DNS Server - what have I done?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by skerfoot, Jan 9, 2012.

  1. skerfoot macrumors member

    Joined:
    Feb 28, 2010
    #1
    Short version:

    I'm setting up a Mini Lion Server in my house. I was having trouble with the connection (very long story, perhaps unrelated to the current problem), and ended up talking to an Apple Enterprise person on the phone. One of the things he had me do was open the network setting on my client laptop computer and, under the network connection -> Advanced -> DNS, enter the intranet IP address for my home server in the left-hand column labeled "DNS Servers:". There were already some numbers there, but they disappeared when I entered the new number. Magically, the connection to my home server worked. However, when I took the laptop to work, I could no longer connect to the wireless network until I manually entered the numbers for the DNS Server that I found on a different machine connected to the network.

    Clearly, I'm a noob and don't understand what it is that I've actually done here, or why it's causing a problem. I would really appreciate an answer or explanation for any of the following:
    1) What did I do when I manually entered the IP address for a DNS server?
    2) Previously, the computer must have retrieved the appropriate numbers itself when I joined a new network. Why didn't it do this for my home server and why isn't it doing it any more for other networks?
    3) Most importantly, how can I get my computer to join other wireless networks properly again, while still knowing the correct DNS server to use for the home server?

    I "setup" my wife's computer the same way, and now I'm in a lot of trouble because her computer doesn't connect to her work network either. Please help get me out of the doghouse!

    Thanks
     
  2. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #2
    You specified the Mini server as the DNS server for you client machine. Meaning, all DNS lookups go through the Mini Server on that machine.

    By manually specifying the server, you have effectively disabled the retrieval of DNS servers via DHCP.

    It didn't automatically populate your DNS server as the Mini server, as you aren't specifying that via DHCP on your network.

    You need to.

    1. Go into the device serving up IP addresses, presumably your router, and configure it to give out your Mini server IP address for DNS.

    or

    2. Use the Mini server for DHCP (not recommended given your experience).

    or

    3. Utilize locations in Network preferences. This is more of a work around and not a real solution.

    or

    4. Don't use the Mini for DNS and communicate with it via IP address or Bonjour. This is not recommended if you plan to use Open Directory.

    If you want the Mini doing DNS, you need to do number 1 here, the other options are included for completeness. Be sure you have forward addresses configured in DNS, I assume you do since you aren't complaining about internet name resolutions.

    It is likely connecting to the network, but unless there just happens to be a DNS server on your work networks with the same IP address as your Mini server, the problem is that you can actually resolve any hosts.
     
  3. FireArse macrumors 6502a

    Joined:
    Oct 29, 2004
    #3
    If you want it to work all over, rather than put your IP address for Lion Mac Mini, put the Google DNS servers (it'll work wherever you're connected).

    Linky:http://code.google.com/speed/public-dns/

    or just put 8.8.8.8 and 8.8.4.4 as backup. Problem solved.

    FireArse
     
  4. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #4
    No, this just lets you resolve internet hosts. Most companies have internal DNS for resolving internal-only hosts/services. Those will not be available in public DNS and thus will not resolve.

    In addition, it doesn't solve the problem of being able to resolve the mini server by the FQDN/hostname either.
     
  5. FireArse macrumors 6502a

    Joined:
    Oct 29, 2004
    #5
    I accept that - correct me if I'm wrong, but the OP doesn't refer to needing to resolve internal hosts.
     
  6. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #6
    The OP does, this is noted in them having issues when taking their machines to work. Defining public DNS directly to the interface stops you from resolving any internal hosts (unless they are in public DNS, which is doubtful). The OP learned this when taking his machine to work and entered the DNS settings from another work machine manually into his machine, "resolving" the issue. They didn't actually need to be manually entered; deleting the static entries would trigger pulling DNS servers from their local DHCP servers.

    In addition, since the Mini server is running DNS, the OP presumably wants to utilize local DNS to resolve his own internal server and other hosts.

    The root issue is this: manually defining DNS servers is a short-sighted engagement. As the OP has learned, you run into issues when you move between networks.

    This problem has a solution (since the 90s) and it is DHCP. DHCP takes care of this dynamic configuration of DNS (and other settings).

    The OPs work networks (his and his wife's) are running DHCP and they are dishing out DNS servers that are necessary for their job. The OP can mimic this behavior by doing what I prescribed above: Setting his router to give the Mini server's IP address via DHCP and configuring the Mini to handle DNS both internal and external. This will allow them to move between networks and not have to manually change settings.
     
  7. skerfoot thread starter macrumors member

    Joined:
    Feb 28, 2010
    #7
    Thank you for the very helpful replies. I'm learning a lot.

    If I understand correctly, I need to convince my airport extreme (which is the router I'm using to connect to the internet and the server etc), to automatically provide the server intranet IP address as the DNS server. In fact, upon closer inspection of the server, I see a note there stating that I should "configure (my) router to supply (my) server address (XXX.XXX.XXX.XXX) as the first DNS server when it supplies an IP address". I thought that, since I'm using an extreme, that the server was supposed to be managing this sort of thing already (like port mapping), but maybe not. I'm gone into the Extreme settings via airport utility, and I think that I may have identified the appropriate window to make this happen, but I'm still confused about internet numbers vs intranet numbers. Can anyone verify that I'm looking at the correct place?

    In Airport utility, under the "Internet" tab ->TCP/IP -> DNS Server(s). There are two windows that I can fill in. I'm nervous that I'm looking at the window for the DNS server that the extreme is using to connect to the outside world though, rather than the DNS server that it would supply for the intranet. I can't find any other place to enter something like this, though. It's equally likely that I have no idea what I'm talking about.

    Thanks for the information. At the very least, I can get the connections to other wireless networks going again thanks to what I'm learning here. Why on earth did the Apple Enterprise guy get me to enter the DNS server manually in the first place?

    Thanks,
     
  8. squeakr macrumors 68000

    squeakr

    Joined:
    Apr 22, 2010
    #8
    On my Extreme, I entered the primary DNS to be the static IP I assigned to the mini server and the secondary to the OpenDNS DNS servers, this way when my mini happens to be down or not updating and resolving to the correct DNS, the OpenDNS DNS servers will take over and issue the correct External addresses (yes I know I can't resolve the internal addresses at such point, hey the server is down anyway so what the hey, but at least the rest of the family can access the internet and have no idea that things have failed until they go to print or control the HomeSeer Automation server but that happens very little).
     
  9. mainstay macrumors 6502

    mainstay

    Joined:
    Feb 14, 2011
    Location:
    BC
    #9
    This is the way I configure it as well (I use my ISP's DNS servers as the secondary DNS value, but same principle).

    ALL of my computers get along perfectly with such a setup and both internal and external lookups / resolutions are fast and zippy.

    I have a mixed network of just about everything.
     
  10. skerfoot thread starter macrumors member

    Joined:
    Feb 28, 2010
    #10
    I'm glad to hear that it's working properly for you. Would you mind spelling out for me exactly where in the settings you specify the DNS server? It's still not clear to me which setting refers to the DNS server handed out by the router vs the DNS server used by the router to connect to the outside world, or whether these are actually different things at all.

    Thanks for the help
     
  11. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #11
    They are one in the same.

    Your ISP is going to provide you DNS servers, in the TCP/IP pane you are going to override those with your servers address(es). If you needed to resolve something related to your ISP, those addresses will be public and thus you will be able to resolve them even if not using your ISPs DNS servers.

    Remember, DNS has no bearing on your "connection." IP addresses do however, DNS just affects your ability to turn

    google.com into 74.125.225.16

    As long as your DNS server is forwarding requests it is not authoritative for (anything other than you locally configured zones), if your Airport needs to perform a name resolution for your internet connection it will be able to resolve that host.

    In summation, you are safe to configure DNS servers in your AirPort Extreme by clicking: Internet:TCP/IP and entering your server address and a backup address (opendns, google, ultra, etc).
     
  12. squeakr macrumors 68000

    squeakr

    Joined:
    Apr 22, 2010
    #12
    Enter your server ip in the primary spot and a net dns server ip in the secondary spot, as the way it works is that is searches the first ip for the name resolution and if it can't connect or resolve it fail safes to the secondary. This way if you are asking for an internally resolved address it will be found on your ip address and if you are asking for an external address (and your sever isn't updated or can't resolve it) it will be found by the net ip server designated (dns server of your choice, opendns, google, your ip, etc). If you reverse them then it will look for the internet first and the net version will return an error about name resolution, as they are configured to error in that way and you will never failsafe to your server address (as it will have resolved in the net dns server).
     
  13. mainstay, Jan 10, 2012
    Last edited: Jan 10, 2012

    mainstay macrumors 6502

    mainstay

    Joined:
    Feb 14, 2011
    Location:
    BC
    #13
    this may help:

    my internal server is set to 10.0.1.10 and resolves my LOCAL addresses.

    my ISP provide an EXTERNAL name resolution server (64.178.whatever) for website lookups.

    You leave your laptop to always receive IP addresses using DHCP and you do NOT configure DNS values in your network configuration for the laptop (if you have, delete them).

    This will allow you laptop to come into a network, connect, and be told how to look things up.

    First it will look locally, and if it cannot find the IP or name, it will then look externally (the internet).

    This provides great flexibility and does not require you to make any changes to the default behavior of your laptop.
     

    Attached Files:

    • DNS.jpg
      DNS.jpg
      File size:
      133.5 KB
      Views:
      310
  14. skerfoot thread starter macrumors member

    Joined:
    Feb 28, 2010
    #14
    Thank you, very helpful. My Airport Utility looks a little different, so just to make sure that I'm looking at the right window...

    I put my home server's IP address in the red window, which is currently showing what I assume is the number acquired by DHCP for looking up things in the outside world. I leave the blue window empty? This will allow requests going to the internet to access a DNS server acquired by DHCP, while intranet requests will be directed to the house server.

    I may or may not be learning something here...
     

    Attached Files:

  15. mainstay macrumors 6502

    mainstay

    Joined:
    Feb 14, 2011
    Location:
    BC
    #15
    looks good.

    red = 192.168.0.10 (or whatever your internal dns server is configured to be)

    blue = 64.71.255.198
     
  16. skerfoot thread starter macrumors member

    Joined:
    Feb 28, 2010
    #16
    Everything looks to be working well. I put the server's IP in the red window, and actually left the blue empty. I think that this makes sense, but please correct me if I'm wrong.

    My client computer is connecting properly to both the server and the outside world and appears to be picking up the server's IP as a DNS server properly by DHCP. THe server itself, by looking at it's network preferences, is listing both its own IP as well as the external DNS server IP as DNS servers.

    Thanks for all of the help. This could have been avoided if the Apple Enterprise guy just got me to change the Extreme settings rather than manually enter the DNS server on the client computer.
     
  17. squeakr macrumors 68000

    squeakr

    Joined:
    Apr 22, 2010
    #17
    Looks correct (you have the version I do, and thought when the other poster posted that shot you may be lost if the version wasn't the same). I would recommend as I stated earlier and the other person stated to populate the blue section with the ip of a net dns server, as that is their bread and butter to keep them current and active. Although the way you have it will work correctly, if for some reason your server doesn't update its dns lists correctly and efficiently (I have had mine set up in the past like you have it now), you will get 404 errors for internet sites or the site is unreachable errors instead of failsafing (this is assuming that you don't have failsafing on your dns server on the server itself. The other thing that can happen is if your server becomes unreachable for any reason (hangs, stops responding, reboots and has issues) you will not be able yo get top the internet to search for answers to your problem or post on sites for help. With the secondary in the router, at least you have another failsafe to allow internet access. If I have server errors, the family never knows unless they try to print or access a share drive, as they mainly go to the net.
     
  18. skerfoot thread starter macrumors member

    Joined:
    Feb 28, 2010
    #18
    I take your point, and have filled in the blue window too.

    Thanks for everyone's help.

    Now to get time machine working properly...
     

Share This Page