[paulievox]

Just spoke with applecare enterprise.

After running through my DNS settings, the agent declared
“well your DNS is configured properly – all your services work.
you’ll need to contact microsoft”.

blah.
he suggested my answer may be somewhere inside the “network services”
support docs.

It may be of note that my Exchange server is configure internally as the “.local” out of the box variety they tote for “maximum protection” against hacking.

Should i setup a slave zone to the DNS on windows box, and switch recursion on it?
I know exchange/AD is based on DNS.

this is a nightmare.

[paulievox]

[QUOTE][u]Quote by: deemery[/u][p][QUOTE]Good call to try it, but no dice.[/QUOTE]

Well, you’ve run off the edge of my knowledge here. Good Luck! Maybe someone with a deeper knowledge can chime in.

dave[/p][/QUOTE]

You were great to give it a shot man. thanks again.

[paulievox]

according to a post in

http://discussions.apple.com/thread.jspa?messageID=7330432&#7330432

[i]There is also an extra Reverse Zone entry that cannot be deleted = 0.0.10.in-addr.arpa. with no Reverse Mapping.” Do you mean it can’t be deleted because it’s needed or you’ve tried to delete it and can’t? I assume it’s the later. If so you can ignore this errant reverse zone.[/i]
[quote]
Yes, that is correct and I am happy to ignore it! ;)[/quote]

I just want to see if anyone else has any experience with this, causing problems,
removing, etc.

[paulievox]

[QUOTE][u]Quote by: deemery[/u][p][QUOTE]Yup,
127.0.0.1.[/QUOTE]

Well…. Try replacing 127.0.0.1 (which resolves to localhost) with the actual IP address of the machine, and see if that works. I’m wondering if the fact this is a ‘special’ (non-routable?) address is causing the problem.

But I could be totally off here.

dave[/p][/QUOTE]

Good call to try it, but no dice.

I removed 127.0.0.1, plugged in 192.168.1.102 (its lan ip), reset dns cache,
and restarted DNS service – mail issue persists.

[paulievox]

sample DNS log (information level logging)

as you can see, the xserve’s DNS isn’t having the MX record i setup for the “winserver”

30-Jul-2008 02:43:12.971 zone mydomain.com/IN/com.apple.ServerAdmin.DNS.public: mydomain.com/MX ‘winserver.mydomain.com’ has no address records (A or AAAA)
30-Jul-2008 02:44:53.896 /var/named/zones/db.mydomain.com.zone.apple:14: ignoring out-of-zone data (winserver)
30-Jul-2008 02:44:53.900 /var/named/zones/db.mydomain.com.zone.apple:14: ignoring out-of-zone data (winserver)

[paulievox]

[QUOTE][u]Quote by: deemery[/u][p]A simple check: do you have the IP of your server listed as the -first- DNS server in that machine’s System Preferences -> Network settings?

dave[/p][/QUOTE]

Yup,
127.0.0.1.
The next DNS server is the router/firewall.

I have horsed around with DNS servers in general
ie, add the windows server lan IP as a DNS server both to client computers and the xserve.
all it does is introduce a lag in lookups/forwarding.

i’m pretty confident the forwarding is all working correctly.

[paulievox]

My bad mods, i should have posted in DNS section no?

Here’s my named.conf setup fwiw

// Include keys file
//
include “/etc/rndc.key”;

// Declares control channels to be used by the rndc utility.
//
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.

//
// Default controls
//
controls {
inet 127.0.0.1 port 54 allow {any; }
keys { “rndc-key”; };
};

options {
include “/etc/dns/options.conf.apple”;

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
logging {
include “/etc/dns/loggingOptions.conf.apple”;
};

// Public view read by Server Admin

include “/etc/dns/publicView.conf.apple”;

// Server Admin declares all zones in a view. BIND therefore dictates
// that all other zone declarations must be contained in views.

[Author]

Posts