Contribute  :  Advanced Search  :  Directory  :  Forum  :  FAQ's  :  My Downloads  :  Links  :  Polls  
AFP548 Changing the world one server at a time.

advanced search 

Sections

Home
AFP548 Site News (107/2)
Articles (282/26)
Apple (50/2)
Extended KB (3/1)
Ask AFP548 (16/42)
Reviews (5/1)
Security (16/2)
Tips (130/8)
Third Party Applications (53/6)
Odds and Ends (28/1)
Podcasts (2/0)

User Functions

:

:

Don't have an account yet? Sign up as a New User
Lost your password?

Poll

Do you want push services for the iPhone on Mac OS X Server?
Yes! Expand the existing stuff!
Yes! Apple should add EAS support!
No! I just use another service that already has push.
Results
80 votes | 0 comments
Welcome to AFP548
Thursday, July 29 2010 @ 09:31 am MDT
   

Leopard DNS - The Gui, The Bad, and The Ugly

Wednesday, October 31 2007 @ 08:51 pm MDT
Contributed by: mactek
Views: 24,416
Articles

One of the biggest complaints I heard from other consultants and support folks about Mac OS X Server 10.4 was about how bad it was to work with the DNS GUI. They pined away for Panther or relegated themselves to hand coding their zone files. With Leopard come some welcome changes and a nasty bug.

Read on for more...



The Changes

One of the changes you find is in the /etc/named.conf file. It has an include to look in /etc/dns where there are three files that deal with Server Admins GUI settings for DNS. Those files are logginOptions.conf.apple, options.conf.apple, and publicView.conf.apple. These files must be there for the GUI in Server Admin to function.

Another change is the way zone files are being handled. At first glance it would look like the zone files are in /var/named/ but what server admin does is put an include there pointing to the GUIs zone file which resides in /var/named/zones. There is the nice warning in both the named.conf and zone files that say “;THE FOLLOWING INCLUDE WAS ADDED BY SERVER ADMIN. PLEASE DO NOT REMOVE.”, right before the include statement. What could be a nice result of this is you can now make changes to the Zone files and they are reflected in the GUI. You are no longer chained to the once you go CLI you can’t go back.

Other assorted changes include PTR records, SRV records, Forwarder IPs, and Recursion settings. PTR records are created on automatically for your reverse zones. You can then only assign which A Record is associated with it. SRV files are new to Mac OS X GUI configuration and you could configure a Mac OS X Server to provide DNS that would actually work in an AD environment, not that you necessarily would want to do that. You can now set your Forwarder IPs from the GUI and restrict which networks can make recursive queries of your DNS server. All this bodes well for a richer experience with DNS on Mac OS X Server. 

The Bad and Ugly

While there is a good deal of improvement in Leopard DNS, there is a nasty bug in the GUI and it has bitten a few already. When you first create a zone, DO NOT HIT SAVE. If so you have condemned this zone to have an SOA of example.com forever. Make sure you edit your NS and A record for NS before hitting save. If you miss this it can be the source of much frustration and cursing Leopard DNS. If you heed this word of caution you should be well on your way to having a productive DNS server on your network.

Ed. Note:

DNS potentially gets even more frustrating because of the auto setup in the Standard mode. The server will create a DNS domain based on the FQDN that you supply during the initial setup. That's nice, but.... it means that you can't resolve any of your other DNS names for that zone as the server only knows the one entry for itself.

Quick fix is to just remove the 127.0.0.1 DNS entry from your network prefs when this happens.

 

What's Related

Story Options

Advertising

Leopard DNS - The Gui, The Bad, and The Ugly | 11 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Leopard DNS - The Gui, The Bad, and The Ugly
Authored by: Anonymous on Friday, November 02 2007 @ 07:29 am MDT
Will you have a run down of the DHCP services? I'm always forced to compile ISC dhcpd on my tiger servers because of the anemic DHCP offered by the OS (like setting DHCP options).
Leopard DNS - The Gui, The Bad, and The Ugly
Authored by: kainewynd2 on Friday, November 02 2007 @ 05:39 pm MDT
I was amazed to see that I could update the conf file directly and still have GUI access. Saying that, I wasn't surprised when I entered my AD DNS entries by hand, ran into issues, and had to enter them into the conf file directly. Only two entries show up because of the "duplicate" entries for kerberos and ldap, but everything works and I can still update additional items without overwriting those settings. Hell, I'm happy.
Leopard DNS - The Gui, The Bad, and The Ugly
Authored by: Anonymous on Tuesday, November 06 2007 @ 12:52 pm MST
The real question here is do secondary servers work correctly yet?

Historically, the reverse lookup records would not be transfered to secondary servers.
Leopard DNS - The Gui, The Bad, and The Ugly
Authored by: aderium on Saturday, November 10 2007 @ 07:15 pm MST
What I would like to test when I get a chance is if Leopard finally had DHCP update the DNS A records ..that would be nice, if not, and if we have to use the dhcpd programm for that, can we still use the DNS GUI.

Also an another note I am curious to seee the results with Wide Area Bonjour, is that a Zone that will populate a separate file in /var/named/zone ?
Leopard DNS - The Gui, The Bad, and The Ugly
Authored by: dblack on Saturday, November 10 2007 @ 09:52 pm MST
Yah, this is a totally bad bug. I could not access or axfr a new one I had created and when viewing the logs, I saw the "ignoring example.com" in my logs and started poking around /var/named. In the /var/named/zones folder was my misconfigured zone file db.mydomain.com.zone.apple with the example.com as the SOA. I just changed it and everything is cool.

 Copyright © 2010 AFP548
 All trademarks and copyrights on this page are owned by their respective owners.		 Powered By Geeklog 
Created this page in 0.16 seconds