One of the biggest complaints I heard from other consultants and support folks about Mac OS X Server 10.4 was about how bad it was to work with the DNS GUI. They pined away for Panther or relegated themselves to hand coding their zone files. With Leopard come some welcome changes and a nasty bug.
Read on for more…
One of the changes you find is in the
/etc/named.conf file. It has an include to look in /etc/dns where there
are three files that deal with Server Admins GUI settings for DNS.
Those files are logginOptions.conf.apple, options.conf.apple, and
publicView.conf.apple. These files must be there for the GUI in Server
Admin to function.
Another change is the way zone files are
being handled. At first glance it would look like the zone files are in
/var/named/ but what server admin does is put an include there pointing
to the GUIs zone file which resides in /var/named/zones. There is the
nice warning in both the named.conf and zone files that say “;THE
FOLLOWING INCLUDE WAS ADDED BY SERVER ADMIN. PLEASE DO NOT REMOVE.”,
right before the include statement. What could be a nice result of this
is you can now make changes to the Zone files and they are reflected in
the GUI. You are no longer chained to the once you go CLI you can’t go
Other assorted changes include PTR records, SRV records,
Forwarder IPs, and Recursion settings. PTR records are created on
automatically for your reverse zones. You can then only assign which A
Record is associated with it. SRV files are new to Mac OS X GUI
configuration and you could configure a Mac OS X Server to provide DNS
that would actually work in an AD environment, not that you necessarily
would want to do that. You can now set your Forwarder IPs from the GUI
and restrict which networks can make recursive queries of your DNS
server. All this bodes well for a richer experience with DNS on Mac OS
The Bad and Ugly
While there is a good deal
of improvement in Leopard DNS, there is a nasty bug in the GUI and it
has bitten a few already. When you first create a zone, DO NOT HIT
SAVE. If so you have condemned this zone to have an SOA of example.com
forever. Make sure you edit your NS and A record for NS before hitting
save. If you miss this it can be the source of much frustration and
cursing Leopard DNS. If you heed this word of caution you should be
well on your way to having a productive DNS server on your network.
DNS potentially gets even more frustrating because of the auto setup in the Standard mode. The server will create a DNS domain based on the FQDN that you supply during the initial setup. That's nice, but…. it means that you can't resolve any of your other DNS names for that zone as the server only knows the one entry for itself.
Quick fix is to just remove the 127.0.0.1 DNS entry from your network prefs when this happens.