Skip to content
{ 2005 07 29 }

Mac OS X Server 10.4 – Administering DNS

The scenario that I want to support is that of a typical small Internet-aware company. We run several domains, some customer domains acting as a DNS service provider for them, some private vanity domains, and one recording our main servers including our (self managed) mail service. Our ISP provides secondary DNS service and secondary MX service only (apart from connectivity, of course). MacOS X Server isn’t an out of the box fit in this case – which is surprising.

Server seems to be better adjusted for the medium size company that does it all in-house, including fall back mail service and secondary DNS. For this hypothetical company, for the supported configuration to be viable, they must have multiple sites with different ISPs. This isn’t ideal for us, because to support several facilities, we have to hand-edit the config files and abandon Server Admin, or to use sub-optimal constructs.

Server Admin allows us to start, stop, monitor logs, and configure records for DNS. This is fine provided that the machines all have an A record. This isn’t the case for several situations: for example, you implement a dynamic DNS typically by using a CNAME pointing to the record at one of the service providers, like this:

mundane IN CNAME kemayo.dyndns.org.

CNAME is only supported when the A address is in your domain – which is not going to be the case for fall-back MX or DNS servers. In our situation, these are all at our ISP. We hacked our way around this by adding an A record for our ISP machines into each domain; this is bad, because we can’t support dynamic servers, we have to change every zone file when our ISP changes an IP address, and it’s just plain horrible.

To manually maintain zone files, you need to edit /etc/named.conf to include this:

allow-update { none; };

in each zone clause. This disables the edit controls for that zone in Server Admin.

I am trying to stick with using Server Admin to maintain our zone files; only two domains that use dyndns currently have forced us to use manual maintenance.

As of the date of writing, this DNS isn’t live. There is one further stage to complete before I throw the switch: Mail service.

Posted by paul on Friday, July 29, 2005, at 3:30 pm. Filed under Server Side. Tagged , , . Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog.

Post a Comment

Your email is never published nor shared. Required fields are marked *