Servermgr_dns: no reverse DNS entry for server

Similar Messages

• Reason: 5.3.0 - Other mail system problem ('550', ['non-existent reverse DNS entry for X.X.X.X

  We have configured a ESA for a customer whose appliance was broken down because of a software problem and being replaced with a new one by cisco.
  Today we have a big problem about Reverse DNS. When they send email to their customers, the remote mail servers reject their messages. I double check the configuration and haven’t found anything. If we route mail traffic over exchange instead of ironport, there aren’t any problem. The broken device worked about 6 months without being connected. Also, the remote server sends a message like:
  Diagnostic information for administrators:
  Generating server: mail.xyz.com.tr
  [email protected]
  [89.19.0.217] #<[89.19.0.217] #5.0.0 smtp; 5.1.0 - Unknown address error 554-'This server requires PTR for unauthenticated connections.' (delivery attempts: 0)> #SMTP#
  Has anyone come across this type of problem or error code?

  Please check the IP address from which the mail is being delivered to the remote server. This address might differ when the mail is routed through the exchange and through IronPort.
  Most probably, the issue could be because of PTR record of the IP address( that IronPort is using to send the mail) is not registered in the DNS or it is not matching with the domain name. Was there any change in the Network configuration on the new ESA compared to the broken down ESA?

• No Name Available / No Reverse DNS Entry in System Log

  On our network, we have two Macs running different versions of OSX Server software. Our "main" server is a G5 dual 2GHz (2.5 Gb RAM) running Leopard Server 10.5.6, and it runs most of our major services such as Open Directory (it’s designated an OD Master), Mail, Web, FTP and DNS. Our "secondary" server is an XServe dual 2.3GHz (G5) (2 Gb RAM) running Tiger Server 10.4.11. It only runs the AFP service and exists solely as our company’s fileserver. Both of its ethernet ports are connected to our company’s 10/100 switch, and the ports are configured as follows: Built-in Ethernet 2 (BSD Device Name en1) IP addr. 10.1.10.154; Built-in Ethernet 1 (BSD Device Name en0) IP addr. 10.1.10.152. In the Network control panel’s Network Port Configurations, Built-in Ethernet 2 (IP address 10.1.154) is moved to the top of the configuration window and as a result, Network Status indicates that that XServe "is connected to the Internet via Built-in Ethernet 2."
  That said, I see the following every 30 minutes in the System log:
  Apr 20 11:01:51 NAGXServe2 servermgrd: servermgr_dns: no name available via DNS for 10.1.10.154
  Apr 20 11:01:51 NAGXServe2 servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  This doesn’t cause any apparent problems in daily operation but if it’s something I could fix myself, I’d be willing to try. In the TCP/IP configuration for both ports, the DNS Server entry points to our "main" G5 server (which has a static IP address) and the Search Domain entry is that "main" G5 server’s domain name.
  In the DNS setup on the "main" G5 server, its domain name is entered in the "Primary Zone" field and its static IP address is entered in the Reverse Zone field; Whois lookups work successfully both forward and backward. But there is no mention of our "secondary" server anywhere in the "main" G5 server’s DNS setup.
  Thanks for any help!

  I am going to assume that the IP addresses you have given are REAL.
  You have to add an entry for NAGXServe2 in the DNS server's (NAGXServe1?) configs.
  First, what you need to enter are hostnames. The zone/domainname (example.com) should resolve to one representative server (your main server) for www service's sake, but otherwise, even your main server should have its own hostname (hostname.example.com).
  Let's say you already have an entry for your domain, example.com. This zone should already have one (or even two) A record, nagxserve1.example.com (and maybe example.com, without any hostname). You need to add another A record for nagxserve2.example.com with the IP address 10.1.10.154.
  You do this buy selecting "Computer (A) record" from the "Add record" dropdown button. A new A record called "newMachine" should appear under the zone record. If you can't see it, try clicking on the little triangle next to the zone/domain name.

• DNS entry for DC not dynamically updating (Server 2008 R2)

  Windows Server 2008 R2. I've got a single DC (I'm preparing to install the 2nd in the next few days). The host (A) record for the DC shows to be static for some reason. I changed the name of the DC recently, then brought down the Exchange server and rebooted
  and it successfully connected again. I might have entered in a static DNS entry for the new server name before renaming the server, but I'm not sure.
  I've tried to delete the static DNS record for the DC and then reload, but it continues to appear as a static entry. The mail server's DNS record still appears as a dynamic entry.
  What am I doing wrong?
  Noel Stanford Oveson
  jeremyNLSO
  MCTS, MCITP, CCENT, CNE, MCSE, CLSE
  Berlin, Germany

  Hello,
  Like Mike suggested, it is normal that it is a static record.
  However, if your DC with its new name is not updating its DNS record, check that "Register this connection' addresses in DNS" is checked on the DC's adapter and then run
  ipconfig /registerdns using an elevated prompt.
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
  Microsoft
  Student Partner 2010 / 2011
  Microsoft
  Certified Professional
  Microsoft
  Certified Systems Administrator: Security
  Microsoft
  Certified Systems Engineer: Security
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows 7, Configuring
  Microsoft
  Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
  Microsoft Certified IT Professional: Enterprise Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer

• Allocating a (local/in-house) IP address and DNS entry for a cabled Ethernet printer

  I have an MI424WR Fios modem/wireless router.  I have a laser printer connected to it using standard CAT-5 cabling.
  I have tried several times to create a persistent enough IP address so that I can configure a Windows (Windows 7 and Windows 8) printer and printer port and get it to work over time.  On ever other router I've had, I was able to configure a static IP address and configure a local DNS entry for it (which meant I could just configure printer ports looking for http://colorlaser - very easy to remember)
  I think I have it working, then I leave it for a few days and the IP address evaporates and the driver stops working.  The MI424WR advanced menus are nearly indecipherable (compared to *every* other home router I've ever used) and I'm running out of curse words to use when trying to get this to work.
  Any ideas?
  Thanks
  Flydog
  (PS: I'm very impressed that your "Spell Check" refuses to recognize "Fios")

  I've solved this exact issue by configuring a static DHCP lease in the router for the printer.  This way, I don't have to change any settings in the printer; which can be difficult depending on how the printer is configured.
  Yes, I agree that the Actiontec router has a rather unfriendly interface.  However, it is quite powerful once you figure out where everything is hidden.
  Here's the process to setup a static DHCP lease for a printer (or any other device):
  Make sure your printer is on and assigned an IP address.
  Login to router
  Click "My Network" in the top banner menu.
  Click "Network Connections" in the left hand menu.
  Click "Network (home/office)" in the Network Connections box.
  Click "IP Address Distribution" in the Network (home/office) Properties box.  Note it is hard to notice this is a link - click on the words.
  Click on the "Connection List" button at the bottom of the IP Address Distribution Box.
  Locate your printer in the list.  The host-name may be something assigned by the router.
  Click on the edit button in the Action column for the printer.  The edit button is the center icon with a pencil on it.
  Click the "Static Lease Type" checkbox.
  Click Apply.
  Click the edit button for the printer's DHCP entry AGAIN.
  Now, you can set the IP address to any value within the router's DHCP range.  You may also want to change the host name to something that make sense to you.
  You can also try the "New Static Connection" at the bottom of the DHCP connection window, however I've not had much luck with it.
  Good Luck!
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.

• Server 2008 RRAS Internal adaptor causing duplicate DNS entry for host

  I have Server 2008 configured with AD, DNS, DHCP and Routing and Remote Access.  The Server is set-up with a static IP address 192.168.127.2 and the DHCP allocates addresses in the range 192.168.127.100/199 to clients.  The RRAS is automatically configured with three adaptors "Loopback" (127.0.0.1), "Local Area Connection" (192.168.127.2) and "Internal" (192.168.127.112 allocated by DHCP).
  The problem is that there are two entries created in DNS for the host, MYSERVER 192.168.127.2 and MYSERVER 192.168.127.112.  This cause a problem with the client computers when they do a DNS lookup in that the MYSERVER ip address is sometimes returned as 192.168.127.112 at logon causing network shares assignment in the logon script to fail (among others).  If the DNS entry is deleted manually everything functions again for a while until the DNS entry is mysteriously created again.
  Can anyone help???

  I agree with Bill, you should not run RRAS service on DC.
  If you need workaround
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\<Interface name>\MaxNumberOfAddressesToRegister
  Data type: REG_DWORD
  Range: 0x0 - 0xFFFFFFFF
  This setting determines the maximum number of IP addresses that can be registered in DNS for this adaptor.
  If the value of this entry is 0, IP addresses cannot be registered for this adaptor.
  OR
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<Interface name>\DisableDynamicUpdate
  0      Enables DNS update registration
  1      Disables DNS update registration
  Please place one of above registry key for adapter that you don't want to register in DNS.
  Hope this helps.

• DNS Entry for User link Versus Admin Link

  I have been asked to create easy links for end users to access their user settings in BOTH Unity Connection and Unifed Personal Communicator.
  For example...
  I want a DNS entry called -- voicemail.  When an end user types that in to a web browser I want it to take them to
  https://ipt-connection1:8443/ciscopca/
  I can only figure out via DNS how to get them to
  http://ipt-connection1/
  I remember back in my days of Windows NT 4.0 I could specify IIS to reconzie what it was being passed and redirect but I have not found a document or option to do this in BOTH Unity Connection and Unifed Personal Cummunicator.
  BOTH Unity Connection and Unifed Personal Communicator are at version 8.6
  Thanks in advance for any guidence.
  Del

  You would need to create user-friendly DNS entries (e.g. https://voicemail ), resolve them to another server that you can modify the IIS/Apache configuration of, and cause it to perform an HTTP redirect to the correct URL for the user. You have no OS access so there is no method for you to modify Apache/Tomcat as you used to with IIS.

• Server 4: open directory entry for server reports wrong IP address

  I'm running Server 4 on a Mac Mini (late 2012) running OS X 10.10.
  The server is configured as a stand-alone machine providing services to users connecting over its fixed IP public address.  The server uses Open Directory to keep record of authorised users of the services provided (mail, calendar, wiki, contacts, some file sharing), and the machine is configured as an OD master.
  I've noticed that the entry relating to the server on the Server 4 panel for Open Directory (the only entry showing by the way) lists three IP addresses below the name of the machine.  My concern is that these IP addresses are not related to the IP address being used by the machine, and there does not appear to be any simple way to change them.  The IPs reported are 10.37.129.2, 10.0.1.2, 10.211.55.2.  The server's fixed IP is in the range 45.146.x.x and the local network running below our router that the server connects to has IPs in the range 192.168.1.x.  So It is not clear where these IPs might be coming from.
  What do these numbers relate to?  If they are important, should they point to the IP address occupied by the server?  If so, how do I make this change in settings?
  Thanks a lot in advance for any help that you can provide.

  <bump>

• Adding Secondary DNS entry in server, but Changes didnt take effects

  Hello.
  we have two servers, at time of installation we didnt configured ADC+secondary Dns in our network, so these servers were configured with only DC and Primary DNS server IP. later on we built ADC with secondary DNS, now when we add ADC+secondary DNS
  IP to these server it demands restart. and after restarting no changes made. means it didnt add  the secondary dns ip.
  Please advise

  Hi,
  Maybe you need to registry the secondary DNS server under Networks in the
  Windows Azure management portal. In addition, it seems that you also need to add the secondary DNS server in the
  DNS Servers and VPN Connectivity page.
  More information:
  Setup a Windows Server 2012 R2 Domain Controller in Windows Azure: IP Addressing and Creating a Virtual Network
  Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks
  In addition, according to the article below, it seems that you can use Powershell to make change in
  .NETCFG files to achieve that.
  Editing DNS in Windows Azure
  Note: Microsoft is providing this information as a convenience to
  you. The sites are not controlled by Microsoft. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best regards,
  Susie

• Servermgrd: Where to specify DNS for server?

  Been having a lot of trouble with Mac OS X Server 10.4.11 (running on PowerMac G5, 2 GHz, 2.5 Gb of RAM) the last few days. Some recurring log items I see are:
  Jun 26 07:40:55 GBG-Server servermgrd: servermgr_dns: no name available via DNS for 172.16.1.64
  Jun 26 07:40:55 GBG-Server servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  I am not using the DNS service within OS X Server, it's a standalone that hosts a few databases and afp:// file sharing. Where does a person specify the "DNS" referred to in the log entries above??

  Hi
  Leif is absolutely correct in what he says, however if all you want the Server to do is host AFP and/or SMB shares you don't need internal DNS services. Admittedly things do work better with them but if you can ignore the warnings in the log it should not affect anything.
  If the Server is supposed to be or may want to be an OD Master then you really must address the problem otherwise you don't really have an LDAP Server and it will cause you problems.
  If you are not having any problems and things are working as they should be, ignore the logs and leave things as they are. Think of it a bit like going out on a sunny day and being warned by everyone you meet that it may rain later on and to take an umbrella with you. Not a great analogy I know but you get the point?
  Tony

• DNS question and no name available via DNS and no reverse DNS errors

  We are running an OS X server, 10.4.11, OD Master. We are getting some error messages, and we have setup DNS to forward requests for example.com. (our website) to our web developer's external web server where our website is being hosted.
  Oct 15 10:29:05 [server name omitted] servermgrd: servermgr_dns: no name available via DNS for 192.168.0.5
  Oct 15 10:29:05 [server name omitted] servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  Oct 15 10:31:48 [server name omitted] /usr/sbin/PasswordService: incorrect digest response
  - and -
  Oct 15 09:54:00 [server name omitted] DirectoryService[103]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
  Some Background:
  We are running internal DNS services only. We have a domain, example.com. and our OS X Server, server.example.com. We have a website that is being hosted offsite by our web developer. Long ago when they were setting up the SSL certificate for the site, they obtained a certificate for example.com INSTEAD of www.example.com. So, our web developer setup a redirect to redirect web requests to www.example.com to example.com.
  Now, this brings us to our OS X server (server.example.com). We are hosting internal DNS with the same domain, example.com. When employees inside our LAN would put in our web address, example.com, or www.example.com, it would take them to our OS X server. As a workaround, in the DNS settings for the zone in server Admin, I set the Server IP address for the zone to "Other" and specified the external address to the server where the site is hosted by our developer then setup an A record for our server. (We cannot forward requests to www.example.com since our web developer automatically redirects these requests to example.com since that is where the SSL certificate and the search engines are linked to).
  Well obviously this had serious repercussions for server stability. So, I set the server IP address back to the address of our OS X server itself, 192.168.0.5.
  Now, I then went into command line and manually edited the zone files. Here's part of our zone file:
  $TTL 3600
  example.com. IN SOA server.example.com. sysadmin.example.com. (
  2008031015 ; serial
  3h ; refresh
  1h ; retry
  1w ; expiry
  1h ) ; minimum
  example.com. IN NS server.example.com.
  example.com. IN A [external IP address of web server]
  server IN A 192.168.0.5
  We are getting the following error messages regularly:
  Oct 15 10:29:05 [server name omitted] servermgrd: servermgr_dns: no name available via DNS for 192.168.0.5
  Oct 15 10:29:05 [server name omitted] servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  Oct 15 10:31:48 [server name omitted] /usr/sbin/PasswordService: incorrect digest response
  - and -
  Oct 15 09:54:00 [server name omitted] DirectoryService[103]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
  Questions:
  Do I need to go back to our zone file and change the A record for example.com. to match our OS X server's address: 192.168.0.5?
  Secondly, is there anything I can do in DNS or elsewhere on the server to redirect web requests to example.com to our web developer's offsite server since the developer's server redirects www.example.com to example.com?
  Thanks in advance? I am stumped.
  Thanks,
  Tyler

  Problem was resolved.
  All I ended up doing was edition my reverse lookup file, db.192.168.0. It was correct, and I simply re-saved it without making any changes. Strangely enough, that did it. No idea why. Maybe a permissions issue with the file?
  I'm still running the server with address record for the domain (example.com.) mapped to our external web server. no problems.
  Tyler

• DNS configuration for webhosting

  Our intention is to use an Xserve as a webhosting platform, but have huge problems in configuring DNS for each domain hosted.
  Can someone provide me with a template what I have to provide for a typical domain name at the server admin tools ?
  How would I proceed to create sub-domains like test.domain.com and sample.domain.com - creating multiple machines with the same IP doesn't allow me to save them (would need to use different IPs) ?
  Also how to set up PTR records ?
  Please find an actual entry below (seems not to work correctly (e.g. DNS report tool state "no reverse DNS entries for MX records")):
  Settings/General:
  Zone transfers allowed
  Recursion disabled
  Settings/Editing zone/General:
  Zone name: domain.com
  Server name: www
  IP address selected
  Name servers:
  www.domain.com (pre-set, not editable)
  dns1.domain.com
  dns2.domain.com
  Admin e-mail set; Zone is valid for six hours - changed from 24 to allow faster updates, hope that this does not cause problems, does ?
  Settings/Machines:
  IP address: Same as before
  Name: www
  Aliases: domain.com
  This machine is a mail server... precedence: 10 (and checkbox marked)
  Other fields are empty
  Any help is appreciated, because I really hang here and need to get it done quickly over the weekend...
    Mac OS X (10.4.8)  

  Thanks for your quick reply
  Apple hasn't fixed a lot of bugs in Server Admin and a lot of the pro users
  have basically suggested doing the DNS zones by hand (which you can easily
  do)
  I noticed this, too. For example when editing a zone and trying to specify name servers, it is a hard job to get the entries in this list. Either they are being removed or not taken over. Such an important service and Apple seems to take care soo less...
  Anyway, I have to live with it
  You wrote:
  First, you'll want to add something like this for each domain you want to
  host in your /etc/named.conf:
  zone "domain1.com" IN {
  file "domain1.com.zone";
  type master;
  and then create /var/named/domain1.com.zone
  which will handle all your cname, A and MX records
  When doing so, do the entries appear at the server admin tool and how does it affect the settings there when (mistakenly) using the admin tools to change a record ?
  Is there a way to do a "spell check" when I made a modification to named.conf or created one of the *.zone files to ensure that there are no errors in what I wrote ?
  Ideally there would be a replacement tool for Apple's server admin tool that manages this task ?
  Or does someone know for a web-based tool that provides basic zone file entries when telling some information about the domain ? So something for dummies...
  And now few stupid questions for your link to zytrax.com...:
  Are the spaces in the sample there spaces or tabs ? And just used for readability or required ?
  For example:
  IN NS ns1.example.com. ; in the domain
  could be written as
  IN NS ns1.example.com
  I guess that ";" (semicolon) marks the beginning of a comment which can be skipped ?
  And what's about the reverse map zone file described at http://www.zytrax.com/books/dns/ch6/reverse-map.html ? Can these entries made in the *.zone file also ?
  I guess I do need these files and entries at named.conf only at the Xserve that should act as primary one and specify the secondary zones at the server tools at the second server ? The primary DNS Xserve would have zone transfers enabled, of course.

• OS X 10.4.11 Server - configured name and reverse DNS do not match / DNS

  Hi all,
  I have looked for similar posts but all seem to have different scenarios, hoping to get an answer from someone more experienced than myself before I do anything silly.
  Help much appreciated!
  Scenario:
  We run a 10.4.11 OS X Server on an XServe, hosted at an ISP. ISP provides all DNS services, incl. the reversed DNS entry.
  I am currently only running the following services (based on the display in ServerAdmin):
  AFP
  Firewall
  iChat
  Mail
  QuickTimeStreaming
  Web
  All others (incl. DNS) are grayed out. (As ISP instructed us not to add a DNS service on our box, that's "normal" according to my experiences with dedicated /co-location server hosting).
  We never used changeip after the initial setup, meaning the server's
  Current Hostname = somename.local and
  DNS Hostname = mail.ourdomainname.net
  So in system.log I find this re-occuring entry:
  Jul 8 11:41:22 somename servermgrd: servermgr_dns: configured name and reverse DNS name do not match (somename.local != mail.ourdomainname.net), various services may not function properly - use changeip to repair and/or correct DNS
  Finally, my question:
  As Mail and Web services etc. are currently running OK from what I can tell,
  1) do I HAVE to change this at all?
  2) Would it be much better / why?
  3) Could I change this using the following command
  (111.11.111.1 indicating the server's IP address)
  changeip 111.11.111.1 111.11.111.1 somename.local mail.ourdomainname.net
  4) without running a DNS server on the machine, i.e. DNS service is not required for this to work?
  5) obviously I want to be able to use Server Admin after I issue this command...
  6) can I fall back easily in case this would screw it up, or is there no risk whatsoever doing this in my case?
  THANK YOU so much for any help!

  Hi Jonas
  If port 443 is already being used on the same box as KMS then it will complain and probably not start the service? I've seen this with LDAP port 636. This is when Kerio is installed on a server configured as an OD Master. Clearly the port can't be used by both servers.
  It might be easier to change the port your sites are currently using to something else? Although don't do anything yet. Pose the question to Kerio Support and see what advice they offer.
  Yes moving the mail to a local folder on the mail client will do it.
  Is Kerio going on the same box? If its a different box (presumably different IP address?) Then what you can do is to port forward to the new server's IP address instead of disabling it. This way while you are bringing the new server on line users can still send mail right up until the time you give instructions on changing their inbound/outbound mail server details. Of course they won't be able to receive but if you time it right they may not even get an error message? Depends on what their schedules are.
  If it was me I would choose IMAP every time. As the mail admin you have full control and a central location for easy backup. KMS has a built in archiving feature that makes this a simple process. This is an easier option than going round individual client machines and making sure mail held locally in POP accounts are backed up. Besides there is always someone who falls through the loop and I'm not taking into account drive failures. It makes good sense anyway as there is talk of legislation being introduced to make this a requirement for businesses who run their own mail servers. This is certainly true for certain parts of the US and what usually happens there is generally taken up in the UK and most parts of Europe.
  Kerio's WebMail Client means users don't even have to have their own computer. Just as long as they have access to one that has access to the internet they can send/receive mail. No need for dedicated mail applications such as Apple Mail, Thunderbird, Entourage etc. How mail is uses remains consistent for all users.
  Yes. I did this not so long ago with Leopard's built in Mail Server. I sent an e-mail defining a time when no inbound mail would be received. Disabled port forwarding for SMTP port 25 and approx 30 minutes after that another mail stating no outbound mail should be sent. Once everything was swopped over (we were changing from a G4 10.4 server to a G5 10.5 Server) port 25 was enabled, new server brought online and everyone was mailing again with no appreciable downtime.
  These boxes were to have the same IP address hence the slightly different approach.
  Does this help?
  Tony

• I need help with proper DNS setup for 10.5.8 Server

  I'm administering a 10.5.8 server that I sold and setup about a year ago. I'm experiencing issues with getting iCal server to be happy. All of the clients are running 10.5.8, but I'm running 10.6.1. I've heard from others that connecting iCal in 10.6 to a 10.5 iCal Server should be no problem.
  I'm beginning to think that I have DNS issues. Probably because I'm not and never have been 100% certain how to set it up completely correctly. I used to be able to get Kerberos tickets, but now I can't. With the new "Ticket Viewer" in 10.6, it asks for two bits of information. First is "Identity" where I'm guessing I should put [email protected] and then password. When I do this I get an alert dialog that says "Kerberos Error -- cannot resolve network address for KDC in realm example.com"
  The server is a Mac Pro tower with two Ethernet ports. En2 is connected directly to the Internet and has a static IP with a domain name assigned to it. We'll call it "example.com" for the purposes of the discussion. The En1 is connected to the network switch and has a static LAN IP of 192.168.1.250. All clients inside and outside are able to reach the server via domain name for WWW & AFP, no problem.
  nslookup on the static IP address returns "example.com" and nslookup on "example.com" returns the correct static IP address. Open Directory is running and happy including Kerberos. The LDAP search base is "dc=example,dc=com". The LDAP search base is a concept I haven't quite grasped, so I'm just going to assume it's correct.
  The domain name is hosted outside by a service provider that forwards all "example.com" requests to the server with the exception of mail.
  In DNS, I have three "sections" that look like this:
  Name Type Value
  1.168.192.in-addr.arpa. Reverse Zone -
  192.168.1.250 Reverse Mapping example.com.
  000.000.00.in-addr.arpa. Reverse Zone -
  000.000.000.000 Reverse Mapping example.com.
  com. Primary Zone -
  mail.example.com. Alias mail.our-email-isp.com.
  example.com. Machine Multiple values
  www.example.com. Machine Multiple values
  NOTE: the zeros aren't actually zeros, they are the static IP assigned to the server/domain
  When I select the top element "1.168.192.in-addr.arpa." down below "Allows zone transfer" is NOT checked. Nameservers shows the zone as "1.168.192.in-addr.arpa." and the Nameserver Hostname as "ns.example.com."
  When I select the next line down "192.168.1.250", Resolve 192.168.1.250 to: example.com.
  When I select the "000.000.00.in-addr.arpa." element, it has the same settings -- nameservers "000.000.00.in-addr.arpa." and "ns.example.com."
  When I select the next line down (our static IP), Resolve 000.000.000.000 to: example.com.
  When I select "com." the admin email is populated with a valid email address, Allows zone transfer is NOT checked. In nameservers, Zone is "com." and Nameserver Hostname is "example.com." The mail exchangers are mail2.our-email-isp.com. priority 10 and mail.our-email-isp.com. and priority 20.
  When I select the machine "example.com." it shows both the real-world static IP and the 192.168.1.250, same with "www.example.com.".
  Am I doing something wrong with this setup? Should "com." be the primary zone or should that be "example.com." ???
  I've been thinking about getting rid of the DNS entry for the 192.168.1.250 address altogether, but will the clients in the office suffer performance issues??? I do not think that the client workstations are configured to get DNS from the server anyway. Should the "www.example.com." record be a Machine record or should it be an alias record?
  Any help you have to offer is greatly appreciated! Thanks!
  In the meantime, I'm going to look around and see if I can understand "Allows zone transfer" and LDAP Search base a bit better.

  Okay, I found a lovely article at the following address which I think helps me to clarify what I'm doing wrong. Despite that, I'd still like to have any feedback you have to offer.
  http://www.makemacwork.com/configure-internal-dns-1.htm
  Also, when editing DNS entries, Server Admin likes to set the nameserver to "ns." -- whatever your domain is. Should I be overriding that and if so, replace it with what?

• Set up reverse DNS for virtual mail hosting

  I need a bit of server configuation advice.
  I have a static IP and two public domains on a Snow Leopard server connected using NAT behind a firewall - with the necessary port forwarding to ensure all works. 
  1. abc.com is my primary domain on the server - server.abc.com
  2. I have xyz.com set up as a virtual domain and also as a virtual mail host
  This setup has worked well for a long time but I have found that emails to [email protected] are going missing.  If I check my mx records using one of the web based tools it show an error on the reverse dns for server.xyz.com showing a reverse DNS of server.abc.com.
  So the question - is it possible to have secondary 'virtual' DNS record on the server so reverse DNS works for the virtual mail host xyz.com?  If not how do I handle the reverse DNS problem which i think is causing some external mail server to reject mail due to the inconsistency on the reverse DNS lookup?
  Many thanks for any suggestions

  SMTP requires a DNS A record.
  A DNS A record is also known as a machine record.
  A DNS A record inherently means that forward DNS and reverse DNS will match.
  The forward translation translates the host name to the IP address.
  The reverse translation translates the IP address to host name.
  When the full translation produces the same host name, that's an A record.
  DNS CNAME records are aliases, and are used for virtual hosts.
  CNAME records inherently do not match the reverse DNS translations.
  To get your configuration to work, your server must have an A record.
  That means forward and reverse DNS will match.
  Any of the virtual hosts within your mail server then all use an MX pointing at the A record host.
  If you have your DNS hosted somewhere other than your ISP, then you'll need your ISP to set up a DNS PTR.
  The DNS PTR is the reverse translation; address to name.
  If you have your own DNS services within your network (as would be typical with a privately-addressed NAT'd network), set that up as a virtual host within SMTP.
  Here is some related reading on external (public) DNS, as related to SMTP servers and such.