On Feb 28, 2007, at 8:51 PM, Michael Sidoric wrote:
Proper DNS configuration is a complicated art...
but from our experience, if you are 'renting' an IP block -- as in
a colo situation --
you have authority to direct inbound DNS from your domain to any of
your assigned
IP's in that block, and many domain registrars and internet
providers offer a web
interface to 'manage' inbound DNS. This can also be done within
DNS on Tiger Server.
However, It is my impression that PTR (reverse DNS) is setup by the
authority of the
organization they are assigned to -- the ISP or provider.
Yes, but ... Read on.
When we had Time-Warner Business Class for our server, our PTR
records were always
screwed up -- and we lost mail because spam-filters caught the
inconsistency and
tagged much of our outbound mail as suspect because our mail server
IP DNS
did not match... Now that we are with a different (better) colo
provider -- our DNS
matches inbound and out (PTR) and we have NO problems.
Take a look at RFC 2317, "Classless IN-ADDR.ARPA delegation". (This
"in-addr.arpa" delegation is the reverse DNS that used PTR records.)
This describes ***A*** mechanism which allows the delegation of part
of a class C network. (Basic in-addr.arpa delegation operates on
eight bit network boundaries, the old Class-C networking idea, so
normal in-addr.arpa delegation mechanisms can't function on networks
smaller than eight bits.) What is done to provide this "classless
delegation" is to use DNS CNAME records to support the delegation.
Any decent ISP/network provider will be able to do this but you may
need to talk to them before they recognize that YOU know what you're
talking about.
(Please be aware that RFC 2317 provides just a mechanism for
delegating in-addr.arpa. The authors of this RFC are the first
people to say that there are other naming conventions possible and
that they only suggest one in this RFC. This RFC is only a guideline
for one possibility as to how to do this, there are other ways too!
Your ISP will tell you exactly what they will do and you have to
follow their directions. If you don't, it won't work and the only
person you will have to blame is yourself.)
Just my $ .02.
I wish that people would understand that DNS is an Internet
infrastructure protocol. If what you are worried about is naming
systems on your local network Apple provides a very simple
alternative to DNS with Bonjour.
There have been recent posts about configuring DNS for "split
horizons". If you are at a point where you need to consider "split
horizons" then you are well beyond the capabilities of using the
MacOS X Server Admin interface to manage this configuration. The
Server Admin interface provides very rudimentary capabilities for DNS
management and it shouldn't be expected to perform more complex
operations.
I would like to strongly suggest that anyone that needs to provide
DNS information to everyone/anyone on the Internet consider
outsourcing this service to an organization that is better set up to
provide reliable service. The organizations that I have dealt with
that provides these services are very reliable and quite
inexpensive. Trying to do this yourself is simply not worth the
expense and headaches in almost every situation that I have seen.
You can STILL provide DNS services only for your internal network.
But this DNS information is only provided for your internal users.
This type of service CAN easily be supported by the MacOS X Server
Admin interface.
Basically what I am trying to say is that anyone that really needs to
provide a complex DNS operation should NOT be relying upon the MacOS
X Server Admin interface to manage it. And if you are thinking that
you really need to have a setup that is more complex than what Server
Admin will support, then you really should re-think exactly what, and
why, you are trying to doing it. Most likely you really don't need
to do it in the first place.
If what you are talking about is configuring a DNS server to insure
that the MacOS X Server has it's fully qualified domain name mapped
to an IP address AND a DNS PTR record that maps this IP address back
to the same name, then this is quite simple and the Server Admin
interface will provide this with about sixty seconds of effort.
Just my $.02 worth. Take it for every penny that you paid me. ;>
Bill Larson
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
