| DNS is an acronym for both Domain Name System and Domain Name Server. DNS is widely used but widely misunderstood. The Domain Name System is used to make the Internet easy to navigate. Instead of typing numbers like http://17.254.0.91, you type http://www.apple.com; both addresses go to the same place, but the second is certainly much easier to remember. In order for DNS to work, Apple Computer must have a computer that is in charge of the DNS domain apple.com, which in turn lists computers under its domain such as www.apple.com, training.apple.com, train.apple.com, and so forth. Let's back up a bit. Suppose you wish to find a Web site, let's say www.afp548.com. You'd probably start by searching the .com domain, which tells you where afp548.com is, which, in turn, tells you where www.afp548.com is located. That computer is running a Web server and responds to your request by giving you back Web pages. Or you may type in ftp.afp548.com in Connect to Server and the same process would take place, finally connecting you to the FTP port (port 21) of afp548.com. This concept works because almost all devices on the Internet that have an IP address associate that address with a name. This, in a nutshell, is how the Domain Name System works. Registering Your Server If you don't have control of the Domain Name Server in your organization, ask the administrator to enter both forward and reverse records for your Mac OS X Server. You'll need to give the administrator the following information: The name of your server means the hostname, as listed in the /etc/hostconfig file. You gave your computer a hostname when you initially set it up. Refer to Chapter 3, "Open Directory," for more information. What if you have the ability to become your own Domain Name Server? How do you translate the IP address of your computer to its hostname? It starts with the initial setup. If your Mac OS X Server is going to host the example.com domain, then the hostname of the server should be the name of the computer plus the domain. For instance, if the computer is named xserver, and it will be the computer that hosts the example.com domain, then the hostname when setting up the computer is xserver.example.com. You enter this hostname when the server is set up initially. But just setting up the initial hostname isn't enough. After the server has been through the initial setup, you must run a Domain Name Server on your Mac OS X Server before you promote your server to a master. |
About DNS and Mac OS X Server Mac OS X Server, when running as an LDAP server and a Kerberos Key Distribution Center (KDC), relies heavily on DNS, so it's critical to discuss some key points about how to properly implement DNS on your system. If you are not running DNS on your Mac OS X Server, it is still important that you understand how DNS works. You will need to keep your DNS administrator apprised of any changes to your system so they can properly update the DNS records on their DNS servers. First, Mac OS X Server can be a Domain Name Server. That is, it can translate its IP address(es) into names and back. If your organization already has a Domain Name Server, it's imperative that you have the DNS administrator add zone records for your server. Zone records are text files kept on a DNS server that convert names to IP addresses and IP addresses to names. Many zone records can be used, but this chapter discusses forward and reverse records. If nothing else, you must have both forward and reverse records for your Mac OS X Server if you wish to use it as an LDAP server and a KDC. These particular records are known as A records and PTR records, and they will be shown later in this chapter.  Tip
Before creating an Open Directory master, it is imperative that DNS be on one box within your organization and have records for your server (this can, of course, be the server that is the OD master) if you wish to take advantage of everything an Open Directory master has to offer. A good rule of thumb is to get your DNS house in order before turning on any other services or promoting your machine to a master.
To set up simple forward and reverse zone records 1. | Select System Preferences from the Apple menu and click on the Network icon to open the Network Preference pane. Enter the proper IP address, subnet mask, and router address for your server, if it is not entered already (Figure 6.1).
Figure 6.1. Check your network preferences before you proceed with setting up DNS. 
| 2. | Launch Server Admin and select the DNS service for your server in the Computers & Services list.
You'll use Server Admin for most of the exercises in this chapter, so leave it open.
| 3. | Click Settings, select the General tab, and click one of the following check boxes (Figure 6.2):
- Zone transfers allows for the DNS zone information on this server to be copied to another server, in case this DNS server stops responding.
- Recursion allows for lookups outside of the domain itself and responds with whatever it finds. Recursion is global to the server. If you are running more than one domain and one is internal and one external, you should turn it off for domains that are internal only and turn it on for servers that must face the outside world.
Figure 6.2. Launch the Server Admin tool, and choose the DNS service from the service list. 
| 4. | Select the Zones tab to configure a basic zone (Figure 6.3).
Figure 6.3. The Zones tab lets you view zone data. 
| | | 5. | Click the plus button to open the Editing zone dialog, where you can enter the following information (Figure 6.4):
- The name of the zone you want to add
- The name of the machine hosting the zone
- The IP address (if the server is configured with more than one) associated with the zone
- Additional DNS servers that will host this zone
- Administrator email address
- The "time to live" for the individual records
Figure 6.4. Entering default zone data for the DNS service. 
| 6. | Click Save and then click Start to start the DNS server.
You may have to click Start twice the first time you start your DNS server.
| 7. | In the Network preference pane, enter your own DNS server and search domain so that the server can locate itself (Figure 6.5).
Figure 6.5. Adding DNS and search domain information to the Network preference pane. 
| 8. | To test your work, open the terminal on your server, type hostname, and press Return.
This should return the fully qualified domain name of your server. If it doesn't, you may have to stop and start the DNS service and repeat this step again.
| 9. | Type the word host, followed by the result of the hostname command, and press Return.
This resolves the name to the IP address and should show the proper IP address associated with the name.
| 10. | Type the word host, followed by the IP address result from the first host command.
This resolves the IP address back to the name, ensuring that both forward and reverse records are functioning properly.
| 11. | If everything resolved correctly, close the Terminal.
|
Adding extra DNS records In addition to setting up simple DNS records to become a self-serving Open Directory master (that is, not relying on another server to do DNS for you), having mail services is yet another reason to run DNS. To add a Mail (MX) Exchange record to your DNS service, refer to Chapter 8, "Enabling Mail Services." There are other services to offer, such as Web, FTP, and AFP, to name a few. You may wish to set up aliases for these records. Aliases allow more than one name in a domain to point to the same IP address. In this fashion you can have www.osxit.com, www2.osxit.com, afp.osxit.com, and so on, all pointing to mini.osxit.com, which is resolving to 216.168.61.184. There are plenty of other types of records you can have, such as the following: Address records Pointer records Namespace records Text records
There are several other entries that can be made inside of your DNS zone file, which are beyond the scope of this book. For more information about DNS, you can point your browser to: www.menandmice.com/online_docs_and_faq/glossary/glossarytoc.htm. Hit Records The most popular types of zone records are address records, alias records, and Mail Exchange records: Mail Exchange records are used when you're setting up a mail server. Alias records are used for other services, (commonly for Web servers). Address records are used to define other machines.
An abundance of material is available on DNS and the process behind it, called Berkeley Internet Name Domain (BIND). Try the Glossary pages at www.menandmice.com/online_docs_and_faq/glossary/glossarytoc.htm. |
To add a Web alias record 1. | In Server Admin, select the DNS service for your server in the Computers & Services list.
| 2. | Click Settings and then select the Zones tab and double-click your zone (as seen in Figure 6.3) to open the Editing zone dialog.
| 3. | Select the Machines tab and double-click the record below to view any aliases (Figure 6.6).
Figure 6.6. Viewing the Machine records tab of the default zone file. 
A new window appears, showing any aliases associated with that record and giving you options to add more (Figure 6.7).
Figure 6.7. Viewing machine record data and associated information. 
| 4. | Click the plus button and add the name that you want others to type (preceding your domain name) to access your server, and then click OK (Figure 6.8).
Figure 6.8. Adding a Web alias to the main zone record. 
| 5. | When you've finished making changes, click Save.
|
DNS logs It is important to have DNS logging turned on and active, so that you can troubleshoot DNS issues that may plague your server. To turn on DNS logging 1. | Select the DNS service for your server in the Computers & Services list, click the Settings button, and then select the Logging tab.
| 2. | Enter a location in the Log Location field and choose Errors from the Log Level pop-up menu (Figure 6.9).
Figure 6.9. The Logging tab lets you change the location of the log file and logging details. 
| 3. | When you've finished making changes, click Save.
| 4. | Check the Log tab for errors relating to your DNS service, such as a zone file not loading (Figure 6.10).
Figure 6.10. Viewing the DNS log file for errors or possible attacks is critical for proper DNS management. 
|
DNS for Life This isn't the last word on DNS. Setting up and running a Domain Name Server is one of the most critical pieces of a sound network infrastructure. If running a DNS service is one of your primary job responsibilities, take the time to learn more about other options that can affect the security and performance of your DNS server. The Apple interface for setting up and managing DNS (Server Admin) provides a fraction of what can be added and manipulated via the text files that are created when configuring DNS. Those files are as follows: |
|
