alias makes a result of 1.2.3.4 appear as 5.6.7.8
  #alias=1.2.3.4,5.6.7.8
  # and this maps 1.2.3.x to 5.6.7.x
  #alias=1.2.3.0,5.6.7.0,255.255.255.0
  # and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
  #alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
  # Change these lines if you want dnsmasq to serve MX records.
  # Return an MX record named "maildomain.com" with target
  # servermachine.com and preference 50
  #mx-host=maildomain.com,servermachine.com,50
  # Set the default target for MX records created using the localmx option.
  #mx-target=servermachine.com
  # Return an MX record pointing to the mx-target for all local
  # machines.
  #localmx
  # Return an MX record pointing to itself for all local machines.
  #selfmx
  # Change the following lines if you want dnsmasq to serve SRV
  # records. These are useful if you want to serve ldap requests for
  # Active Directory and other windows-originated DNS requests.
  # See RFC 2782.
  # You may add multiple srv-host lines.
  # The fields are <name>,<target>,<port>,<priority>,<weight>
  # If the domain part if missing from the name (so that is just has the
  # service and protocol sections) then the domain given by the domain=
  # config option is used. (Note that expand-hosts does not need to be
  # set for this to work.)
  # A SRV record sending LDAP for the example.com domain to
  # ldapserver.example.com port 389
  #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
  # A SRV record sending LDAP for the example.com domain to
  # ldapserver.example.com port 389 (using domain=)
  #domain=example.com
  #srv-host=_ldap._tcp,ldapserver.example.com,389
  # Two SRV records for LDAP, each with different priorities
  #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
  #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
  # A SRV record indicating that there is no LDAP server for the domain
  # example.com
  #srv-host=_ldap._tcp.example.com
  # The following line shows how to make dnsmasq serve an arbitrary PTR
  # record. This is useful for DNS-SD. (Note that the
  # domain-name expansion done for SRV records _does_not
  # occur for PTR records.)
  #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
  # Change the following lines to enable dnsmasq to serve TXT records.
  # These are used for things like SPF and zeroconf. (Note that the
  # domain-name expansion done for SRV records _does_not
  # occur for TXT records.)
  #Example SPF.
  #txt-record=example.com,"v=spf1 a -all"
  #Example zeroconf
  #txt-record=_http._tcp.example.com,name=value,paper=A4
  # Provide an alias for a "local" DNS name. Note that this _only_ works
  # for targets which are names from DHCP or /etc/hosts. Give host
  # "bert" another name, bertrand
  #cname=bertand,bert
  # For debugging purposes, log each DNS query as it passes through
  # dnsmasq.
  #log-queries
  # Log lots of extra information about DHCP transactions.
  #log-dhcp
  # Include a another lot of configuration options.
  #conf-file=/etc/dnsmasq-resolvconf.conf
  #conf-dir=/etc/dnsmasq.d
  domain-needed
  interface=lo
  # If dnsmasq is compiled for DBus then we can take
  # advantage of not having to restart dnsmasq.
  enable-dbus
  conf-file=/etc/dnsmasq-conf.conf
  resolv-file=/etc/dnsmasq-resolv.conf
  Logs:
  May 23 00:01:06 panzor systemd[1]: Failed to start A lightweight DHCP and caching DNS server.
  May 23 00:01:10 panzor dhcpcd[27267]: dhcpcd not running
  May 23 00:01:10 panzor kernel: [ 7771.282756] iwl4965 0000:03:00.0: Can't stop Rx DMA.
  May 23 00:01:10 panzor dhcpcd[27294]: dhcpcd not running
  May 23 00:01:11 panzor dhcpcd[27330]: dhcpcd not running
  May 23 00:01:14 panzor dhcpcd[27373]: wlan0: sendmsg: Cannot assign requested address
  May 23 00:01:18 panzor dhcpcd[27373]: wlan0: sendmsg: Operation not permitted
  May 23 00:01:22 panzor dhcpcd[27395]: wlan0: sendmsg: Operation not permitted
  May 23 00:01:26 panzor dhcpcd[27395]: wlan0: sendmsg: Operation not permitted
  For domain filtration, if I remember correctly, I am using this
  https://bbs.archlinux.org/viewtopic.php?id=139784

• Synchronizing local and remote sites

  Greetings
  I created a site locally and then FTPed it up to a server at
  my ISP. The site was working fine until I made a number of changes
  that I note below. When in DW and I try try to preview in a
  browser, I am unable to view any of the files in any browser
  because DW is unable to locate the files locally and remotely.
  The error message I get is:
  Firefox can't find the file at
  /______/______/_____/_____/ThankYouVeryMuch/Website/tyvmi
  3/index.htm.
  The changes that were made to the site:
  - I reorganized my folders locally thereby creating a new
  root folder. When I tried to add 3 pages, I received several error
  messages. One of them was that DW was unable to locate the home
  page. Another was that it was unable to create the site map and if
  I'm not mistaken DW was unable to create cache files.
  - My client had a friend add some Google analytics to the
  site. This person also created an XML site map. Obviously, the
  local and web sites were not synchronized so I was receiving more
  error messages.
  - I then downloaded the site to a new directory in the new
  root folder I created above. This downloaded site is my local root
  directory in the Site manager and is located at
  ./______/______/_____/_____/ThankYouVeryMuch/Website/tyvmi
  3/index.htm
  - These are my current directories for the site
  thankyouverymuchinc.com:
  Site name: Thank You Very Much Inc
  Local: ThankYouVeryMuch
  ----------> Website
  -------------> tyvmi 3
  ---------------> index.htm
  ---------------> pages
  Remote: host: ip address
  ----------> www/htdocs/
  ---------------> index.htm
  ---------------> pages
  Many thanks
  Marlene

  Do you have a testing server defined?
  Murray --- ICQ 71997575
  Adobe Community Expert
  (If you *MUST* email me, don't LAUGH when you do so!)
  ==================
  http://www.projectseven.com/go
  - DW FAQs, Tutorials & Resources
  http://www.dwfaq.com - DW FAQs,
  Tutorials & Resources
  ==================
  "troika22" <[email protected]> wrote in
  message
  news:[email protected]...
  > Greetings
  >
  > I created a site locally and then FTPed it up to a
  server at my ISP. The
  > site
  > was working fine until I made a number of changes that I
  note below. When
  > in DW
  > and I try try to preview in a browser, I am unable to
  view any of the
  > files in
  > any browser because DW is unable to locate the files
  locally and remotely.
  >
  > The error message I get is:
  > Firefox can't find the file at
  >
  /______/______/_____/_____/ThankYouVeryMuch/Website/tyvmi
  3/index.htm.
  >
  > The changes that were made to the site:
  >
  > - I reorganized my folders locally thereby creating a
  new root folder.
  > When I
  > tried to add 3 pages, I received several error messages.
  One of them was
  > that
  > DW was unable to locate the home page. Another was that
  it was unable to
  > create
  > the site map and if I'm not mistaken DW was unable to
  create cache files.
  >
  > - My client had a friend add some Google analytics to
  the site. This
  > person
  > also created an XML site map. Obviously, the local and
  web sites were not
  > synchronized so I was receiving more error messages.
  >
  > - I then downloaded the site to a new directory in the
  new root folder I
  > created above. This downloaded site is my local root
  directory in the Site
  > manager and is located at
  >
  ./______/______/_____/_____/ThankYouVeryMuch/Website/tyvmi
  3/index.htm
  >
  > - These are my current directories for the site
  thankyouverymuchinc.com:
  >
  > Site name: Thank You Very Much Inc
  >
  > Local: ThankYouVeryMuch
  > ----------> Website
  > -------------> tyvmi 3
  > ---------------> index.htm
  > ---------------> pages
  >
  > Remote: host: ip address
  > ----------> www/htdocs/
  > ---------------> index.htm
  > ---------------> pages
  >
  > Many thanks
  > Marlene
  >

• Recursive and authoritative DNS - DDOS attack

  We are using Windows Server DNS as our external DNS server which is available from internet and used to resolve our domain names. It is placed in DMZ. It is configured as recursive and authoritative. In internal company network we have
  4 Windows DNS servers which have forwarders configured for this DNS server in DMZ. If some attacker from the internet will try to use our DNS server placed in DMZ and available from internet for a lot of recursive queries it could result in denial of service.
  What is the best practice to avoid such attack?

  Actually, there's a rather complex algorithm that's used that's similar to, if not the same as, what the client side resolver on any machine (Windows and non-Windows) uses. It's an industry standard based on RFC definitions.
  More specifics in the following links, if you want to read up on it. And to one's surprise, it doesn't exactly work as one would like it to. The idea is to keep both up and the other one as a backup in case you fully lose the first one.
  DNS Client side Resolver Service and DNS Forwarders Query Algorithm
  http://blogs.msmvps.com/acefekay/2014/03/29/dns-client-side-resolver-service-and-dns-forwarders-query-algorithm/
  This blog discusses:
  WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB). Troubleshooting the browser service.
  Client side resolution process chart.
  The DNS Client Side Resolver algorithm.
  If one DC or DNS goes down, does a client logon to another DC or use the other DNS server in the NIC?
  DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders or more than one IP in the NIC's DNS list)
  Client side resolution process chart
  http://blogs.msmvps.com/acefekay/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm/
  DNS Clients and Timeouts (Part 1 & Part 2), karammasri [MSFT] Dec 2011 6:18 AM
  http://blogs.technet.com/b/stdqry/archive/2011/12/02/dns-clients-and-timeouts-part-1.aspx
  http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx
  DOMAIN NAMES - CONCEPTS AND FACILITIES - Dicusses local resolvers.
  http://tools.ietf.org/html/rfc882
  ==
  To add on how the client resolver picks a nameserver, below is a link to a discussion that points out the following - and please note, the operative point in the first bullet point indicates "equivalent," meaning that all DNS servers you enter into
  a NIC, must all reference the same exact data, so you can't mix nameserver with different data and expect the client to try all of them.
  •by RFC, all nameservers in a zone's delegation are equivalent
  •they are indistinguishable to the client
  •clients are allowed to choose the NS to query with whichever policy they wish
  •if any picked server fails to respond (e.g. "ns3"), then the next server is picked among the remaining set (e.g. ns1 and ns2) according to the policy
  •often clients use sophisticated policies that "score" servers and pick more often the ones that replied faster
  •as a by-product, in practice this policy makes caches favor "nearest" servers
  Above list was quoted from:
  When is a secondary nameserver hit?
  http://serverfault.com/questions/130608/when-is-a-secondary-nameserver-hit
  I hope that helps to understand it better.
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Mountain Lion Mail randomly deletes messages: locally and from server

  Hello,
  Mountain Lion Mail deletes mails randomly, locally and from the IMAP server.
  I have confirmed this for a fact:
  - I have been forwarded lost mails to another (webmail) account: the timestamps indicate that some mails were lost somewhere before I ever saw them on Mail
  - my mail service provider confirmed that their logs show mails that I never saw on Mail
  - the lost mails don't appear via webmail, either, i.e. they're not on the server
  Others are experiencing the same in Lion:
  http://www.seifi.org/email/lion-mail-app-deletes-imap-emails-without-notice-gmai l-important-fix.html
  https://discussions.apple.com/thread/3206902
  I became aware of this as my customer referred on the phone to messages from them that I had never seen. And, Mail deletes messages randomly from the IMAP server too - it's literally eating messages!
  No, this is not a rule issue. No, this is not anything I could have done to cause. This should be evident as very many others are experiencing the same (see the above links).
  This is the worst bug I've ever encountered in any Apple product.
  Apple need to acknowledge this and address it, like, immediately.
  Is there a fix for this? One that works 100% - I really can't risk not receiving business e-mail.
  br Janne

  I'm experiencing something similar. I see a message being received in Mountain Lion via notification. When I'm going to look for this mail, it's gone.
  I dont't have any rules set up and no mail plugins installed. The mail is also vanished from the server. I'm using IMAP on my own web-site (via a service provider). I was able to verify, that a certain message from a certain sender dissapeard, which had a PDF attached. I thought it might have something to do with my ISPs virus protection, but they a) insured me, that they don't delete any mail and b) I got a new mail from someone I don't know this morning. Again: Saw the notification, afterwards the mail is gone.
  For now, I will switch to ThunderBird (this was also the recommendation of my ISP).
  Kind regards
  Marco Heine

• Difference between 006 DNS Servers and 015 DNS Domain Name

  hi,
  what's difference between 006 DNS Servers and 015 DNS Domain Name?
  please guide me.

  Hi
  Option 006 DNS servers           = IP Address of your DNS Server, e.g, 10.10.10.1
  Option 015 DNS Domain Name       = test.local, your domain name.
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Gethostbyaddr() and reverse DNS name do not match

  So we updated to 10.4.6 on our server... and now none of the clients can connect...
  Our DNS and reverse DNS (done by the university IT group) have caps in them... but all the home directories for users are lower case...
  How can I fix this - short of entering all home directory info in by hand? Oh - suggesting that the IT group change the DNS is not helpful as it will not happen.
    Mac OS X (10.4.6)   Server

  A summary - Here's the situation:
  1. I have a 10.4 server running on a G5 tower.
  2. The DNS is operated by the university IT group and our reverse DNS is mixed case... asked and they're not going to change it.
  3. 10.4.6 introduced some funky stuff with FQDN, DNS and case sensitivity issues.
  So... before I changed anything after the 10.4.6 update... users couldn't log in because it couldn't get their home directories...
  The automounter would be looking for:
  /Network/Servers/servername.Psychology.McMaster.CA/Users/username
  While if you looked in /Network/Servers/ you will see:
  /Network/Servers/servername.psychology.mcmaster.ca
  (note the case)
  Alright - moving on:
  4. Tried changing hostconfig HOSTNAME - only worked on local server (and you're not supposed to do this anymore).
  5. Used changeip same IP address, lower-case name to mixed case name... now users could log in.... glory!
  6. Argh... they can log in, but can only intermittently actually get their home directories... seriously. You log in, see your desktop and flash it's gone... clicking on your home directory or desktop in finder gets you 'The volume for "Desktop" cannot be found'... doing "cd ~" and then "ls" from a terminal window sometimes gets you your directory, a partial directory or an error... and even then the ownership maybe the user or root...
  7. Looking in the logs we see:
  May 25 14:48:26 client kernel[0]: AFP_VFS afpfs_unmount: /private/Network/Servers/servername.psychology.mcmaster.ca/Users, flags 524288, pid 490
  May 25 14:48:26 client kernel[0]: AFP_VFS afpfs_MountAFPVolume: GetVolParms failed 0x16
  May 25 14:48:26 client automount[490]: Can't mount servername.Psychology.McMaster.CA:/Users on /private/Network/Servers/servername.Psychology.McMaster.CA/Users: Invalid argument (22)
  May 25 14:48:26 client automount[490]: Attempt to mount /automount/Servers/servername.Psychology.McMaster.CA/Users returned 22 (Invalid argument)
  May 25 14:48:26 client automount[489]: Can't mount servername.Psychology.McMaster.CA:/Users on /private/Network/Servers/servername.Psychology.McMaster.CA/Users: Invalid argument (22)
  (server and client names changed to protect the guilty).
  I'm stumped... and it's to the point that the owner of said server (a staunch apple supporter) is asking if I can replace the server with a Linux box with LDAP/AFP/SMB...
  Any help here?

• Hetrogenous join: ms access local and oracle on server

  Hello
  I want to know if it is possible to join tables from a local client ms access db and an oracle db on a server. I have used the link feature in ms access and the hsodbc feature of oracle, but the ms access db is local and the oracle is not. Is there anyway that I can control the local access db from a link from the oracle db on the remote server?
  Thanx

  There is no such facility as of now to acces Oracle table from DB2 database or anything.
  You can spool the data into flat file for MS access table and import that data into
  Oracle table.

• I tried to update iTunes yesterday.  The update failed.  Now when I try to open iTunes it says that the version isn't localized and needs to be run in English.  It has never been in another language.

  I attempted to update iTunes yesterday.  The update failed.  iTunes now won't open and displays an error message that the program isn't localized and needs to be run in the English version.  I'm in the US and the computer and program has never been used in another language.  I tried reinstalling the full download for the new version and that failed as well.  I logged out; shut down; restarted; retried the update; etc.  Still no luck and the same message.  Thoughts?

  Solving MSVCR80 issue and Windows iTunes install issues.
  Thanks to user turingtest2 for this solution.
  Solving MSVCR80 issue and Windows iTunes install issues.
  If the above doesn’t do the trick entirely, then use the instructions in the following as it applies to the version of Windows you are using:
  HT1925: Removing and Reinstalling iTunes for Windows XP
  HT1923: Removing and reinstalling iTunes for Windows Vista, Windows 7, or Windows 8
  You may be required to boot into safe mode to complete the folder deletion process.