Domain Name System. Domain Name Server. DNS is an acronym for both. DNS is both widely used and widely misunderstood. The Domain Name System is used to make the Internet easy to navigate. Instead of typing numbers like http://17.254.0.91, you type http://www.apple.com; both addresses go to the same place, but the second is certainly much easier to remember. In order for DNS to work, Apple Computer must have a computer that has the name apple.com, which in turn knows about computers under its domain such as www.apple.com, training.apple.com, train.apple.com, and so forth. It's important to remember that it all starts with, in this case, apple.com. Let's back up a bit. Suppose you wish to find an obscure Web site, such as http://www.thereisnothinghere.com. You'll probably start by searching the .com domain, which tells you where thereisnothinghere.com is, which, in turn, tells you where www.thereisnothinghere.com is located. That computer is running a Web server and responds to your request by giving you back Web pages. This concept works because almost all devices on the Internet that have an IP address associate that address with a name. This, in a nutshell, is how the Domain Name System works. DNS and Mac OS X Server Macintosh users never had to worry about maintaining a Domain Name Server before. Although Apple had software to do that (which ran under preMac OS X operating systems), most users didn't need to use it. Mac OS X Server, when running as an LDAP server and a Kerberos Key Distribution Center (KDC), relies heavily on DNS, so it's critical to discuss some key points about how to properly implement DNS on your system. First, Mac OS X Server can be a Domain Name Server. That is, it can translate its IP address(es) into names and back. If your organization already has a Domain Name Server, it's imperative that you have the DNS administrator add zone records for your server. Zone records are text files kept on a DNS that convert names to IP addresses and IP addresses to names. Many zone records can be used, but this chapter discusses forward and reverse records. If nothing else, you must have both forward and reverse records for your Mac OS X Server if you wish to use it as an LDAP server and a KDC (these particular records are known as A records and PTR records, and they will be shown later in this chapter). If you don't have control of the Domain Name Server in your organization, ask the administrator to enter both forward and reverse records for your Mac OS X Server. You'll need to give the administrator the following information: The name of your server means the host name, as listed in the /etc/hostconfig file. You gave your computer a host name when you initially set it up. Refer to Chapter 3, "Open Directory," for more information. What if you have the ability to become your own Domain Name Server? How do you translate the IP address of your computer to its host name? It starts with the initial setup. If your Mac OS X Server is going to host the example.com domain, then the host name of the server should be the name of the computer plus the domain. For instance, if the computer is named xserver, and it will be the computer that hosts the example.com domain, then the host name when setting up the computer is xserver.example.com. You enter this host name when the server is set up initially. But just setting up the initial host name isn't enough. After the server has been through the initial setup, you must run a Domain Name Server on your Mac OS X Server before you promote your server to a master (see Chapter 3). |
To set up simple forward and reverse zone records: 1. | Open the Network Preference pane, and ensure you have the proper IP address, subnet mask, and router address (Figure 6.1).
| 2. | Launch the Server Admin tool from /Applications/Server, and authenticate as the administrator (Figure 6.2).
| 3. | Choose the DNS service from the Computers & Services list (Figure 6.3).
Notice the four tabs at the bottom of the window:
Overview shows whether the service is running and the current number of zones (Figure 6.4).
Log displays the DNS log (Figure 6.5).
Activity lists the number of requests and zone transfers, which allows other servers to see your zone files (Figure 6.6).
Settings displays three more tabs:General, Zones, and Logging. There are six types of logging. You can also restrict zone transfers and increase security with your DNS service (by turning off recursion) (Figures 6.7, 6.8, and 6.9).
| 4. | Select the Zones tab, and view the preset zones for loopback (127.0.0.1).
Click the Add button to add a new zone (Figures 6.10 and 6.11).
| 5. | Enter the zone name (in this case, example.com.) and the Source of Authority (SOAthe name of the computer running the zonein this case, xserver.example.com.) (Figure 6.12).
Enter an email address at the zone listed. Because Mac OS X Server uses BIND 9, you can use the @ symbol here, although a period will also suffice.
Click Save, and entries will appear in the Zone window and the Records window. This is the namespace record (Figures 6.13 and 6.14).
| 6. | Click the Add button under the Records window.
A drop-down dialog appears. Choose Address record (A) type from the menu.
| 7. | Do the following (Figure 6.15):
- In the "Map from" box, enter the fully qualified domain name, such as xserver.example.com. (with the period at the end).
- In the "Map to" field, enter the IP address of the server (without a period).
- Select the "Create reverse mapping record" check box. This is very important: It creates the record that maps the IP address back to the name.
You now have two zone records: a forward zone record and a reverse zone record, as indicated by the Zones list (Figure 6.16).
| 8. | Click the Save button and then the Start Service arrow button to start the DNS service (Figure 6.17).
| When you're entering data into zone files, it's important to remember to add a period to the end of any lines that have text in them. Failure to add a period at the end of each line will result in DNS not working properly, subsequent failure of the KDC to start, and potentially other problems as well. |
Checking your work It's important that you double-check your DNS settings before you move on. Problems with DNS records will cause problems elsewhere in the system. A good rule of thumb is to get your DNS house in order before turning on any other services or promoting your machine to a master. To check your DNS handiwork: 1. | After starting the DNS service, head back to your Network Preference pane, and enter the DNS IP address and the search domain (Figure 6.18).
| 2. | Open the Terminal application on your server, located in /Applications/Utilities.
Type hostname and press the Return key to return your fully qualified domain name, such as xserver.example.com (Figure 6.19).
| 3. | Copy the returned text.
On a new Terminal line, type host, press the spacebar, paste in your fully qualified domain name, and press Return (Figure 6.20). Your IP address is returned.
| 4. | Copy your IP address.
On a new line, type host, press the spacebar, paste in your IP address, and press Return to see your IP address resolve to your domain name (Figure 6.21).
This confirms that your computer sees itself correctly; you are now assured that the basic DNS setup is working properly. Additional testing is needed if you have aliases, Mail Exchange (MX) records, or other types of zone records.
| Adding other DNS record types There are plenty of other record types that you may need to add to your DNS service: For example, you may want to add a Web server record or a mail server record. Maybe your server needs to have two names answer to the same IP address. These are all reasons to add records to your zone file. To add other record types to your zone file: 1. | Launch the Server Admin tool from /Applications/Server, and authenticate as the administrator (Figure 6.22).
| 2. | Choose the DNS service from the Computers & Services list.
Select the Settings tab and then the Zones tab (Figure 6.23).
| 3. | In the Records in Zone window, click the Add button to add a new record.
A drop-down dialog appears (Figure 6.24). In this case, you're adding an alias record for a Web server.
| 4. | Save the changes, and stop and start the DNS service by clicking the Stop Service button .
Click Start Service to restart the service (Figure 6.25).
Depending on your DNS configuration, you may still need to add an address record for your Web server.
| Tip Usually, the DNS service restarts itself and rereads the DNS zone files when you click Save. However, due to the critical nature of DNS, stopping and starting the DNS service ensures a proper rereading of the files. This isn't the last word on DNS. Setting up and running a Domain Name Server is one of the most critical pieces of a sound network infrastructure. If running a DNS service is one of your primary job responsibilities, take the time to learn more about other options that can affect the security and performance of your DNS server. Apple's interface for setting up and managing DNS (the Server Admin tool) provides a fraction of what can be added and manipulated via the text files that are created when configuring DNS. Those files are as follows: |
The most popular types of zone records are address records, alias records, and mail exchange records: Mail Exchange records are used when you're setting up a mail server. Alias records are used for Web servers. Address records are used to define other machines. An abundance of material is available on DNS and the process behind it, called Berkeley Internet Name Domain (BIND). Try the Glossary pages at http://www.menandmice.com/online_docs_and_faq/glossary/glossarytoc.htm. |
|