Using DYNDNS.com with OS X Web server (10.4)

Discussion in 'Mac OS X Server, Xserve, and Networking' started by TodVader, Sep 14, 2008.

  1. TodVader macrumors 6502a

    TodVader

    Joined:
    Sep 27, 2005
    Location:
    Quebec, Canada
    #1
    Hi. I'm running Mac OS X 10.4 Server on an old 667 MHz G4 PowerMac. For DNS, I'm using dyndns.com's free service.

    I've associated 2 different hostnames to my IP address (96.21.*.*)

    qcmat.dnsalias.net
    qcmat.dynalias.com

    My domain is from 1and1. When asked to enter my 2 name servers (they want a primary and secondary), I guess this error after a couple of hours:

    There is a domain registration error in the DNS.

    If you enter qcmat.dnsalias.net or the other one in the browser, it will open the temporary OS X Server page (I didn't change it yet).

    Is there something I don't understand?

    Thanks for the help.
     
  2. plinden macrumors 68040

    plinden

    Joined:
    Apr 8, 2004
    #2
    nslookup shows you have both those host names pointing to 96.21.*.* (it's pointless to obfuscate that since anyone can see the IP address knowing the host name, but I'll do it anyway since you did.)

    Likely your firewall and/or router is blocking access from outside your local network.
     
  3. TodVader thread starter macrumors 6502a

    TodVader

    Joined:
    Sep 27, 2005
    Location:
    Quebec, Canada
    #3
    ok I don't really want to hide it anyways. Can you see the temporary OS X server page from your house?

    I've created to 2 hostnames (pointing to the same IP) because 1&1 only accepts 2. Maybe that's where they get their "error" from.

    btw, the error is on the 1&1 page, not here on my computer.

    I've used 1&1 with hostgator hostnames many times and never had any problems.

    I have really no idea how to fix this :(
     
  4. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #4
    You have WAY too many open ports. The reason why you aren't seeing your web page is because port 80 is being blocked by your firewall. Not much else is though.

    Code:
    Interesting ports on modemcable099.3-21-96.mc.videotron.ca (96.21.3.99):
    Not shown: 1694 closed ports
    PORT      STATE    SERVICE
    21/tcp    open     ftp
    22/tcp    open     ssh
    25/tcp    filtered smtp
    53/tcp    open     domain
    80/tcp    filtered http
    106/tcp   open     pop3pw
    135/tcp   filtered msrpc
    136/tcp   filtered profile
    137/tcp   filtered netbios-ns
    138/tcp   filtered netbios-dgm
    139/tcp   filtered netbios-ssn
    311/tcp   open     asip-webadmin
    389/tcp   open     ldap
    445/tcp   filtered microsoft-ds
    548/tcp   open     afp
    625/tcp   open     apple-xsrvr-admin
    749/tcp   open     kerberos-adm
    1080/tcp  filtered socks
    1720/tcp  filtered H.323/Q.931
    6881/tcp  filtered bittorrent-tracker
    16080/tcp open     osxwebadmin
    
    http://96.21.3.99:16080
     
  5. TodVader thread starter macrumors 6502a

    TodVader

    Joined:
    Sep 27, 2005
    Location:
    Quebec, Canada
    #5
    I haven't activated the server's software firewall yet. I just desactived DNS too since I'm using DYNDNS.com's service (I got dynamic IP addresses so I will use their service with an auto updater). Maybe it didn't work because DNS was active on the server too?

    For port 80, I forwarded it to my server's IP address (192.168.1.103).

    Btw, I followed this tutorial: http://www.s2studios.com/blog/osx-server-104-tutorial/

    Can you see the temporary OS X page when you go to my IP address or one of the above hostnames? I can on other computers but don't have access to other networks right now to test it.

    Thanks

    EDIT: I just realised that I forgot to click the "enable" box after I forwarded port 80 to 192.168.1.103.

    Still, the problem seems to be with the hostnames. 1&1 seems to reject them.
     
  6. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #6
    You really should reconsider what you're doing - You have AFP open, remote Xserve administration, all kinds of stuff. You're just asking to get your server hacked. You have no clue what you're doing. Put that box back behind your router, you're way in over your head.
     
  7. TodVader thread starter macrumors 6502a

    TodVader

    Joined:
    Sep 27, 2005
    Location:
    Quebec, Canada
    #7
    ok I just started the server firewall and opened port 80. Security should be better now... ?

    btw, this is just a little learning exercise for me. I was given this stuff for free and am just trying to learn a little bit here. No serious stuff that security could be a problem.

    All my sites are well and safe with real hosting companies and will stay there...
     
  8. kg9ov macrumors member

    Joined:
    Feb 12, 2005
    Location:
    In front of a computer...
    #8
    So, you're entering the qcmat.dnsalias.net & qcmat.dynalias.com names for the primary & secondary nameserver for your own domain at your registrar (1and1)? If so, you can't do that. The nameservers you enter for your domain must be on static IP addresses. They would also have to actually be DNS servers. DynDNS can do dns hosting for your domain, but you have to have a Custom DNS account and that's not free (unless you happen to have an OLD account that has been grandfathered because you made a donation when they were just a little startup company).
     
  9. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #9
    Your DNS settings are fine. qcmat.dynalias.com resolves to your IP.

    Security is getting better.

    Code:
    Starting Nmap 4.68 ( http://nmap.org ) at 2008-09-14 16:29 EDT
    Interesting ports on modemcable099.3-21-96.mc.videotron.ca (96.21.3.99):
    Not shown: 1712 filtered ports
    PORT    STATE SERVICE
    22/tcp  open  ssh
    311/tcp open  asip-webadmin
    625/tcp open  apple-xsrvr-admin
    
    

    Block port 311 and port 625. Those should not be accessible from outside your LAN. Port 80 might be blocked by your ISP. Set apache up on a different port and use a DyDNS webhop.
     
  10. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #10
    Not true.
     
  11. TodVader thread starter macrumors 6502a

    TodVader

    Joined:
    Sep 27, 2005
    Location:
    Quebec, Canada
    #11
    I just blocked the ports you told me to and opened port 8080. I set apache to 8080 and you can access the website at 96.21.3.99:8080

    Is the above guy right by saying I can't take my 2 QcMat nameservers and use them on 1&1? My IP might not be static but DynDns is updated automatically everytime it changes.

    Thanks
     
  12. kg9ov macrumors member

    Joined:
    Feb 12, 2005
    Location:
    In front of a computer...
    #12
    OK, it doesn't technically HAVE to be on a static IP, but the downtime when the IP address of your DNS server suddenly changes is generally unacceptable considering the TTL on the records in most of the TLD zones. Good luck getting DynDNS to register a name in one of their dynamic zones as a nameserver too...
     
  13. TodVader thread starter macrumors 6502a

    TodVader

    Joined:
    Sep 27, 2005
    Location:
    Quebec, Canada
    #13
    I have an app that automatically sends any new IP address to dyndns.com within seconds.
     
  14. kg9ov macrumors member

    Joined:
    Feb 12, 2005
    Location:
    In front of a computer...
    #14
    I understand that, but that's not the problem. The biggest problem is that your server is not a nameserver. Next, every sensible registrar requires that the nameservers you enter are registered as nameservers (there are glue records for their names) and that's never going to happen for those names.
     
  15. TodVader thread starter macrumors 6502a

    TodVader

    Joined:
    Sep 27, 2005
    Location:
    Quebec, Canada
    #15
    I just don't understand how I'm supposed to point my domain name to my server. I thought that dyndns.com's job was to create nameservers that would point to my IP which would point to my server which would point to the website.
     
  16. kg9ov macrumors member

    Joined:
    Feb 12, 2005
    Location:
    In front of a computer...
    #16
    DynDNS is a DNS hosting provider among other services. They have a service to do what you want to do, but it's the non-free Custom DNS service, not the Dynamic DNS service.

    Also, they have a lot of information about how DNS works and why what you are trying to do doesn't work in their knowledge base.
     
  17. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #17
    For what he's doing, DyDNS will work just fine. If anything, he can have the domain name do a redirect to his DyDNS domain name.
     
  18. kg9ov macrumors member

    Joined:
    Feb 12, 2005
    Location:
    In front of a computer...
    #18
    There still has to be a DNS server somewhere hosting his personal domain for that to work. With DynDNS, that's the Custom DNS service and if you get that, there is no point in using their Dynamic DNS service because the Custome DNS service can do everything it does and more...
     
  19. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #19
    Seems to work just fine.

    Code:
    dig qcmat.dynalias.com A +trace
    
    ; <<>> DiG 9.4.2-P1 <<>> qcmat.dynalias.com A +trace
    ;; global options:  printcmd
    .			454805	IN	NS	M.ROOT-SERVERS.NET.
    .			454805	IN	NS	F.ROOT-SERVERS.NET.
    .			454805	IN	NS	L.ROOT-SERVERS.NET.
    .			454805	IN	NS	I.ROOT-SERVERS.NET.
    .			454805	IN	NS	E.ROOT-SERVERS.NET.
    .			454805	IN	NS	K.ROOT-SERVERS.NET.
    .			454805	IN	NS	A.ROOT-SERVERS.NET.
    .			454805	IN	NS	C.ROOT-SERVERS.NET.
    .			454805	IN	NS	J.ROOT-SERVERS.NET.
    .			454805	IN	NS	G.ROOT-SERVERS.NET.
    .			454805	IN	NS	B.ROOT-SERVERS.NET.
    .			454805	IN	NS	H.ROOT-SERVERS.NET.
    .			454805	IN	NS	D.ROOT-SERVERS.NET.
    ;; Received 500 bytes from 192.168.1.1#53(192.168.1.1) in 17 ms
    
    com.			172800	IN	NS	A.GTLD-SERVERS.NET.
    com.			172800	IN	NS	F.GTLD-SERVERS.NET.
    com.			172800	IN	NS	G.GTLD-SERVERS.NET.
    com.			172800	IN	NS	L.GTLD-SERVERS.NET.
    com.			172800	IN	NS	H.GTLD-SERVERS.NET.
    com.			172800	IN	NS	I.GTLD-SERVERS.NET.
    com.			172800	IN	NS	K.GTLD-SERVERS.NET.
    com.			172800	IN	NS	J.GTLD-SERVERS.NET.
    com.			172800	IN	NS	E.GTLD-SERVERS.NET.
    com.			172800	IN	NS	C.GTLD-SERVERS.NET.
    com.			172800	IN	NS	B.GTLD-SERVERS.NET.
    com.			172800	IN	NS	D.GTLD-SERVERS.NET.
    com.			172800	IN	NS	M.GTLD-SERVERS.NET.
    ;; Received 508 bytes from 198.41.0.4#53(A.ROOT-SERVERS.NET) in 27 ms
    
    dynalias.com.		172800	IN	NS	ns1.dyndns.org.
    dynalias.com.		172800	IN	NS	ns2.dyndns.org.
    dynalias.com.		172800	IN	NS	ns3.dyndns.org.
    dynalias.com.		172800	IN	NS	ns4.dyndns.org.
    dynalias.com.		172800	IN	NS	ns5.dyndns.org.
    ;; Received 136 bytes from 192.26.92.30#53(C.GTLD-SERVERS.NET) in 27 ms
    
    qcmat.dynalias.com.	60	IN	A	96.21.3.99
    dynalias.com.		86400	IN	NS	ns5.dyndns.org.
    dynalias.com.		86400	IN	NS	ns4.dyndns.org.
    dynalias.com.		86400	IN	NS	ns1.dyndns.org.
    dynalias.com.		86400	IN	NS	ns2.dyndns.org.
    dynalias.com.		86400	IN	NS	ns3.dyndns.org.
    ;; Received 232 bytes from 208.78.69.75#53(ns3.dyndns.org) in 208 ms
    
    

    He doesn't need anything more than a simple mapping between his residential IP addresss and a domian name.
     
  20. kg9ov macrumors member

    Joined:
    Feb 12, 2005
    Location:
    In front of a computer...
    #20
    Right, he has two names setup that point to his IP address and that works... All well and good...

    But, from what I can gather, he also has a domain name he has registered with 1and1 and wants that to point to his IP address also. So, DNS for that domain has to be hosted somewhere.
     
  21. TodVader thread starter macrumors 6502a

    TodVader

    Joined:
    Sep 27, 2005
    Location:
    Quebec, Canada
    #21
    For my websites that are hosted with hostgator, I use the 2 nameservers they gave me:

    ns863.hostgator.com
    and
    ns864.hostgator.com

    I just enter those on the domains from 1&1 and it works like a charm. (I use those with addon domains on cPanelX)

    Don't my 2 qcmat addresses above work just like that? It doesn't seem so because they return errors in 1&1.
     
  22. kg9ov macrumors member

    Joined:
    Feb 12, 2005
    Location:
    In front of a computer...
    #22
    Well, the short answer is: No, it doesn't work like that.

    Basically, when you create a new site in cpanel, it creates the dns zones in your hosts nameservers and populates them with all the required records behind the scenes. That's why it "just works".
     

Share This Page