Set up a proper live and local DNS behind a router
Hello dear friends,
I'm new to Snow Leopard Server and also i'm quite inexperienced in setting up DNS. We bought a Mac Pro for out small company along with Snow Leopard Server to become independent from our ISP, for some specific services like web hosting, mail and to bring up new services like Address book server, iCal server, FTP, Mobile access etc...
So for me to do that i have to set up our own DNS first. We already bought our domain name (crisconsult.ro) and since then the site has been hosted on our ISP and then aliased to Apple. We also have our own (fix) public IP 80.86.123.116.
Having installed SL Server and set-up, behind an Airport extreme router, the server was unable to pick up our name server which is ns.crisconsult.ro. Since the router is the first in the network, the server became second with a local IP 10.0.1.2. This is the same IP that the server automatically set up for DNS, BUT if i keep this ip on our name server (ns) i feel it's not good since:
host ns.crisconsult.ro returns
ns.crisconsult.ro has address 10.0.1.2
and host 80.86.123.116 returns
116.123.86.80.in-addr.arpa domain name pointer ns.crisconsult.ro.
As i understand there should be our public IP (80.86.123.116), BUT all the tutorials on the net regarding setting up DNS in Leopard Server point that at DNS one should put the machine's own local IP and have the machine look at itself as DNS in network settings.
So? Is there a local DNS and a public DNS to set up? What gives?
I could really appreciate some help in configuring DNS, along to some good and real examples of DNS servers configured behind a router.
Thanks,
Andrei
Andrei,
I too, would love nothing more than to be able to use DNS on my 10.4, 10.5 & 10.6 servers. Unfortunately, the only way I have found to effectively wield a somewhat complete level of control over the bind DNS included with the server, is to abandon all usage of the Server Admin DNS control in favor of something like webmin. The good news is, webmin gives you a host of other features that I (sadly) don't expect to see within the Apple Server GUI any time soon.
Bad news, is that the 'best practice' way of setting up a stable, functional DNS on a Mac Server seems to be: clean install, webmin install, and never, ever use the apple DNS interface. Similar rule applies to web server.
I like to think the measure of a good admin is the ability to fix the problem(s) without having to reinstall completely. However, I can say from much experience and extensive googling, that what you are trying to do is a game of hopscotch in a minefield. You should be VERY familiar with the installation and setup process once you have your box configured the way you want it.
Hopefully one day Apple will decide to take the bull by the horns and address teh fact that DNS is an integral part of a sever set up these days and provide us users with some of that Apple think-outside-the-box-so-you-dont-have-to product that they have been so well known for. I can't say whether they're in too much of a hurry deploying video iPods or super-duper mice that the server product that you and I would love to see work efectively simply doesn't.
Sorry to get on a rant, I just want to save you some time that I lost figgerin' on this vexing enigma. I can use citations for my assertions if need be.
-Chance
Similar Messages
-
How do I set a manual IP address and manual DNS servers for my HP Photosmart 7525 Printer?
Cannot print. Had difficulty when printer was initially set up. Assstance from "happytohelp01" resolved the issue by advising me; a manual IP address andmanual DNS servers for the printer. I did not write down the information and now my printer is not working (it did work for about a month), now nada. I initially had problems connecting to the web server - now its doing the same thing, but I don't know what IP adderss and DNS to use. Please help if you can.
This question was solved.
View Solution.Hi @LaceyNo1,
Welcome to the HP Forums!
I understand that you are wondering, how to set a manual IP address, and manual DNS servers for your HP Photosmart 7525 Printer. I am happy to look into this for you!
After some searching, I believe I have found the post, that my colleague @happytohelp01, helped you with. Located at this post, Re: Photosmart 7525.
Hope this is what you were looking for, and have a good day!
RnRMusicMan
I work on behalf of HP
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos Thumbs Up" to say “Thanks” for helping! -
Problem with set up airport time capsule and ATT net gear 7550 router
how to set-up airport time capule to work with AT&T Netgear 7550 router. i keep getting an error
Since this is a full router.. simply set the TC to bridge mode..
Plug WAN TC into the LAN of the Netgear.
Highly recommend using ethernet to do setup as well.
Go to airport utility.. and select the TC. If it doesn't appear in the airport utility tell us.
When you click it a summary page will come up.. click edit on the summary.
Go to the network tab and select bridge mode..
Then go to the wireless tab.. you can choose here from a few options.. I recommend create a wireless network. And use a different name to the existing wireless of the Netgear.. use wireless names that are short, no spaces and pure alphanumeric.. they just work better. Use it for whatever device is going to use the TC to backup.. for internet it doesn't matter if you connect to the netgear or the TC .. whichever is better connection. -
Howto set up proper utf-8 locales and german umlaute?
Hi there,
have some issues here and i think it has something to do with my locales... I have them since one of the last updates i think...
First problem:
In Kopete, i can send the german "umlaute" (ä, ö, ü) to others and they are sent and displayed correctly at their side... But when they send me these characters, i get only a square and a deleted next-letter-in-the-word by them. This happens with every theme and font combination in kopete. Here is an example:
Second problem:
In Konsole, the "umlaute" are correctly displayed on my folders, but in the messages i get the chars are simply deleted and not visible. This happens in the VC and in Xorg too. Here is another example:
(It should mean "Keine Handbuch Seite für pacman.conf")
My config:
I think i have configured my System properly, well at least i hope that Here are the relevant parts of my config files:
/etc/rc.conf:
LOCALE="de_DE.utf8"
KEYMAP="de"
CONSOLEFONT=
CONSOLEMAP=
/etc/profile:
export LANG="de_DE.utf8"
export LANGUAGE="de_DE.utf8"
/etc/locale.gen:
de_DE.UTF-8 UTF-8
en_US.UTF-8 UTF-8
And "locale -a" gives me:
C
POSIX
de_DE.utf8
en_US.utf8
The fonts I use:
KDE GUI: Bitstream Vera Sans (everywhere)
Y-Terminal (Konsole) Font: Bitstream Vera Sans mono
So, how can i configure a proper german utf-8? I have already searched the forums (both here and the DE one) and the wiki, but found no solution to this....
THX
FunkyouThx for the suggestions, but none of them seems to solve it...
baze:
This line was already uncommented and i have generated my locales for several times now... I have updated my post with the uncommented lines in /etc/locale.gen, just to collect all information...
Romashka:
Ok, but what if the two variables contain the same content? I mean, when i define LANG="de_DE.utf8" in /etc/profile and it is then overwritten by /etc/profile.d/lang.sh with LANG="de_DE.utf8", then this is simply the same variable defined twice with the same content... I have tried to unset the one in /etc/profile, but it did not solve it...
As for CONSOLEFONT, i had never one defined, can anyone suggest me a proper one? And the other question is: Its not working on the terminals, but it is also not working in Xorg, so is this really a CONSOLEFONT issue?
I have tried another thing and switched my locales to de_DE@euro ISO-8859-15, and with this setting the chars appear correctly... But i cannot be the only one where it does not work, i feel so excluded without UTF-8
Have also tried another terminal in Xorg... In XTerm the chars are not deleted like in Kopete or on the VC, but i see an inverted question mark instead of them... -
Dear all,
with the help of this forum I was abel to set up the Domain, external-IP, DNS-A and PTR-Records at the domainname-server of my IPS.
Now I tried to setup the mac mini server as a DNS server. Here you can see my settings:
http://dl.dropbox.com/u/427417/Screen%20shot%202010-02-09%20at%2009.33.54.jpg
http://dl.dropbox.com/u/427417/Screen%20shot%202010-02-09%20at%2009.34.13.jpg
http://dl.dropbox.com/u/427417/Screen%20shot%202010-02-09%20at%2009.35.10.jpg
http://dl.dropbox.com/u/427417/Screen%20shot%202010-02-09%20at%2009.35.17.jpg
http://dl.dropbox.com/u/427417/Screen%20shot%202010-02-09%20at%2009.35.29.jpg
http://dl.dropbox.com/u/427417/Screen%20shot%202010-02-09%20at%2009.35.38.jpg
http://dl.dropbox.com/u/427417/Screen%20shot%202010-02-09%20at%2011.00.55.jpg
I set it up with the instructions read in this forum and a tutorial at lynda.com.
changeip works:
http://dl.dropbox.com/u/427417/Screen%20shot%202010-02-09%20at%2009.43.53.jpg
I would be very glad if someone could take a look at the setup.
Do i have to make a A-Record for iCal and adressbook server? Also I only have one macmini-server?
Should the DNS server (192.168.1.133) be the first DNS entry in the Router(for the Clients to find the DNS-Server?) and the DNS-Servers of my IPS the DNS2??:
http://dl.dropbox.com/u/427417/Screen%20shot%202010-02-09%20at%2011.03.56.jpg
Finally, If I install the server again I should enter here:
http://dl.dropbox.com/u/427417/networkname.jpg
as "Primary DNS Name": internal.example.com or is it advanced.internal.example.com
Any suggestions are very much appreciated.
Dietmar
Message was edited by: dietmar
Message was edited by: dietmar
Message was edited by: dietmar
Message was edited by: dietmarMrHoffman wrote:
I've not reviewed your screen shots.
well, they are also quit a lot
[Here are my DNS set-up notes|http://labs.hoffmanlabs.com/node/1436]
I went spelunking in the iCal and Address Book stuff a while back and it didn't seem strictly necessary to have the iCal records. The iCal records are SRV records, and not A records. The AB server is probably going to use an existing A record for your server.
But I only need a record if the iCal or AB server is running on another mac. I only enable iCal and AB in ServerAdmin on my only macminiserver, this doesn't need ANY record, or am I wrong here?
Your DNS server(s) should be the only server registered with the router.
With your instructions on your homepage I understand this point now.
But other parts of the instructions are confusing for me. Mainly as you are using more "general terms" then the exact word written in ServerAdmin. e.g. you are using the terms: DNS nameserver server; nameserver; DNS-Server. And not "Primery zone name" or "Nameserver Hostname" like in ServerAdmin.
So I will try to translate your instructions for me:
_Add a forward primary zone for example.com. (note that trailing dot), and select the DNS nameserver server for that zone as 192.168.1.30 or whatever the IP address of your host (and now your DNS server). You'll want to enable the nameserver IP zone name and the DNS server IP address or host name (via the plus sign), the administrator email address, and will probably want to leave the zone transfer option disabled and the mailserver blank._
1. Add Primery Zone (Master):
_Primary Zone Name: mainoffice.com.
_Nameservers:
"Zone": mainoffice.com.
"Nameserver Hostname": advanced.mainoffice.com.
2. Add Machine Record (A)
_Machine Name advanced.mainoffice.com.
_IP-Adress 192.128.1.133
Next you write:
_Add an A record for IPv4 and an AAA record for IPv6 hostnames; here using the "hostname" selection._
I only need this if I run e.g. a Mail-Server or Workgroup Server on a another mac-server? I think in my case (iCal and AB) I dont need it.
_For testing use dig_
as I am unfamiliarly with this command, I used the application "Network Utility"/ Lookup
with positive results.
_After you have it all working, aim your clients at your new Snow Leopard Server DNS server box via explicit specification for via DHCP setting. Do not reference the ISP settings directly from your clients._
so on the clients under Systempreferences/Network/Ethernet/DNS there should be ONLY 192.168.1.133
The last thing I'm uncertain ist this:
_On your newly-configured DNS server, configure the NIC on the server to reference the host localhost (or the 127.0.0.1 address) as the DNS server; to loop or direct the local DNS host's own DNS queries back to the local DNS server box itself. This will cause the DNS server box use itself for DNS. Use the IP loopback address here, and not the host's own IP address._
so on the macmini server under Systempreferences/Network/Ethernet/DNS there should be ONLY 127.0.0.1 or advanced.mainoffice.com
... and NOT 192.168.1.133
Your instructions are a big help for me, also it may not look like this after all this questions. I would be very happy if you can answer me this open questions to me and the community.
Dietmar -
Hi all,
i have a local DNS server for some local stuff like website,ldap and so on and the normal ISP DNS.
On Client i have entered the local DNS IP (xxx.xxx.xxx.xxx) and the ISP DNS IP (yyy.yyy.yyy.yyy).
So here is my problem when the Local DNS IP is on top of the table i can surf only the local websites but not the public. vice versa is it for when i have the ISP DNS IP on top. what can i do to surf all website, the local and the public.Your DNS is asking a "lame" server for DNS; you're not getting an authoritative response to the query.
The target DNS server for the query isn't configured correctly; the local DNS server has found a target DNS server for the domain as being authoritative for the zone, but the target DNS server is not configured as being authoritative for the zone.
i configured my router for forwarding the port 53 to my local dns, but it didn't solved the problem!
That's not what I'd choose here.
Your clients are aimed at your DNS server. Your DNS server is aimed at your ISP servers. Your firewall is set to pass DNS out, but (generally) to block inbound DNS requests. Your DHCP is set to serve your DNS server address. If you've been tossing configuration changes and such here within your clients and your DNS servers, then you may well have some stale stuff in the DNS caches, too. -
I have a 16 year I support that lives in Haiti. He has a computer, but is not able to charge on a credit card. If I purchase prepaid Itunes gift cards, is he able to set up a Itunes account and use these gift cards. That would be his only method of pay
Hi judifrom!
I have some links for you that can help shed some light on the subject of gifting through iTunes and Apple IDs. The first can be found in this link:
Gifting - Apple Store (U.S.)
http://store.apple.com/us/help/gifting
and the relevant information in that link can be found right here:
Gift Cards and Certificates are valid for use only in the country in which they were purchased. Only residents of the U.S may redeem gift certificates purchased in the U.S.
You can still help them set up an Apple ID without payment information so that they can download free items through the iTunes store though. The steps for performing that can be found in the following article:
Creating an iTunes Store, App Store, iBookstore, and Mac App Store account without a credit card
http://support.apple.com/kb/ht2534
Thanks for using the Apple Support Communities!
Cheers,
Braden -
Setting Up Mailserver to received and Send Mail for external Network
I have a G5 currenty running 10.3.9 Server with Mail services run and working fine, we are upgrading to 10.4 Server and would like our Sales Reps the ability to send and Receive mail from outside the office. How do I configure my server, Router, ISP and/or Mail clients to do this??? we are currently able to recieve mail from outside just not send.
I cannot find the Line #submission inet n - n -- smtpd in the Main.CF file...here is what I get when I open it
# Global Postfix configuration file. This file lists only a subset
# of all 250+ parameters. See the sample-xxx.cf files for a full list.
# The general format is lines with parameter = value pairs. Lines
# that begin with whitespace continue the previous line. A value can
# contain references to other $names or ${name}s.
# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
# POSTFIX STILL WORKS AFTER EVERY CHANGE.
# SOFT BOUNCE
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
queue_directory = /private/var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
daemon_directory = /usr/libexec/postfix
# QUEUE AND PROCESS OWNERSHIP
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#mydomain = domain.tld
# SENDING MAIL
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# [email protected].
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
# Note: you need to stop/start Postfix when this parameter changes.
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see sample-virtual.cf).
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# sample-smtpd.cf).
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#mydestination = $myhostname, localhost.$mydomain
#mydestination = $myhostname, localhost.$mydomain $mydomain
#mydestination = $myhostname, localhost.$mydomain, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination and $inet_interfaces.
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
# - You redefine the local delivery agent in master.cf.
# - You redefine the "local_transport" setting in main.cf.
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see sample-local.cf).
# Details are described in the LOCAL_RECIPIENT_README file.
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a [email protected] address.
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# $inet_interfaces, while $local_recipient_maps is non-empty and the
# recipient address or address local-part is not found.
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#unknown_local_recipient_reject_code = 550
unknown_local_recipient_reject_code = 450
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in file sample-smtpd.cf.
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions restriction in the
# file sample-smtpd.cf for detailed information.
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction in the file sample-smtpd.cf.
#relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
# If you're connected via UUCP, see also the default_transport parameter.
#relayhost = $mydomain
#relayhost = gateway.my.domain
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a [email protected] address.
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 50 SMTP server process
# limit, this limits the mail inflow to 50 messages a second more
# than the number of messages delivered per second.
# Specify 0 to disable the feature. Valid delays are 0..10.
#in_flow_delay = 1s
# ADDRESS REWRITING
# Insert text from sample-rewrite.cf if you need to do address
# masquerading.
# Insert text from sample-canonical.cf if you need to do address
# rewriting, or if you need username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
# Insert text from sample-virtual.cf if you need virtual domain support.
# "USER HAS MOVED" BOUNCE MESSAGES
# Insert text from sample-relocated.cf if you need "user has moved"
# style bounce messages. Alternatively, you can bounce recipients
# with an SMTP server access table. See sample-smtpd.cf.
# TRANSPORT MAP
# Insert text from sample-transport.cf if you need explicit routing.
# ALIAS DATABASE
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#recipient_delimiter = +
# DELIVERY TO MAILBOX
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination
# and unknown@[$inet_interfaces] is returned as undeliverable.
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
# luser_relay works only for the default Postfix local delivery agent.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#luser_relay = [email protected]
#luser_relay = [email protected]
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
# The controls listed here are only a very small subset. See the file
# sample-smtpd.cf for an elaborate list of anti-UCE controls.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
# For details, see the sample-filter.cf file.
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# By default, Postfix maintains deferred mail logfile information
# only for destinations that Postfix is willing to relay to (as
# specified in the relay_domains parameter). For other destinations,
# Postfix attempts to deliver ALL queued mail after receiving the
# SMTP "ETRN domain.tld" command, or after execution of "sendmail
# -qRdomain.tld". This can be slow when a lot of mail is queued.
# The fast_flush_domains parameter controls what destinations are
# eligible for this "fast ETRN/sendmail -qR" service.
#fast_flush_domains = $relay_domains
#fast_flush_domains =
# SHOW SOFTWARE VERSION OR NOT
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 10
# DEBUGGING CONTROL
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# If you don't have X installed on the Postfix machine, try:
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
# INSTALL-TIME CONFIGURATION INFORMATION
# The following parameters are used when installing a new Postfix version.
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
sendmail_path = /usr/sbin/sendmail
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
newaliases_path = /usr/bin/newaliases
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
mailq_path = /usr/bin/mailq
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
setgid_group = postdrop
# manpage_directory: The location of the Postfix on-line manual pages.
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
sample_directory = /usr/share/doc/postfix/examples
# readme_directory: The location of the Postfix README files.
readme_directory = /usr/share/doc/postfix
# THE FOLLOWING DEFAULTS ARE SET BY APPLE
# bind to localhost only
inet_interfaces = all
# turn off relaying for local subnet
mynetworks_style = host
# mydomain_fallback: optional domain to use if mydomain is not set and
# myhostname is not fully qualified. It is ignored if neither are true.
mydomain_fallback = localhost
myhostname = jamestownpress.com
mailbox_transport = cyrus
enable_server_options = yes
luser_relay =
maps_rbl_domains = dun.dnsrbl.net
message_size_limit = 0
mydestination = $myhostname,localhost.$mydomain
smtpd_use_tls = no
smtpd_enforce_tls = no
smtpd_tls_loglevel = 0
smtpd_sasl_auth_enable = yes
smtpd_use_pw_server = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
smtpd_pw_server_security_options = plain
server_enabled = 1
relayhost =
smtpd_client_restrictions = permit_mynetworks reject_rbl_client dun.dnsrbl.net permit
always_bcc =
mynetworks = 127.0.0.1/32,192.168.0.0/16,192.168.1.98,192.168.1.3,192.168.1.13,192.168.1.5,1 92.168.1.22,192.168.1.18,192.168.1.41
content_filter = smtp-amavis:[127.0.0.1]:10024
so what do I need to change -
Resolve.conf, dnsmasq and external DNS servers
I am using dnsmasq to filter out ad urls, so my /etc/resolv.conf looks like that:
# Generated by dhcpcd from wlan0
nameserver 127.0.0.1
domain home
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line
However, it looks like after getting through the url filtration layer of dnsmasq, the URLs are being resolved by a DNS sever of whatever Access Point I am connected to. This create problems, because they often render me unable to connect to services like sourceforge.net, etc.
So, instead of that, I would like my system to fall back to Google and OpenDNS after filtering urls through dnsmasq.
But how can I do that? This is a specific case and wiki does not cover it.
Last edited by Lockheed (2013-05-19 16:50:43)$ cat /etc/resolv.conf
# Generated by dhcpcd from wlan0
nameserver 127.0.0.1
nameserver 8.8.8.8
domain home
# /etc/resolv.conf.tail can replace this line
The google DNS is what I put in there earlier to be able to use internet after dnsmasq stopped starting.
$ cat /etc/resolvconf.conf
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details
resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
name_servers=127.0.0.1
# Write out dnsmasq extended configuration and resolv files
dnsmasq_conf=/etc/dnsmasq-conf.conf
dnsmasq_resolv=/etc/dnsmasq-resolv.conf
$ cat /etc/dnsmasq.conf
# Configuration file for dnsmasq.
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
#port=5353
# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# unnecessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link unnecessarily.
# Never forward plain names (without a dot or domain part)
#domain-needed
# Never forward addresses in the non-routed address spaces.
#bogus-priv
# Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly.
# Note that (amongst other things) this blocks all SRV requests,
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
# This option only affects forwarding, SRV records originating for
# dnsmasq (via srv-host= lines) are not suppressed by it.
#filterwin2k
# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
#resolv-file=/etc/resolv-dnsmasq.conf
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
strict-order
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
#no-resolv
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
#no-poll
# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1
server=208.67.222.222
server=208.67.220.220
# Example of routing PTR queries to nameservers: this will send all
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
#server=/3.168.192.in-addr.arpa/10.1.2.3
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
#local=/localnet/
# Add domains which you want to force to an IP address here.
# The example below send any host in double-click.net to a local
# web-server.
#address=/double-click.net/127.0.0.1
# --address (and --server) work with IPv6 addresses too.
#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
# You can control how dnsmasq talks to a server: this forces
# queries to 10.1.2.3 to be routed via eth1
# server=10.1.2.3@eth1
# and this sets the source (ie local) address used to talk to
# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
# IP on the machine, obviously).
# [email protected]#55
# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
#user=
#group=
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=lo
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=127.0.0.1
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP and TFTP on it.
#no-dhcp-interface=
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
#bind-interfaces
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
addn-hosts=/etc/hosts.block
#hostsfile=/etc/hosts.block
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
#expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=thekelleys.org.uk
# Set a different domain for a particular subnet
#domain=wireless.thekelleys.org.uk,192.168.2.0/24
# Same idea, but range rather then subnet
#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
#dhcp-range=192.168.0.50,192.168.0.150,12h
# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
# agent. If you don't know what a DHCP relay agent is, you probably
# don't need to worry about this.
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
# This is an example of a DHCP range which sets a tag, so that
# some DHCP options may be set only for this network.
#dhcp-range=set:red,192.168.0.50,192.168.0.150
# Use this DHCP range only when the tag "green" is set.
#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
# Specify a subnet which can't be used for dynamic address allocation,
# is available for hosts with matching --dhcp-host lines. Note that
# dhcp-host declarations will be ignored unless there is a dhcp-range
# of some type for the subnet in question.
# In this case the netmask is implied (it comes from the network
# configuration on the machine running dnsmasq) it is possible to give
# an explicit netmask instead.
#dhcp-range=192.168.0.0,static
# Enable DHCPv6. Note that the prefix-length does not need to be specified
# and defaults to 64 if missing/
#dhcp-range=1234::2, 1234::500, 64, 12h
# Do Router Advertisements, BUT NOT DHCP for this subnet.
#dhcp-range=1234::, ra-only
# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
# hosts. Use the DHCPv4 lease to derive the name, network segment and
# MAC address and assume that the host will also have an
# IPv6 address calculated using the SLAAC alogrithm.
#dhcp-range=1234::, ra-names
# Do Router Advertisements, BUT NOT DHCP for this subnet.
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
#dhcp-range=1234::, ra-only, 48h
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration information.
# They will use SLAAC for addresses.
#dhcp-range=1234::, ra-stateless
# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
# from DHCPv4 leases.
#dhcp-range=1234::, ra-stateless, ra-names
# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overriden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.
#enable-ra
# Supply parameters for specified hosts using DHCP. There are lots
# of valid alternatives, so we will give examples of each. Note that
# IP addresses DO NOT have to be in the range given above, they just
# need to be on the same network. The order of the parameters in these
# do not matter, it's permissible to give name, address and MAC in any
# order.
# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60
# Always set the name of the host with hardware address
# 11:22:33:44:55:66 to be "fred"
#dhcp-host=11:22:33:44:55:66,fred
# Always give the host with Ethernet address 11:22:33:44:55:66
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
# Give a host with Ethernet address 11:22:33:44:55:66 or
# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
# that these two Ethernet interfaces will never be in use at the same
# time, and give the IP address to the second, even if it is already
# in use by the first. Useful for laptops with wired and wireless
# addresses.
#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
# Give the machine which says its name is "bert" IP address
# 192.168.0.70 and an infinite lease
#dhcp-host=bert,192.168.0.70,infinite
# Always give the host with client identifier 01:02:02:04
# the IP address 192.168.0.60
#dhcp-host=id:01:02:02:04,192.168.0.60
# Always give the host with client identifier "marjorie"
# the IP address 192.168.0.60
#dhcp-host=id:marjorie,192.168.0.60
# Enable the address given for "judge" in /etc/hosts
# to be given to a machine presenting the name "judge" when
# it asks for a DHCP lease.
#dhcp-host=judge
# Never offer DHCP service to a machine whose Ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
# Ignore any client-id presented by the machine with Ethernet
# address 11:22:33:44:55:66. This is useful to prevent a machine
# being treated differently when running under different OS's or
# between PXE boot and OS boot.
#dhcp-host=11:22:33:44:55:66,id:*
# Send extra options which are tagged as "red" to
# the machine with Ethernet address 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,set:red
# Send extra options which are tagged as "red" to
# any machine with Ethernet address starting 11:22:33:
#dhcp-host=11:22:33:*:*:*,set:red
# Give a fixed IPv6 address and name to client with
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
# Note also the they [] around the IPv6 address are obilgatory.
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
# Ignore any clients which are not specified in dhcp-host lines
# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
# This relies on the special "known" tag which is set when
# a host is matched.
#dhcp-ignore=tag:!known
# Send extra options which are tagged as "red" to any machine whose
# DHCP vendorclass string includes the substring "Linux"
#dhcp-vendorclass=set:red,Linux
# Send extra options which are tagged as "red" to any machine one
# of whose DHCP userclass strings includes the substring "accounts"
#dhcp-userclass=set:red,accounts
# Send extra options which are tagged as "red" to any machine whose
# MAC address matches the pattern.
#dhcp-mac=set:red,00:60:8C:*:*:*
# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
#read-ethers
# Send options to hosts which ask for a DHCP lease.
# See RFC 2132 for details of available options.
# Common options can be given to dnsmasq by name:
# run "dnsmasq --help dhcp" to get a list.
# Note that all the common settings, such as netmask and
# broadcast address, DNS server and default route, are given
# sane defaults by dnsmasq. You very likely will not need
# any dhcp-options. If you use Windows clients and Samba, there
# are some options which are recommended, they are detailed at the
# end of this section.
# Override the default route supplied by dnsmasq, which assumes the
# router is the same machine as the one running dnsmasq.
#dhcp-option=3,1.2.3.4
# Do the same thing, but using the option name
#dhcp-option=option:router,1.2.3.4
# Override the default route supplied by dnsmasq and send no default
# route at all. Note that this only works for the options sent by
# default (1, 3, 6, 12, 28) the same line will send a zero-length option
# for all other option numbers.
#dhcp-option=3
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
# Send DHCPv6 option. Note [] around IPv6 addresses.
#dhcp-option=option6:dns-server,[1234::77],[1234::88]
# Send DHCPv6 option for namservers as the machine running
# dnsmasq and another.
#dhcp-option=option6:dns-server,[::],[1234::88]
# Ask client to poll for option changes every six hours. (RFC4242)
#dhcp-option=option6:information-refresh-time,6h
# Set the NTP time server address to be the same machine as
# is running dnsmasq
#dhcp-option=42,0.0.0.0
# Set the NIS domain name to "welly"
#dhcp-option=40,welly
# Set the default time-to-live to 50
#dhcp-option=23,50
# Set the "all subnets are local" flag
#dhcp-option=27,1
# Send the etherboot magic flag and then etherboot options (a string).
#dhcp-option=128,e4:45:74:68:00:00
#dhcp-option=129,NIC=eepro100
# Specify an option which will only be sent to the "red" network
# (see dhcp-range for the declaration of the "red" network)
# Note that the tag: part must precede the option: part.
#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
# The following DHCP options set up dnsmasq in the same way as is specified
# for the ISC dhcpcd in
# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
# adapted for a typical dnsmasq installation where the host running
# dnsmasq is also the host running samba.
# you may want to uncomment some or all of them if you use
# Windows clients and Samba.
#dhcp-option=19,0 # option ip-forwarding off
#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
#dhcp-option=46,8 # netbios node type
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
#dhcp-option=252,"\n"
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
# probably doesn't support this......
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
# Send RFC-3442 classless static routes (note the netmask encoding)
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
# Send vendor-class specific options encapsulated in DHCP option 43.
# The meaning of the options is defined by the vendor-class so
# options are sent only when the client supplied vendor class
# matches the class given here. (A substring match is OK, so "MSFT"
# matches "MSFT" and "MSFT 5.0"). This example sets the
# mtftp address to 0.0.0.0 for PXEClients.
#dhcp-option=vendor:PXEClient,1,0.0.0.0
# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
#dhcp-option=vendor:MSFT,2,1i
# Send the Encapsulated-vendor-class ID needed by some configurations of
# Etherboot to allow is to recognise the DHCP server.
#dhcp-option=vendor:Etherboot,60,"Etherboot"
# Send options to PXELinux. Note that we need to send the options even
# though they don't appear in the parameter request list, so we need
# to use dhcp-option-force here.
# See http://syslinux.zytor.com/pxe.php#special for details.
# Magic number - needed before anything else is recognised
#dhcp-option-force=208,f1:00:74:7e
# Configuration file name
#dhcp-option-force=209,configs/common
# Path prefix
#dhcp-option-force=210,/tftpboot/pxelinux/files/
# Reboot time. (Note 'i' to send 32-bit value)
#dhcp-option-force=211,30i
# Set the boot filename for netboot/PXE. You will only need
# this is you want to boot machines over the network and you will need
# a TFTP server; either dnsmasq's built in TFTP server or an
# external one. (See below for how to enable the TFTP server.)
#dhcp-boot=pxelinux.0
# The same as above, but use custom tftp-server instead machine running dnsmasq
#dhcp-boot=pxelinux,server.name,192.168.1.100
# Boot for Etherboot gPXE. The idea is to send two different
# filenames, the first loads gPXE, and the second tells gPXE what to
# load. The dhcp-match sets the gpxe tag for requests from gPXE.
#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
#dhcp-boot=tag:!gpxe,undionly.kpxe
#dhcp-boot=mybootimage
# Encapsulated options for Etherboot gPXE. All the options are
# encapsulated within option 175
#dhcp-option=encap:175, 1, 5b # priority code
#dhcp-option=encap:175, 176, 1b # no-proxydhcp
#dhcp-option=encap:175, 177, string # bus-id
#dhcp-option=encap:175, 189, 1b # BIOS drive code
#dhcp-option=encap:175, 190, user # iSCSI username
#dhcp-option=encap:175, 191, pass # iSCSI password
# Test for the architecture of a netboot client. PXE clients are
# supposed to send their architecture as option 93. (See RFC 4578)
#dhcp-match=peecees, option:client-arch, 0 #x86-32
#dhcp-match=itanics, option:client-arch, 2 #IA64
#dhcp-match=hammers, option:client-arch, 6 #x86-64
#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
# Do real PXE, rather than just booting a single file, this is an
# alternative to dhcp-boot.
#pxe-prompt="What system shall I netboot?"
# or with timeout before first available action is taken:
#pxe-prompt="Press F8 for menu.", 60
# Available boot services. for PXE.
#pxe-service=x86PC, "Boot from local disk"
# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
#pxe-service=x86PC, "Install Linux", pxelinux
# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
# Beware this fails on old PXE ROMS.
#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
# Use bootserver on network, found my multicast or broadcast.
#pxe-service=x86PC, "Install windows from RIS server", 1
# Use bootserver at a known IP address.
#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
# If you have multicast-FTP available,
# information for that can be passed in a similar way using options 1
# to 5. See page 19 of
# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
# Enable dnsmasq's built-in TFTP server
#enable-tftp
# Set the root directory for files available via FTP.
#tftp-root=/var/ftpd
# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
#tftp-secure
# This option stops dnsmasq from negotiating a larger blocksize for TFTP
# transfers. It will slow things down, but may rescue some broken TFTP
# clients.
#tftp-no-blocksize
# Set the boot file name only when the "red" tag is set.
#dhcp-boot=net:red,pxelinux.red-net
# An example of dhcp-boot with an external TFTP server: the name and IP
# address of the server are given after the filename.
# Can fail with old PXE ROMS. Overridden by --pxe-service.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
# If there are multiple external tftp servers having a same name
# (using /etc/hosts) then that name can be specified as the
# tftp_servername (the third option to dhcp-boot) and in that
# case dnsmasq resolves this name and returns the resultant IP
# addresses in round robin fasion. This facility can be used to
# load balance the tftp load among a set of servers.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
# Set the limit on DHCP leases, the default is 150
#dhcp-lease-max=150
# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
# whether it has a record of the lease or not. This avoids long timeouts
# when a machine wakes up on a new network. DO NOT enable this if there's
# the slightest chance that you might end up accidentally configuring a DHCP
# server for your campus/company accidentally. The ISC server uses
# the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
#dhcp-authoritative
# Run an executable when a DHCP lease is created or destroyed.
# The arguments sent to the script are "add" or "del",
# then the MAC address, the IP address and finally the hostname
# if there is one.
#dhcp-script=/bin/echo
# Set the cachesize here.
#cache-size=150
# If you want to disable negative caching, uncomment this.
#no-negcache
# Normally responses which come from /etc/hosts and the DHCP lease
# file have Time-To-Live set as zero, which conventionally means
# do not cache further. If you are happy to trade lower load on the
# server for potentially stale date, you can set a time-to-live (in
# seconds) here.
#local-ttl=
# If you want dnsmasq to detect attempts by Verisign to send queries
# to unregistered .com and .net hosts to its sitefinder service and
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
# this line. You can add similar lines to do the same for other
# registries which have implemented wildcard A records.
#bogus-nxdomain=64.94.110.11
# If you want to fix up DNS results from upstream servers, use the
# alias option. This only works for IPv4.
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
#alias=1.2.3.4,5.6.7.8
# and this maps 1.2.3.x to 5.6.7.x
#alias=1.2.3.0,5.6.7.0,255.255.255.0
# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
# Change these lines if you want dnsmasq to serve MX records.
# Return an MX record named "maildomain.com" with target
# servermachine.com and preference 50
#mx-host=maildomain.com,servermachine.com,50
# Set the default target for MX records created using the localmx option.
#mx-target=servermachine.com
# Return an MX record pointing to the mx-target for all local
# machines.
#localmx
# Return an MX record pointing to itself for all local machines.
#selfmx
# Change the following lines if you want dnsmasq to serve SRV
# records. These are useful if you want to serve ldap requests for
# Active Directory and other windows-originated DNS requests.
# See RFC 2782.
# You may add multiple srv-host lines.
# The fields are <name>,<target>,<port>,<priority>,<weight>
# If the domain part if missing from the name (so that is just has the
# service and protocol sections) then the domain given by the domain=
# config option is used. (Note that expand-hosts does not need to be
# set for this to work.)
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389 (using domain=)
#domain=example.com
#srv-host=_ldap._tcp,ldapserver.example.com,389
# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
# The following line shows how to make dnsmasq serve an arbitrary PTR
# record. This is useful for DNS-SD. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for PTR records.)
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
# Change the following lines to enable dnsmasq to serve TXT records.
# These are used for things like SPF and zeroconf. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for TXT records.)
#Example SPF.
#txt-record=example.com,"v=spf1 a -all"
#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4
# Provide an alias for a "local" DNS name. Note that this _only_ works
# for targets which are names from DHCP or /etc/hosts. Give host
# "bert" another name, bertrand
#cname=bertand,bert
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries
# Log lots of extra information about DHCP transactions.
#log-dhcp
# Include a another lot of configuration options.
#conf-file=/etc/dnsmasq-resolvconf.conf
#conf-dir=/etc/dnsmasq.d
domain-needed
interface=lo
# If dnsmasq is compiled for DBus then we can take
# advantage of not having to restart dnsmasq.
enable-dbus
conf-file=/etc/dnsmasq-conf.conf
resolv-file=/etc/dnsmasq-resolv.conf
Logs:
May 23 00:01:06 panzor systemd[1]: Failed to start A lightweight DHCP and caching DNS server.
May 23 00:01:10 panzor dhcpcd[27267]: dhcpcd not running
May 23 00:01:10 panzor kernel: [ 7771.282756] iwl4965 0000:03:00.0: Can't stop Rx DMA.
May 23 00:01:10 panzor dhcpcd[27294]: dhcpcd not running
May 23 00:01:11 panzor dhcpcd[27330]: dhcpcd not running
May 23 00:01:14 panzor dhcpcd[27373]: wlan0: sendmsg: Cannot assign requested address
May 23 00:01:18 panzor dhcpcd[27373]: wlan0: sendmsg: Operation not permitted
May 23 00:01:22 panzor dhcpcd[27395]: wlan0: sendmsg: Operation not permitted
May 23 00:01:26 panzor dhcpcd[27395]: wlan0: sendmsg: Operation not permitted
For domain filtration, if I remember correctly, I am using this
https://bbs.archlinux.org/viewtopic.php?id=139784 -
Internal and Public DNS conflict breaks mail
History:
We set up a new Mac Mini Server to replace our existing Server. The Mac Mini Server is setup behind a Time Capsule, which acts as our router and DHCP server. It also acts as our firewall on the public IP address and forwards mail to our internal server. Our situation is almost identical to the example situation on page 18 to 19 in the 'Getting Started' guide.
Our ISP acts as our DNS server and they host our public website. They also used to host our mail, but we have now moved the mail to our new in-house server. We asked our ISP to update their MX records to point to our static public IP address. Public DNS records for server.mydomain.com also resolve to this IP address.
When we originally set up the new mac mini server, the ISP had not yet updated the MX records. I am wondering if this affects how the Server sets up DNS on the local server machine?
Issue:
The local server machine on the local LAN is called server.mydomain.com, which resolves via local DNS (hosted by our server) to the server's internal IP address. (The local DNS server was setup automatically by the Server during initial installation / setup.) This conflicts with with public DNS records which identify server.mydomain.com with our public IP address at 205.200.19.225. This somehow causes confusion for the server which consequently seemingly randomly resets our domain (mydomain.com) and host name (server.mydomain.com) settings under Mail settings - which breaks our mail service. (We then edit these to the correct settings and all works again.)
I spoke to an Apple tech and they advised that we reinstall the Server operating system, using a local server name that differs from the public name. e.g. server.mydomain.lan (local) vs. server.mydomain.com (public).
*This may seem like a dumb question*: Would it be easier to keep our local host and DNS set up to server.mydomain.com and then rather have our ISP change the records for our public address / IP to mail.mydomain.com or public.mydomain.com? If we could make the change via the ISP's records versus our own, then it would save us a lot of work.
*A second potentially dumb question:* Since we rely on our ISP for DNS name servers, could we delete / stop the local DNS server for the local network and just use straight IP addresses instead?
*Plan of Action:*
Assuming that there is not an easy fix via the ISP's DNS records, then I'll reinstall the operating system and use server.mydomain.lan as the local machine and domain name. If I do this, then what should I be using as the domain and host name settings in mail? .com or .lan?
Should there be any need to manually configure DNS settings to make Mail work?Mr Hoffman and Corbywan - thanks for the interesting and educational discussion. I must admit that I am still a bit confused and would appreciate any further help in understanding this issue!
*My situation:*
- Server on a LAN, which sits behind a Time Capsule router.
- The Time Capsule router serves DHCP and Internet to the LAN and sits on our public static IP Address.
- Our ISP has set up MX and domain records to forward public requests for our domain to our static IP address.
- Time Capsule acts as our firewall and forwards Mail and other incoming services to our internal server via port forwarding.
- Local DNS service is provided by the local server so that it can provide services to the local network. Non local requests are forwarded to the ISP DNS service.
*The problem*
We seem to have established that Snow Leopard Server breaks when the internal domain name matches the public domain name, because of conflict between the internal and public DNS which resolve to different IP addresses for the same domain.
*The solution*
I am looking for the easiest and most basic way to fix this problem. My understanding is that the simplest would be to reinstall our Snow Leopard Server to a new and different local domain name.
I am thinking of using server.example.lan for our local LAN domain name - which would be resolved to our private IP address via local DNS on the local server. I would be keeping server.example.com for our public domain name - which would be resolved to our public IP address, which would be forwarded from the Time Capsule to the internal server.
Now where I start getting confused is this: If Snow Leopard Server requires a Fully Qualified Domain Name to do things like send mail, then do I need to register my internal domain name? And how would this resolve from a public DNS server to the internal private IP address? Or is it more an issue where as long as the internal (albeit 'fake') domain name does not conflict with an existing public domain name?
*Other items:*
After setup, I will verify that Snow Leopard Server has setup our local DNS correctly for local DNS service.
If I understand correctly, I would set up Mail Settings - 'Domain Name' as the local domain name: i.e. example.lan and I would set up the Host Name as server.example.lan - is this correct? Would this work if these are not FQDN?
How does the mail server reconcile these local domain names with the public domain names? I assume that I need to check the box at Mail - Settings - Advanced - Hosting: "Include server's domain as local host alias" ? Or would I manually add an alias to the Local Host Aliases under the same tab?
Thanks! -
Making use of local DNS for home network
I have an Apple Base Station and I wish to set up better local services on my home network, starting with local DNS. I see that the ABS will attempt to apply the <name>.local handle for devices but this seems inconsistent. What defines whether a host/file-server/printer/etc... will get a name and how is is defined? For windows machines, do I need Bonjour installed for this to work or will it take info from WINS or NETBIOS? For machines with DHCP addresses is there a way to set up some sort of dynamic DNS or bind a name to the devices MAC address?
Hi and welcome to the forum.
The actual Home highway box (with the telephone sockets and blue cat 5 sockets on the front) I would suggest you just throw in the bin.
You would also have had a special front plate installed that plugs into the BT owned NTE5.
Not sure what you had in mind, do you want to have a new line provided or shift your existing line over to the old socket?
(If I have helped you in any way to say "Thank You" please click on the star next to the message. Thank You)
If I have solved your Issue please click the "Mark as accepted solution" button. -
Clients fail to resolve local DNS names, external names working fine
Hi there,
I've a strange issue with a couple of domain joined computers. Resolving internal and external host names works fine with nslookup. But clients loose AD connectivity because they can't resolve host names from the local DNS zones outside of nslookup.
Pinging IP addresses always works.
So far only notebook computers are affected. Desktop computers work fine. OS is Windows 7/8/8.1 for clients and Windows Server 2008 R2/2012 for AD DCs/DNS servers.
Example:
C:\>nslookup bl-sphv00
Server: bl-spdc01.bl.local
Address: 192.168.154.21
Name: bl-sphv00.bl.local
Address: 192.168.154.10
C:\>ping bl-sphv00
Ping request could not find host bl-sphv00. Please check the name and try again.
C:\>ping bl-sphv00.bl.local
Ping request could not find host bl-sphv00.bl.local. Please check the name and t
ry again.
C:\>ping 192.168.154.10
Pinging 192.168.154.10 with 32 bytes of data:
Reply from 192.168.154.10: bytes=32 time=52ms TTL=128
Reply from 192.168.154.10: bytes=32 time=51ms TTL=128
Reply from 192.168.154.10: bytes=32 time=52ms TTL=128
Any help appreciated.
Thanks a lot.
Te.Be.Hi there,
a Microsoft support guy send me a solution earlier posted under
http://social.technet.microsoft.com/Forums/windowsserver/en-US/f49b8398-d923-4e7e-86e7-78094113c091/problems-with-dns-and-ad?forum=winservergen
To get the client work again you just have to delete a few registry keys set by DirectAccess GPOs using this little batch:
@echo off
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\Tcpip" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\DTEs" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v SMB1NATCompatibilityLevel /f
Unfortunately this breaks the clients DirectAccess configuration and leaves me without a real solution. Found some hints here:
http://blogs.technet.com/b/tomshinder/archive/2010/03/13/uag-directaccess-group-policy-assignment-make-sure-the-right-policies-are-applied.aspx
So my question is now: How do i have to edit the wizard generated DirectAccess GPOs correctly?
Anyone any idea? -
Problems with local DNS after 10.6.8
Have a Snow Leopard server that's been running quite well. After (I think) the 10.6.8 update, I've encountered a really weird error regarding dns - the internal DNS doesn't recognize the top level DNS domain (companyname.net), so internally we can't see the site. Externally though, it's fine. Additionally, after about an hour or so, the local DNS entries seem to just stop working and it *seems* to crash, even though Open Directory still works fine, as do the external mail ips and website.
My DNS/web aliases have been working great for years now and are set up as the following.
10.6.8 Server: macpro.companyname.net
DNS zone: companyname.net
companyname.net alias to macpro.companyname.net.
www alias to macpro.companyname.net.
Web Admin is set up as the following:
Hostname: companyname.net
Web server aliases: companyname.net, www.companyname.net
Everything had been working fine until the 10.6.8 update. The website would redirect both companyname.net and www.companyname.net to companyname.net. Users on the local LAN see the local IP, externally see the external public IP.
But now, it's as if the DNS record for companyname.net LOCALLY doesn't exist. I can't ping it at all from local machines. I'm not sure what the deal is, and I also can't figure out where the look in the logs for assistance. I see entries that say so there's some sort of rebooting going on, but I'm again, not sure why. Any help would be great appreciated! I've restarted, done tons of cache reloads, deleted and readded entries - but as of now, still nothing.
27-Jul-2011 13:56:44.265 received control channel command 'freeze'
27-Jul-2011 13:56:44.282 freezing all zones: success
27-Jul-2011 13:56:44.360 received control channel command 'reload'
27-Jul-2011 13:56:44.360 loading configuration from '/private/etc/named.conf'
27-Jul-2011 13:56:44.360 using default UDP/IPv4 port range: [49152, 65535]
27-Jul-2011 13:56:44.360 using default UDP/IPv6 port range: [49152, 65535]
27-Jul-2011 13:56:44.390 reloading configuration succeeded
27-Jul-2011 13:56:44.390 reloading zones succeeded
27-Jul-2011 13:56:44.390 zone 1.0.10.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2011072701
27-Jul-2011 13:56:44.390 zone companyname.net/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2011072710
27-Jul-2011 13:56:44.394 received control channel command 'thaw'
27-Jul-2011 13:56:44.395 thawing all zones: success
27-Jul-2011 13:56:44.395 zone 1.0.10.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2011072701
27-Jul-2011 13:56:44.395 zone companyname.net/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2011072710
27-Jul-2011 14:10:30.754 received SIGHUP signal to reload zones
27-Jul-2011 14:10:30.754 loading configuration from '/private/etc/named.conf'
27-Jul-2011 14:10:30.755 using default UDP/IPv4 port range: [49152, 65535]
27-Jul-2011 14:10:30.755 using default UDP/IPv6 port range: [49152, 65535]
27-Jul-2011 14:10:30.756 no longer listening on 192.168.233.1#53
27-Jul-2011 14:10:30.885 reloading configuration succeeded
27-Jul-2011 14:10:30.885 reloading zones succeededHere's the zone file.
$TTL 10800
example.net. IN SOA macpro.example.net. canderson.example.net (
2011072714 ;Serial
20864 ;Refresh
3600 ;Retry
14976 ;Expire
345600 ;Negative caching TTL
example.net. IN NS macpro.example.net.
macpro IN A 10.0.1.2
ichat IN CNAME macpro.example.net.
www IN CNAME macpro.example.net.
wiki IN CNAME macpro.example.net.
mail IN CNAME macpro.example.net.
ftp IN CNAME macpro.example.net.
example.net IN CNAME macpro.example.net.
I have been using mostly dig, nslookup, and ping to diagnose the problem. nslookup returns identically on the server and all clients, saying:
nslookup example.net
Server: 10.0.1.2
Address: 10.0.1.2#53
*** Can't find example.net: No answer
"dig" also returns the same on the server and all clients, but this time actually finds something.
dig example.net
; <<>> DiG 9.6.0-APPLE-P2 <<>> example.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39203
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;example.net. IN A
;; AUTHORITY SECTION:
example.net. 10800 IN SOA macpro.example.net. canderson.example.net.example.net. 2011072714 20864 3600 14976 345600
;; Query time: 0 msec
;; SERVER: 10.0.1.2#53(10.0.1.2)
;; WHEN: Wed Jul 27 16:24:55 2011
;; MSG SIZE rcvd: 104
Lastly, I've been pinging the heck out of example.net. I've found that the server itself and Snow Leopard clients ping the correct internal address, but Lion clients (and iOS devices, oddly enough) return that it can't find the host. -
My e4200 as a local dns server
Hi,
i'm trying to find out whether my e4200 has the possibility to be a local DNS server and if so, how I can configure it. As it is right out of the box, i cant ping any of my local machines on DNS.
Any ideas?
thanks!If you are using windows pc's
this will for the most part take of the local name resolution issues
there are a few exceptions, which are mostly related to web browsers
in that IE, Firefox, and others all deal with name resolution a little differently
some need http://localclientname to work
while others will will work with just the localclientname
and the chaos of that is different amongst different versions of browsers
but as far as local name resolution goes, the following works well
On the router config page under the Setup tab for basic setup
Internet Setup has a setting for domain name
Domain Name: local
DHCP Server Setting has a setting for static dns servers
Static DNS 1: 192.100.1.1
doing the above will put all of the local dhcp clients in the .local dns zone
that the windows world can deal with for local name resolution
as far as other devices etc, its hit miss, but this does work me very well
I can even get name resolution to my network printer via web browser or via an os explorer ping etc. -
NetInfo Manager - strange behaviors - Local DNS
So I'm trying to set up local dns to a remote host that is using name based hosting.
I went into netinfo manager - went into machines - created an entry for the ip_address, name, and serves properties. I repeated this process 3 times on this machine. 2 of the sites work just fine... the third does not. Double checked the settings on server and client. Looks ok.
Flushed lookupd, reset safari, etc. Still no luck. 3rd one doesn't work.
Tried on a linux box in the same network - added to hosts file "[ip address] [domain] [domain2] [domain3] ... works fine... all three visible.
Hopped on the Xserve (which has not accessed any previously) - would not work for 3rd site.
Any idea why this would act up?lookupd(8)
manpage it discusses how to do what your looking for.
Hey Andy,
Unfortunately, man lookupd was like greek, for the most part, since I don't do that much Unix. And the warnings about reordering the lookup order was ominous, since I'm not an expert.
But I was able to accomplish my server lookup before DNS... by adding a line in the hosts file in etc, using sudo in Tiger (sudo not needed in Panther). I put the IP and server name under broadcasthost and before ::1 localhost.
It works.
Mac OS X (10.4.4)
Maybe you are looking for
-
Need Sata Driver to connect my external hard drive?
Hi I have an hp eliteworkbook 8540w with windows 7 on it. I made a backup of my computer witht he windows 7 backup software and put it on an external drive. When I try to restore the entire computer with that backup I must use the system repair disk
-
IPod versus iTunes, organizing music
I spent 2 hours last night organizing my music that had featuring artists so it would show up under the album it belongs to, versus being its own separate "album"... so I assumed that if iTunes was perfectly organized and the music is listed as it sh
-
Photos get blurry when I bring them into iMovie.
When ever I bring any of my photos (full res. from my canon 5D 12 mega pixel or high res neg scans) into iMovie they look horrible. They just get blurry. Whats the deal. I know the images or tac sharp. If I tether my camera to my TV and view them, th
-
"Log on failed" with ODBC and Stored Procedure
I am in the process of porting our application from CR10 to CR.NET and am having some trouble setting the log on info. I have a report that was designed against a stored procedure and a development database. The connection at design time is ODBC to
-
Change default offset in signal calculation step
Hi All, I'm using LabVIEW SE 2012 on win7. Is there a way to set DC Signal offset to be equal to the sum of another signal inputs offset plus a constant value (from a text or other?) I want to be able to change the DC signal offset of one signal