Setting up DNS & OD

I'm following the Lynda.com excellent OS X Leopard Server tutorial by Sean Colins, and have DNS configured. All the suggested checks (reverse lookup & changeip) give correct results. However, when I configure Open Directory I come up against a problem that Sean warns must be corrected to prevent future problems. No matter what I've tried (and each time I've tried and failed I've reformatted and reinstalled), when I get to the screen after setting the Master Domain Administrator, the Kerberos Realm autofills with "ADVANCED.LOCAL" (the Search Base looks correct). Sean states clearly that if it doesn't autofill with "ADVANCED.MYDOMAIN.COM" something is wrong. I take his warning to get this right very seriously since I've had nothing but trouble with DNS-related issues in the past. But I can't figure out what I'm doing wrong that I don't get the correct autofill at this point. Any guidance you might be able to give me will be greatly appreciated.

Hi Doug
if they're issues from the beginning there's really no practical way to fix them
That does seem to be the case with Leopard. Although its not consistent? With Tiger it had to be really bad before contemplating giving up and starting fresh.
I posted something a while back that seemed to assist others in the early days of Leopard and before lydna.com had anything available. Perhaps you might find it useful? It is rather long but I hope concise enough to hopefully get you going?
The instructions are for the GUI only with no manual configuration and hardly any recourse for the command line. They also assume this will be the only server on the network with an existing 3rd-Party router providing access to the internet. The Router's IP address is 172.16.16.1
Substitute appropriately the example given for your situation. The example used is for a pretend business called ‘My Business’. I'm going to assume you have started with a clean installation and that the hardware used meets Apple's minimum requirements for Leopard Server:
http://www.apple.com/uk/server/macosx/specs.html.
After installing the Server Software the Server Setup Assistant will launch. There will be a series of prompts/windows that will appear. How you answer some of these will be important in preventing problems later on. When prompted by the Setup Assistant select 'Advanced'. As you progress past this point you'll be prompted to create the default System Administrator Account (UID 501). Use Administrator as the long name and admin as the short name with admin as the password. You can change this later on. For the Network Settings (TCP/IP) assign a fixed IP address of 172.16.16.254, a subnet mask of 255.255.255.0 and the router/gateway IP address as 172.16.16.1. Key in any ISP supplied DNS Server IP addresses in the DNS Servers field. You can key in the Router IP address instead as this will pass on any ISP DNS Addresses the router picks up on its WAN port. Disable Ipv6. The next part is the most important. When prompted for DNS details in the first field key in 'server.mybusiness.com', key in 'server' in the second field, although this should autofill for you, don't worry if it does not. Make sure the .local name says server.local. I have seen it default to .private. You can't edit this bit but selecting it and dismissing it should 'reset' it back to .local. Don’t start or configure any services. You can leave Remote Management/Screen Sharing (VNC) on as they are enabled by default.
Two important things to note at this stage: Root is enabled by default on Server Installations as is SSH access. Some System Admins have no problem with root and ssh being enabled as they will see this as two useful tools in administering and troubleshooting the server. On the other hand having root and SSH enabled can be seen as a security risk. Deal with this as seems appropriate to you. You can disable these later on using the Sharing Preferences Pane for SSH and the Directory Utility for root.
Save the configuration as a text file and apply the settings. You should be presented with the log in window or the desktop with Server Admin automatically launching. Depending which version of Leopard Server installed SA may report it can't find the server or it may prompt you to start configuring Services. Whichever it is dismiss the warnings/prompts and quit out of Server Admin. This is the time to test internet connectivity as well as running Software Update and installing all the updates relevant for the server. Make sure the server is fully up to date before doing anything else.
Before starting any services enable and configure DNS first. Launch Server Admin. You may get a message stating the server can't be found. Don't worry about this simply remove it from the list when asked. Select Add Server and key in 'server.local' along with the admin name and password. You can if you wish use the 172.16.16.254 address as well as the loopback (127.0.0.1) address. Later on after DNS has been configured you can use its FQDN (Fully Qualified Domain Name). You should now be logged into Server Admin. Select the Server name and select Settings and select Services. Enable the DNS Service. This should now be available under the server name in the left hand pane. Select DNS and Select Zones. You should see nothing in the zones. Select Add Primary Zone. As soon as you do this Server Admin will 'helpfully' autofill the top window with a zone name and a Reverse Pointer Setting. These will be defaulted to example.com and ns 10.0.0.1. Select the Zone as well as clicking the disclosure triangle to reveal the Named Server Record (ns). Start with the zone first and edit example.com to read mybusiness.com. The Fully Qualified tick box should be ticked and grayed out. In the Server field, edit the server name to read server. DON'T CLICK SAVE YET! Next select the ns record and edit the server name to read server and the IP address to read 172.16.16.254. NOW CLICK SAVE. As soon as you do this the Reverse Pointer field should autofill itself with the relevant information based on what you have already keyed in. Select Settings and key in the Forwarders field your ISP's DNS Server Addresses. You don't have to enable Zones Transfer although it does not hurt at this stage if you do. Up the Logging levels to debug and start the Service. Next go the Network Preferences Pane and replace the ISP DNS Server IP addresses or the Router's IP Address with the server's own IP address: 172.16.16.254. Apply the changes and launch a web browser. You should now be on the internet using the Server's own DNS Service.
Test and qualify the DNS Service by launching terminal and issuing the host command:
host server.mybusiness.com
server.mybusiness.com has address 172.16.16.254
host 172.16.16.254
254.16.16.172.in-addr.arpa domain name pointer host172-16-16-254.in-addr.server.mybusiness.com
This qualifies the forward and reverse pointers for the DNS Service. I also like to run nslookup:
nslookup server.mybusiness.com
Server: 172.16.16.1
Address: 172.16.16.1#53
Non-authoritative answer:
Name: server.mybusiness.com
Address: 172.16.16.254
You can also issue this command:
sudo changeip -checkhostname
Supply the password when prompted, you should see this:
Primary address = 172.16.1.254
Current HostName = server.mybusiness.com
DNS HostName = server.mybusiness.com
The names match. There is nothing to change.
That should pretty much clinch it.
Now configure simple file services: AFP and if necessary Windows. Don't enable Guest Access and leave Any Method as the Authentication Method to be used for the AFP Service. Start the Services. Create a test user in the local server directory and test using a client computer to access the default share points: Users, Groups, Public. Don’t be tempted to delete these folders as the server will complain. If you don’t want to use these you can simply unshare the share points and create new ones. You could for example create share points on a connected XServe RAID and share these instead. Save any changes made.
Get into the habit of quitting out of Server Admin and Workgroup Manager when not using them. Focus on Server Admin now and enable the Open Directory Service. Select Settings and change the role from Standalone to Open Directory Master. Apart from confirming the Directory Administrator long and short names as well as defining a password everything should auotfill for you. Kerberos Realm name and Search Base should derive themsevles from what is set in the DNS Service. SERVER.MYBUSINESS.COM for the Kerberos Realm Name and dc=server,dc=mybusiness,=dc=com for the Search Base. Once you get the green light launch Directory Utility, select 'Show Advanced Settings', select LDAPv3 and confirm the Server has created an entry for itself. Inspect the entry and you should see the Server's loopback address (127.0.0.1). This is normal. Quit out of Server Admin and launch Workgroup Manager authenticate the /LDAPv3/127.0.0.1 node and you should see Directory Administrator (UID 1000) waiting for you. Populate the node with desired users.
Apple have moved File Sharing administration away from Workgroup Manager to Server Admin. Select the Server Name and click on File Sharing. By default ACLs are enabled on 10.5 Server. If you don't wish to use ACLs you have to disable them using the command line:
sudo fsaclctl -p path -d disable (where path is the volume)
To re-enable ACLs do the following:
sudo fsaclctl -p path -d enable
You must always restart the server after either enabling or disabling ACLs.
If you want the Server to issue IP addresses then consider using the DHCP Service. You must have a DHCP service running somewhere for NetBoot/NetInstall services to work. If your router is already doing this then there is no need to bother just yet. Once you get comfortable and familiar with the Server you could look at this later on.
As ever how internal DNS Services are configured is absolutely crucial to how effective the server is going to be. Especially true for LDAP Services. Pretty much everything available in Leopard Server will benefit from having internal DNS Services configured correctly. SUS, iCal, iChat, Mail and Web. Internal DNS Services do not have to be configured on the server itself just as long as they are configured somewhere (on another server for example) on the private network will do.
What you could do is install and configure the server connected to a standalone switch/router with nothing else connected. This should eliminate the possibility of something 'exotic' impacting on the server's initial setup. You can manually download ServerCombo Updates and install them that way. Once you are satisfied shut it down and introduce it to the real network when ready.
Hope this helps
Tony

Similar Messages

  • Setting the DNS Suffix in Windows-2000:

    This is a solution for the frequent problem that arises during installation of iPlanet Application Server on Windows-2000 platform.
    <b>Problem:</b> After installation completes, the installation directory remains empty, there is no entry of iAS in "Windows start menu". It doesn't install anything.
    <b>Remedy:</b> Set the DNS Suffix.
    <b>Procedure:</b>
    Right click on <b>My computer</b> (icon on desktop or in windows-explorer), then click on properties, go to <b>Network identification</b> Tab, Click on properties, then click the more button, set the <b>Primary DNS suffix</b> (like india.sun.com), and also check the <b>Change Primary DNS suffix when domain membership change</b> check box, click all Ok buttons.
    <b>Note:</b>
    1. Make sure that it is added to the windows registry:
    Just run regedit and click on the <b>My Computer\HKEY_LOCAL_MACHINE\SYSTEM \ControlSet001\Services \Tcpip\Parameters</b> key, you will see the <b>Domain</b> key value set to your domainname, otherwise enter the domain name into this key value, and than <b>reboot the m/c</b>, and than reinstall the iAS. It should work.
    2. Make sure you are using static IP address.

    Thanks Sanjeev Agarwal

  • Two Xserves running 10.5 Server and setting up DNS...

    Hello.
    I have two Xserves (a G5 and a new Intel), both with fresh installs of 10.5 Server on them.
    Xserve #1 not going to be hosting any external services (FTP, web, email) and only housing internal, mission critical & confidential data (the server is set up with a mirror RAID on the OS drive as well as mirror RAID on the storage drives + nightly tape backups for offsite storage). Right now there are no plans for enabling iCal on this server as we're trying to keep the server as basic as possible (as we can afford zero downtime on this server), but if the initial setup of 10.5 requires configuration at first run to allow this type of thing, I'd like to deal with it now so as to keep my options open (as I know iCal on 10.5 requires Open Directory enabled).
    Xserve #2 is going to host FTP (for external clients) and internal file sharing for the design/production department (basically, for transferring files back and fourth between departments, so no data via this share will be "critical" as it's only temporarily on the server and will always exist in other locations). Even though this server will not host "critical" data, it will share the same backup/RAID scheme as Xserve #1.
    So, I'm curious as to how I set up DNS in this situation (so we can associate a domain name to our static IP address). We already have our main domain setup via 3rd-party hosting service (for web & email as we do not want to bring these services in-house), but we're purchasing a second domain that will be associated with company (via a static IP, so we can give a domain name instead of IP address for people needing to connect to the FTP server, make it easier for employees to remember the address for remote connections, etc.).
    Because Xserve #2 is going to be hosting FTP, would it make sense to setup DNS on this server and not set it up on Xserve #1? Also, and this could just be me being paranoid, but because Xserve #1 will be housing "critical & confidential" data I want to eliminate as much contact with the outside world as possible with this server, so this is another reason I feel Xserve #2 should have DNS running instead.
    Oh, and not sure if this makes any difference, but between the WAN and the LAN is a SonicWALL firewall and currently it deal with port forwarding, etc. depending on what services are being requested from the WAN (ie. remote machine connections, FileMaker remote connections, etc.).
    Any advice would be appreciated!
    Regards,
    Kristin.

    There's a couple of things in your post I don't understand:
    the server is set up with a mirror RAID on the OS drive as well as mirror RAID on the storage drives
    How are you doing this? Both XServes support only three internal drives and two mirrors require 4 drives. Where does the fourth drive come into play?
    I'm curious as to how I set up DNS in this situation
    There are numerous ways of doing this, but with a single static IP address your best bet is to leave DNS where it is - managed by your hosting provider. Just add a record in the domain zone (e.g. ftp.yourdomain.com) that has the IP address of the public interface your SonicWall firewall. You don't need a separate domain for this. You also don't need to setup internal DNS for this (although you may need internal DNS if you're running Open Directory.
    Because Xserve #2 is going to be hosting FTP, would it make sense to setup DNS on this server and not set it up on Xserve #1?
    Assuming you're referring to setting up a DNS server - use them BOTH. Make one of the servers the primary server (I'd pick the internal-only server for this) and set the other server to be a slave (so it copies all the zone data from the primary server). That way you have a replica of the data to provide additional resilience.

  • How to set up DNS on OEL ?

    Hello buddy:
    How can I set up DNS on OEL ? Just for install 11g R2 RAC

    You can use "system-config-network" command to configure your DNS configuration.

  • How to set up DNS behind a NAT router...

    I am trying to configure DNS in Panther Server as the SOA for my domains and as a LAN name server. I've read several explainations about setting up DNS including technical document 106853 "How to set up DNS in a NAT environment" which says:
    Note: For Mac OS X Server 10.3 or later, you should use the Server Admin
    application to configure DNS and NAT. Please see the Network Services
    Administration Guide for additional information.
    Seeing how picky BIND is, this sounds like a good idea, except I can't configure views like that.
    Questions:
    1) What happens if I create an A record in my main domain for newmac.mydomain.com-->10.0.1.2? People outside the LAN can't get to it, right?
    2) Can I create really simple names for the LAN like newmac-->10.0.1.2?
    Thanks!

    You can use "system-config-network" command to configure your DNS configuration.

  • RE6500 system time not set and, why set a DNS address?

    How do I set the RE6500 system time to current day if it's showing January 1970?  It is connected to the router on both frequencies and the extender output is working on both frequencies. I have set the RE6500 to a static address of 192.168.1.3 as the router address is 192.168.1.1.  In the RE6500 the default gateway is set to the router address of 192.168.1.1.  Is it necessary to set the DNS address in the RE6500 as the router is the default gateway?

    Hi Chadster766;  thanks for the prompt reply.  I tried using the external primary DNS address set in the router - saving and rebooting - and when that didn't work, I used the same IP address as the router 192.168.1.1.  That didn't work either; I did a warm re-boot of the computer after setting the DNS in the RE6500.  What am I missing or, should I reinstall the RE6500 and use the default DNS settings?  I'm using Windows 7 Sp1 and the RE6500 icon does not appear in Network, so it appears to be an issue between Windows and the RE6500.

  • Setting iOS DNS for All WiFi Networks

    This article describes how to set the DNS for WiFi connections on iOS:
    http://techinch.com/blog/change-your-dns-settings-on-iphone-ipod-touch-and-ipad
    The problem is that it specifies DNS for an individual network
    connection, not for all connections.
    Does anyone know a way to change iOS DNS for all WiFi networks in one
    fell swoop?

    I have my ios devices DNS set via DHCP
    You'd have to move to an MDM solution if you want over the air, push profile configuration setting to the devices
    such as osx server Profie Manager. You may be able to do it with custom settings, I haven't tried it myself
    The basic wifi setting in OSX server PM only allow settings for wifi SSID password etc
    no DNS settings ip address etc. alternative MDM solutions may give you more options

  • Setting Static DNS on E4200

    I recently wanted to try using the Google public DNS servers on my home network. I have a Cisco E4200 router.
    On the router's administration page, I set Static DNS 1 to 8.8.8.8 and Static DNS 2 to 8.8.4.4 and saved the settings.
    Even after rebooting the router, the Setup page shows the Google DNS addresses listed above, but the Status page shows 65.32.5.111 and 65.32.5.112 as being the DNS servers its using.
    Does anyone know how to set the E4200 to use different DNS servers?
    Thanks!

    Thanks.  I ran the analyzer and in the direct probing of dns resolvers section, it showed this:
    Your system is configured to use 1 DNS resolver(s).
    The resolver at 192.168.1.1 (tampfl-dns-cac-112) could not process the following tested types: [snipped]
    192.168.1.1 is, of course, my router's local IP address.  

  • Setting up DNS on Xserve when DHCP and Nat ae controlled by windows machine

    Trying to set up an Intel based Xserve on an internal network to have 6 other G5's authenticate to. But I am having problems setting up DNS.
    This server is being added to a windows network that has DHCP and NAT handled by a different windows machine. I have also assigned the xserve with a static IP address of 192.168.1.XXX Now this server is just going to run a few programs for the 6 macs in the art department. Software Update, Version Cue, Suitcase Server. I have version cue and suitcase server up and running. But I would also like to have the macs authenticate to the server for the updates.
    If I type in hostname at terminal I get:
    localhost.xserve
    and when I type in host 192.168.1.XXX
    I get some error about no name aviable or something...
    How can I setup simple dns just for the server? Would there be any down falls for having DNS setup on this machine when it is conected to a windowws network?
    Please help. Sorry for the long winded explination.

    Yes, it's possible. Although I'm no longer favorable towards fake "domains" like .lan or the like.
    Besides which (and most people don't know) ".lan" is actually an existant TLD. So it's not so great either.
    Set the server to what it's FQDN should be, and set it to answer to & for itself only.
    Is everything else internally using ".lan" ? If not you're going to have to point clients to your server strictly by IP alone and while that's fine, this setup is starting to sound just ugly, if not somewhat Frankenstein-ian
    But to limit requests you'll have to edit /etc/named.conf by hand.
    Google can lead you to the information, there's plenty out there - here's one for example:
    http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-namedcon f.html

  • DNS Issues, can't set static DNS server

    I have an Airport Extreme (which I'll call the router). It has an IPv6 tunnel (to Hurricane Electric), so it hands out IPv4 DHCP and announces an IPv6 network as well. The DNS servers configured on the router are OpenDNS'.
    My Apple TV 2 is connected via wired Ethernet to the router. It was using a DHCP address provided by the router, which made the DNS server the same address as the router. I wanted to manually set the DNS to use my ISP's, so that I can make sure the Netflix streaming issue I have is not a DNS issue.
    So I changed the Apple TV to a manual address, and set the DNS server to my ISP's DNS server (Apple TV can only have one DNS server? Odd.)
    After I save this, the Network page shows the correct manual IP, mask, and router, but the DNS Address is an IPv6 address (one that belongs to my network, but the entire address isn't visible), not the one I set. When I Configure TCP/IP again, and I reach the DNS Address page, the first digit of the existing address is "20", and the rest of the digits are "0". Interesting note as well: if I press Down, the number will increment to 19, and so on, but if I press Up, it changes to 0. Obviously the UI isn't designed for IPv6 addressing, but there's an IPv6 address in there nevertheless.
    Screenshots:
    http://www.flickr.com/photos/random_robin/5310011344/
    http://www.flickr.com/photos/random_robin/5310016288/
    I have tried to set the DNS Address multiple times now, and have restarted the Apple TV. The IPv6 DNS Address persists.

    After 16 hours of working i don´t have seen this easy solution. I had tried with Internet Explorer and Opera but finaly i have need to use Firefox.
    Thanks a lot to solve it.

  • Setting up DNS with Airport Extreme N handling DHCP

    I have set up DNS on my OS X server. The server's name is "wolf". I have set the IP to always be assigned by the Airport Extreme as address 10.0.1.194
    When I type in Terminal:
    host 10.0.1.194
    I get:
    194.1.0.10.in-addr.arpa domain name pointer wolf.gitalis.com.
    When I type:
    host wolf.gitalis.com
    I Get:
    wolf.gitalis.com has address 10.0.1.194
    question:
    is there anything I have to set in the Airport Extreme N router besides always assigning the server 10.0.1.194

    Turned out that the Router was defective. Apple replaced it and it has been fine since.

  • Setting Up DNS - Making Sure I'm Not Running Split Horizon

    Hello everyone - I'm wanting to make sure I am running my DNS correctly and that it isn't split horizon.
    I purchased a domain name (johnsonsfromtyler.com). I have public "@" and "mail" A host names pointing to my public IP address, have a MX for johnsonsfromtyler.com pointing to mail.johnsonsfromtyler.com, and have a reverse lookup setup all via public DNS.
    On my SLS running the private DNS I have the primary zone name set as johnsonsfromtyler.com. For the nameserver I have the zone johnsonsfromtyler.com. pointing to server.johnsonsfromtyler.com which has a static IP of 10.0.1.10. I also have a mail exchanger hostname of mail.johnsonsfromtyler.com with a priority of 10. I also have an alias for mail.johnsonsfromtyler.com pointed to server.johnsonsfromtyler.com. I also have forwarder IP addresses pointing to the OpenDNS servers.
    I have my router setup to use the private DNS server located at 10.0.1.10 and the search domain as johnsonsfromtyler.com. server.johnsonsfromtyler.com is running DNS and all other server services.
    So am I running DNS correctly and is this setup a split horizon setup? Also, do I need to have forwarder IP addresses pointing to external DNS servers?

    As Mr Hoffman writes if your "reuse" a public IP domain name in an internal private IP only LAN DNS your are using a "split horizon" DNS (where did that "designation" come from?).
    To reach pubic IP servers using the same domain name from your LAN using only the internal DNS, you need to put also the pubic IP servers in your internal DNS with their public IPs. The reverse zone for any "remote" public IPs that Server Admin creates should be removed to let the DNS responsible for that zone answer those lookups - probably not too important for most configurations though.
    BIND views can be used to give answers to lookups depending on where (what IP) the query comes from. The same DNS could be setup with different views where public and private IPs are in separate views so that private name -> IP lookups only gets answered when the query comes from the private IP LAN. If you can have a different response (IP) for the same name -> IP lookup? - probably(?) - if the private IP view is listed before the public one in the DNS config.
    And I think a DNS is always caching lookups (?) not depending on if forwarders is used or not. Forwarders can speed up lookups but can also make trouble if they stop working/starting refusing answering recursive lookup queries. Without forwarders the DNS has to go "the long way" via root DNS servers (you should update /var/named/named.ca regularly especially if not using forwarders).

  • Is an 'external' static IP address required to set up DNS

    Hi there
    I'm going to be setting up a OSX Server 10.3 machine as an open directory master, to take advantage of single sign-on capabilities.
    From what I have read in manuals and in this topic: http://discussions.apple.com/thread.jspa?threadID=977178&tstart=15 , it is necessary to configure the DNS service first. However, the topic talks about having an external IP address for the server, as well as for the internet router.
    Is this the only method that will work? The network only has one external IP address as far as I am aware.
    Any thoughts greatly appreciated.
    Matt

    The answer is, it depends.
    If you want your server to provide any external services then it will need an external IP address. Now, depending on your network, you may be able to use a single IP address on your router, having it NAT incoming connections via port forwarding - that's a common setup.
    The bigger issue is whether you need a static IP address or can live with a dynamic one. A static IP address is required if you're running certain services such as DNS or Mail. Other services might be able to get by with a dynamic IP, depending on what you're doing with them (for example, it's OK to run a personal web site on a dynamic IP address, but you wouldn't want to do that for a corporate web site that gets a lot of traffic.

  • How do you set up dns

    i need to set up a dns sever for a sound server but i do not know how to config it on the bt homehub

    You'll need to ditch the HH and buy a router that actually has some configurability to it - BT have taken the view that any feature not used or understood by a large number of customers is to be removed as it may increase support costs.
    I bought an Asus wl-500w new from ebay for around £30, to get maximum features I put dd-wrt open firmware on it, but just to enable dns you don't need to go that far. I changed to setup OpenDNS on my router and to enable me to lock down my daughters PC to 2Mbps (nasty Daddy - but Skype was using all our download allowance).
    Hopefully BT will see the light at some point and allow basic router configurability on the HH3.

  • Home Server Set Up - DNS, DHCP etc

    Hi
    I'm looking to set up a Mountain Lion Server at home. 
    I have a Lion Server but I think I will wipe it and start again, mainly because I didn't use a particularly good name to begin with. I've read the We Got Served Mountain Lion Server book, Mountain Lion Server for Dummies and Apples Documentation.
    I am planning to set up in the following way:
    Turn my Virgin Media router 'Modem Only' mode on.
    Turn on my AirPort Extreme and set it up as the DHCP server.
    I will set up a pool of IP addresses.
    Question 1 - I think the best way is to make a reserved IP address for my server within this pool rather than a static IP address outside of the pool (but within the subnet).  Any comments on this?
    Question 2 - I need to boot my Lion Server to get the MAC address for the reservation.  Should I set the reservation IP as the IP the DHCP server provides or set it up to an unused IP address? I will set up DHCP to distribute DNS server names. 
    Question 3 - Because I want my Mountain Lion Server to provide Directory Services I need to set up the Mountain Lion Server as a DNS server.  Is this correct?
    The DNS servers I will get the DHCP server to provide in the following order:
    1 My Mountain Lion Server
    2 My 1st Virgin Media DNS Server
    3 My 2nd Virgin Media DNS Server (not sure I can set up a 3rd DNS server)
    I am not going to use a Google DNS or another open DNS because they are located in the US and this affects caching of internet content.
    When I set up my Mountain Lion Server I am in two minds about going for a public internet registered domain or a private domain.
    Question 4 - Are there any limitations in using the registered public domain as opposed to a private domain with VPN.  If I need access to any of my machines remotely I tend to use LogMeIn form my iPad.  But I am tempted (just because its there) to set up a public internet address and using it. If I did go for the public domain I would need to use a dynamic DNS service (like Dyn.com) because I don't have a static IP.  However if I didn't I would only need to change my public DNS entry if I rebooted my router (and I may not even then as its IP address may not be reassigned). 
    If I don’t need remote access to my server very often then this would be acceptable.
    Question 5 - If I did go the full internet way (as opposed to the .private domain) what do I register at dyn.com?  Just my domain, then add a record for the server. 
    1. Register ‘example.com’
    2. Add a record at Dyn.com for ‘server.example.com’. 
    3. On my server set up put ‘server’ in the Computer Name field
    4. On the ‘Host Name’ field enter ‘server.example.com’.
    Question 6 – Bonjour and DNS.  Aside from whether I go for a public registered domain or a private domain (and access via VPN or LogMeIn) how do these settings affect the Bonjour set up?  My understanding is the Bonjour uses .local.  So what is the resolution path?  If I set up a DNS server on my Mountain Lion Server do I need to enter a record for each local laptop in the house or can I leave that to Bonjour?  My understanding is the Bonjour will continue for all local address resolution and the Mountain Lion DNS will take care of resolving the server name (for Directory Services and any other services).  Is this right will DNS be used for file and print services on the server?
    Any thoughts/answers/comments/casual abuse welcome.
    Thanks

    Hi
    I'm looking to set up a Mountain Lion Server at home. 
    I have a Lion Server but I think I will wipe it and start again, mainly because I didn't use a particularly good name to begin with. I've read the We Got Served Mountain Lion Server book, Mountain Lion Server for Dummies and Apples Documentation.
    I am planning to set up in the following way:
    Turn my Virgin Media router 'Modem Only' mode on.
    Turn on my AirPort Extreme and set it up as the DHCP server.
    I will set up a pool of IP addresses.
    Question 1 - I think the best way is to make a reserved IP address for my server within this pool rather than a static IP address outside of the pool (but within the subnet).  Any comments on this?
    Question 2 - I need to boot my Lion Server to get the MAC address for the reservation.  Should I set the reservation IP as the IP the DHCP server provides or set it up to an unused IP address? I will set up DHCP to distribute DNS server names. 
    Question 3 - Because I want my Mountain Lion Server to provide Directory Services I need to set up the Mountain Lion Server as a DNS server.  Is this correct?
    The DNS servers I will get the DHCP server to provide in the following order:
    1 My Mountain Lion Server
    2 My 1st Virgin Media DNS Server
    3 My 2nd Virgin Media DNS Server (not sure I can set up a 3rd DNS server)
    I am not going to use a Google DNS or another open DNS because they are located in the US and this affects caching of internet content.
    When I set up my Mountain Lion Server I am in two minds about going for a public internet registered domain or a private domain.
    Question 4 - Are there any limitations in using the registered public domain as opposed to a private domain with VPN.  If I need access to any of my machines remotely I tend to use LogMeIn form my iPad.  But I am tempted (just because its there) to set up a public internet address and using it. If I did go for the public domain I would need to use a dynamic DNS service (like Dyn.com) because I don't have a static IP.  However if I didn't I would only need to change my public DNS entry if I rebooted my router (and I may not even then as its IP address may not be reassigned). 
    If I don’t need remote access to my server very often then this would be acceptable.
    Question 5 - If I did go the full internet way (as opposed to the .private domain) what do I register at dyn.com?  Just my domain, then add a record for the server. 
    1. Register ‘example.com’
    2. Add a record at Dyn.com for ‘server.example.com’. 
    3. On my server set up put ‘server’ in the Computer Name field
    4. On the ‘Host Name’ field enter ‘server.example.com’.
    Question 6 – Bonjour and DNS.  Aside from whether I go for a public registered domain or a private domain (and access via VPN or LogMeIn) how do these settings affect the Bonjour set up?  My understanding is the Bonjour uses .local.  So what is the resolution path?  If I set up a DNS server on my Mountain Lion Server do I need to enter a record for each local laptop in the house or can I leave that to Bonjour?  My understanding is the Bonjour will continue for all local address resolution and the Mountain Lion DNS will take care of resolving the server name (for Directory Services and any other services).  Is this right will DNS be used for file and print services on the server?
    Any thoughts/answers/comments/casual abuse welcome.
    Thanks

  • Gateway set up DNS/PTR

    Hi , I need to set up an Xserve as a gateway for our office LAN The Xserve connects to a locked ISP provided router on the WAN side (public IP) and on the LAN side to a switch and on to our clients.
    I need to know exactly what my ISP needs to have set up in their DNS records, as I understand it they must have a "A" record and MX but my ISP Tech tells me that I need WWW * etc etc but when he puts all of these in my xserve picks up the incorrect FQDN.
    I expect "server.mydomain.com" but I get "mydomain.com" which i assume will the cause problems with my local realm ?
    Any help with the correct terms etc so I can explain to them what I require.
    Many Thanx

    Your phrasing of the question raises all kinds of red flags for me…
    First off, you can have only one PTR record. If this server is running as a mail server for your domain then that PTR record should match whatever name you choose for your mail server/MX record (e.g. 'server.mydomain.com' is fine as long as your MX record points to 'server.mydomain.com' and your mail server is configured to identify itself as 'server.mydomain.com'.
    If your ISP is also managing DNS for your domain then you should then have ONE 'A' record for your nominated hostname (e.g. server.mydomain.com with the associated IP address).
    Any other hostnames that map to your site (either services such as web that are running on this machine, or services that are NATted at this server to an internal machine) should be setup as CNAME records to the above A record.
    For example:
    Forward DNS:
    mydomain.com MX 10 server.mydomain.com.
    server.mydomain.com A 123.45.67.89
    www.mydomain.com CNAME server.mydomain.com.
    foo.mydomain.com CNAME server.mydomain.com.
    Reverse DNS:
    89.67.45.123.in-addr.arpa PTR server.mydomain.com.
    What worries me about this all, though, is that it sounds like you have a single server, and that server is publicly-facing.
    If this server is also running services such as Open Directory (maintaining the list of user accounts), DNS (for your internal clients), file sharing, etc. then these services by default will all be publicly exposed and you will leak your internal domain data to the outside world. You will be targeted to dictionary and brute force attacks and you risk compromising your network as a result.
    In other words I do not recommend running a single server for all services as well as a NAT gateway. It takes too much time and effort to secure the server. Do yourself a favor and get a $50 NAT router to act as your network edge device (connected to your ISP's router) and sleep easier at night.

Maybe you are looking for

  • AirPlay on Apple TV (2nd gen) and iPhone 4 (iOS 4.2.9).

    My iPhone 4 (Verizon) and Apple TV are up-to date on SW. When I try playing an iPod tune through AirPlay, the AirPlay icon "sees" the ATV and it's checked but no music comes out of the ATV. If I switch to my iPad on exactly the same network settings,

  • Can I share my iCloud storage with my wife? I'm interested in using the storage for both phones, hers and mine.

    Can I share my iCloud storage with my wife? I'm interested in using the storage for both phones, hers and mine.

  • Installing Jam Packs on an External HD?

    I stuck in the disk and when I went to install it it said I couldn't install to an External HD. So, I figured I'd bypass this by installing it onto my computers HD and then drag the files to the External, store them there, delete off of my computer a

  • How can I see what file's are in  a directory

    I'm want to make a program for brosing the harddisk and copying and editing file's. I already can copy them but: How can I see what file's are in a directory and how can I see what subdirectory's are in a directory so I can show them to the user? I d

  • Bug In Acrobat Rendering

    I think I found an error in how Acrobat renders textures. I have a U3D file that opens correctly in another rendering program that I knows uses the Intel U3D toolkit. (http://sourceforge.net/projects/u3d/) The correct rendering of my file looks like