Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another DNS question...

At 11:35 AM -0500 11/23/05, Dan Shoop wrote:
At 7:14 PM -0500 11/22/05, Bret Alan wrote:
At 4:59 PM -0500 11/22/05, Dan Shoop wrote:
At 11:10 AM -0600 11/22/05, Brendan O'Toole wrote:
In other words, if you're not sure how to drive, stay off the road. It's not like you can't get someone with experience to host your DNS for you. Most NSPs provide DNS hosting for their networks gratis. For those that need hosting, hosting providers abound. In most cases ppl don't need to or shouldn't be running their DNS locally.

Except anyone running NAT who needs resolution of internal addresses, which the OP is...

You don't need DNS for NAT.

I think they he means, if you want to resolve internal, private range IPs, you need to setup DNS, which I have done with help from this group for all my schools in the past.

If you want DNS, then yes, you want DNS. But neither NAT nor OS X Server requires it. OS X Server prefers (very, very strongly) that you have DNS, but all it really needs is resolution of some kind. DNS is just the most common way to do this.

I have been told many times by this list and others (and by you, I believe) and correctly so, that many features of OS X Server will fail without proper running DNS, or at least a correctly working forward and reverse lookup of the server's host name itself. As a matter of fact, I've been chastized for not having a working DNS setup, again, on either on this list or macosx-admin.

My personal experience has backed this up. Just one example: none of our Windows XP clients can get a DHCP assigned address from our OS X Servers without DNS up and running. Why, I don't know, but it's an easily reproducable issue.

So, we've been running our bogus .lan domains for the last year, with no issues we are aware of.

But you still haven't answered my biggest question: if blocking port 53 is just a bandaid for preventing DNS leakage of our private zones, what else should we be doing?

If that question is too complicated to answer briefly, then we'll have to live with blocking incoming DNS requests, while I re-read DNS & Bind.

Thanks.

Bret

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Re: Another DNS question... (From: Dave Pooser <email@hidden>)
 >Re: Another DNS question... (From: Bret Alan <email@hidden>)
 >Re: Another DNS question... (From: Dan Shoop <email@hidden>)
 >Re: Another DNS question... (From: "Brendan O'Toole" <email@hidden>)
 >Re: Another DNS question... (From: Dan Shoop <email@hidden>)
 >Re: Another DNS question... (From: Bret Alan <email@hidden>)
 >Re: Another DNS question... (From: Dan Shoop <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.