Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 4, 2013, 05:57 AM   #1
philstone
macrumors 6502
 
Join Date: Oct 2008
Location: Jersey, Channel Isles
DNS rerouting

I've been searching the internet all weekend but still no joy on this...

Scenario - we have a server onsite that we want to connect to using full DNS so that the address doesn't change whether its from within the office or externally (e.g. server address will be server.mydomain.com)

Using AEBS for DHCP (and DNS) although SLS is configured for DNS as well (not really active as no clients are asking the SLS for DNS)
Is there a way to configure the system so that...

Internal request for server.mydomain.com forwards to the local IP address rather than going outside the LAN then back in?
I would prefer to keep the AEBS acting as DHCP server.

Has anyone else had issues like this before? I know in a Windoze environment this is possible.

Cheers
__________________
 - Lots of them..
philstone is offline   0 Reply With Quote
Old Mar 4, 2013, 08:51 AM   #2
HenryAZ
macrumors regular
 
Join Date: Jan 2010
Location: South Congress AZ
I have used internal name servers for this purpose. Set up an internal name server to run the mydomain.com zone, have your DHCP server give out that name server to its local LAN clients, and have the record server.mydomain.com resolve to the internal address.

Any client then on the LAN will get the internal address. Any client outside (using whatever outside name servers they are provided with) will resolve the external IP.

The caveat here is your internal clients will look to this internal name server zone for all information regarding the zone. So, if you have records in the zone with external addresses, they will need to be included in the internal zone as well. For example, if your web server is hosted offsite, you will need a record in the internal zone pointing to the external web server. You will need to have correct MX records in the internal zone. Your internal zone will basically be a mirror of the external zone, except for the addresses you want to resolve internally.

Additionally, you will need to have the internal name server forward requests for everything other than mydomain.com to an external resolver.

Last edited by HenryAZ; Mar 4, 2013 at 08:53 AM. Reason: punctuation
HenryAZ is offline   0 Reply With Quote
Old Mar 4, 2013, 10:14 AM   #3
philstone
Thread Starter
macrumors 6502
 
Join Date: Oct 2008
Location: Jersey, Channel Isles
Thanks - I already have an internal NS which resolves correctly, however I have to assign the DNS manually to the client as the DHCP on the AEBS is giving itself out as a local DNS server - I can't see a way to change that in the DHCP options on the AEBS? Is there a way?

Thanks again
__________________
 - Lots of them..
philstone is offline   0 Reply With Quote
Old Mar 4, 2013, 10:32 AM   #4
HenryAZ
macrumors regular
 
Join Date: Jan 2010
Location: South Congress AZ
Quote:
Originally Posted by philstone View Post
Thanks - I already have an internal NS which resolves correctly, however I have to assign the DNS manually to the client as the DHCP on the AEBS is giving itself out as a local DNS server - I can't see a way to change that in the DHCP options on the AEBS? Is there a way?

Thanks again
I cannot answer that very well, as I've never used any access point or router as a DHCP server.

Usually devices like that give out, as DNS, the DNS they are configured for. Try configuring the AEBS to use the internal name server. As long as the internal server can resolve anything (the internal zone, or forward external requests), this should pose no problem.
HenryAZ is offline   0 Reply With Quote
Old Mar 4, 2013, 06:51 PM   #5
freejazz-man
macrumors regular
 
Join Date: May 2010
except for about 2x as many DNS queries as necessary, unless you are going to cache them

it can make browsing stuff like youtube kinda sucky
freejazz-man is offline   0 Reply With Quote
Old Mar 4, 2013, 07:07 PM   #6
HenryAZ
macrumors regular
 
Join Date: Jan 2010
Location: South Congress AZ
Quote:
Originally Posted by freejazz-man View Post
except for about 2x as many DNS queries as necessary, unless you are going to cache them
Why would anyone run a name server with caching turned off to begin with?

Not to mention the fact that the results will also be cached on each local machine's OS resolver cache.
HenryAZ is offline   0 Reply With Quote
Old Mar 5, 2013, 10:20 AM   #7
freejazz-man
macrumors regular
 
Join Date: May 2010
Quote:
Originally Posted by HenryAZ View Post
Why would anyone run a name server with caching turned off to begin with?

Not to mention the fact that the results will also be cached on each local machine's OS resolver cache.
when you are using a CDN you don't really hit domains that are cached
freejazz-man is offline   0 Reply With Quote
Old Mar 5, 2013, 03:08 PM   #8
HenryAZ
macrumors regular
 
Join Date: Jan 2010
Location: South Congress AZ
Quote:
Originally Posted by freejazz-man View Post
when you are using a CDN you don't really hit domains that are cached
If a record is not cached locally, then it needs resolving, for sure. I still don't see your point as to how this applies here. Running a local name server doing its own recursing/resolving is the most efficient way to get the records to your LAN.
HenryAZ is offline   0 Reply With Quote
Old Mar 5, 2013, 03:23 PM   #9
freejazz-man
macrumors regular
 
Join Date: May 2010
well, if you use your ISPs DNS server it's going to be quicker for CDN content because it's going to cut down the number of servers queried

the ISPs DNS is likely faster running on better hardware

I've read a few people claiming that hitting their ISPs DNS instead of a local server improved the streaming quality for HD youtube videos

it's gotta be a pretty small time difference, but if you think about the context of streaming, that can be critical at times.
freejazz-man is offline   0 Reply With Quote
Old Mar 5, 2013, 04:08 PM   #10
HenryAZ
macrumors regular
 
Join Date: Jan 2010
Location: South Congress AZ
Quote:
Originally Posted by freejazz-man View Post
well, if you use your ISPs DNS server it's going to be quicker for CDN content because it's going to cut down the number of servers queried

the ISPs DNS is likely faster running on better hardware

I've read a few people claiming that hitting their ISPs DNS instead of a local server improved the streaming quality for HD youtube videos

it's gotta be a pretty small time difference, but if you think about the context of streaming, that can be critical at times.
I give up.
HenryAZ is offline   0 Reply With Quote
Old Mar 5, 2013, 04:23 PM   #11
freejazz-man
macrumors regular
 
Join Date: May 2010
not exactly sure what you mean by that, but think about it

if you are trying to resolve blahla.sdlaskln.xjknl.kmcd.cdn.apple.net

the ISP DNS is going to be able to resolve the name quicker and still not have to relay it back to your DNS to respond to the client, it will respond directly to the client.

in the context of streaming a video being able to hit the CDN server .5 sec might mean less frames dropped. when a video is being streamed from youtube it's not just from one server, it's from a CDN where each server serves a little and then redirects to another node for more.

yeah, it's kinda a ridiculous example, but I was just throwing it out there as something I've noticed.
freejazz-man is offline   0 Reply With Quote
Old Mar 5, 2013, 07:28 PM   #12
HenryAZ
macrumors regular
 
Join Date: Jan 2010
Location: South Congress AZ
Quote:
Originally Posted by freejazz-man View Post

if you are trying to resolve blahla.sdlaskln.xjknl.kmcd.cdn.apple.net

the ISP DNS is going to be able to resolve the name quicker and still not have to relay it back to your DNS to respond to the client, it will respond directly to the client.
I guess we'll just disagree on this. My name server does its own recursing/resolving (no ISP server in the mix). When I query from a client machine on the LAN (query my name server), the response is typically delivered to the client in <150ms. That's my name server, going out on the Internet directly to the authoritative source, and returning with the answer. The portion of the 150ms that is taken in relaying from my name server to my client is probably <5ms. Once I have it cached locally now, the response to my clients is way faster than any other server can provide.

That 150ms may be slow or fast compared to queries on other Internet connections, but it is my crappy Internet connection and every packet that traverses it has the same latency, whether I am using my name server or someone else's.

I do not agree that (necessarily) an ISP server provides better performance. Hardware they have to have to handle the query load, for sure, but many of them are still slammed anyway. If the hardware is supporting the query load as it should, the effective time DNS takes is on the network rtt, and the response time of the authoritative server.
HenryAZ is offline   0 Reply With Quote
Old Mar 6, 2013, 12:31 PM   #13
freejazz-man
macrumors regular
 
Join Date: May 2010
I only offered one very specific scenario where an ISPs server would provide better performance, so maybe you misunderstood me?
freejazz-man is offline   0 Reply With Quote
Old Mar 6, 2013, 03:20 PM   #14
HenryAZ
macrumors regular
 
Join Date: Jan 2010
Location: South Congress AZ
Quote:
Originally Posted by freejazz-man View Post
I only offered one very specific scenario where an ISPs server would provide better performance, so maybe you misunderstood me?
I don't think I misunderstood, just disagree My experience is the lookup results get back to your LAN quicker with a local name server doing its own recursion.
HenryAZ is offline   0 Reply With Quote
Old Mar 6, 2013, 06:40 PM   #15
freejazz-man
macrumors regular
 
Join Date: May 2010
right, except in a scenario where an ISP would have names cached that you otherwise wouldn't, especially if you are going to do your own recursion
freejazz-man is offline   0 Reply With Quote
Old Mar 7, 2013, 08:14 AM   #16
HenryAZ
macrumors regular
 
Join Date: Jan 2010
Location: South Congress AZ
Quote:
Originally Posted by freejazz-man View Post
right, except in a scenario where an ISP would have names cached that you otherwise wouldn't, especially if you are going to do your own recursion
To me that is the main valid argument that makes sense to take advantage of your ISP's (or a public) name server. The remote name server you use may be faster by having a record cached that you do not have cached yet. But if there is a problematic network path to it, or it is congested, it may be slower even with a cached answer. Depending on the ISP's dedication and support, its cache may also be an easy target for poisoning

The only way to know is to compare response times.

On a slight thread drift, but related to your YouTube comments, I've been following with interest a discussion on NANOG about certain backbone ISP's throttling YT video streams. Issues you see might not be DNS-related at all

Boy that whole anycasted CDN model is a can of worms.
HenryAZ is offline   0 Reply With Quote
Old Mar 7, 2013, 09:25 AM   #17
freejazz-man
macrumors regular
 
Join Date: May 2010
yeah, like I said, it's a very specific and limited scenario where it would be better to forgo your own DNS. any path to your ISPs DNS is likely pretty similar to whatever you would have to do to resolve a name anyway.

If your ISP has it's cache poisoned, you probably have bigger problems than youtube streams

As for the throttling, that definitely happens, although it's distinct from the situation I'm referring to.

what's terrible about the CDN is that it's great for cybercrime. compromise one of those hosts and very few analysts are going to notice any unusual http content being served off a node
freejazz-man is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
too many ads & rerouting 4tfred iMac 1 Apr 22, 2014 02:23 PM
Rerouting ports so i can ssh my other mac? $yregnar86 Mac Basics and Help 1 Jul 30, 2013 10:53 PM
Best GPS with traffic and rerouting? majordude iPhone and iPod touch Apps 2 Jan 30, 2013 06:44 PM
the DNS hostname is not available, please repair dns and re-run this tool. aicul Mac OS X Server, Xserve, and Networking 2 Jan 6, 2013 02:21 AM
Best sat nav app with traffic rerouting LERsince1991 iPhone and iPod touch Apps 26 Jan 3, 2013 07:37 AM

Forum Jump

All times are GMT -5. The time now is 11:13 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC