Recent Posts

Pages: 1 2 [3] 4 5 ... 10
El Capitan Server - Foundation Services / Typos - Chapter 2 pg 36 & 38
« Last post by illitrate on September 09, 2016, 05:47:42 AM »
In Chapter two there are a couple of places that link to the SSL Certificate section as "Section 6"
The SSL Certificate section is actually Section 5. The links take you to the right place, but the text of the link says 6.

Just thought i'd mention it in case there's a new version of the books coming out soon for Sierra ?
Added a new section on Password Policy and how to override global policy at the user level.  Imagine, no more locked out Directory Administrator accounts.
I think I see some of the issues that you may be facing. 

In test one, you have computer 2 run NSLookup.  But the DNS server it is talking to is the Airport at address  You want it to ask the server at  This is likely because your DHCP server is not delivering your server's IP address as the primary DNS server. 

In the case of the server's nslookup, it appears you have two A records defined.  You have the one for the LAN address and another for the public address.

Now the big question.  You are naming the server www.  Is this server going to be your web server?  Or, do you already have an external web server that you need to access from the LAN?

If you would like, this might be easier over the phone and with a remote session.  If you want, we can chat about it and I can demo the process rather quickly.  What time zone and availability do you have?

If you would like, we can schedule a time to
Thank you for the prompt response and I do appreciate the assistance.  I have vols 1 and 2 of your El Capitan Server book.  They are excellent guides but if things do not work based on the standard instructions (most probably attributable to operator error), I do not have the experience to successfully trouble shoot.  My initial goals in setting up the server are (1) to learn about server configuration and services and (2) to run VPN and (3) file sharing from the server.

My setup up is a AEBS standing in front of the mac mini running El Capitan and Server 5.0.15.  Comcast is the ISP and the AEBS serves as the DHCP servers and connects to the cable modem. 

I own a domain ( and have set the A records (for and to the IP address assigned by Comcast (

On the mini, I changed the manually assigned Lan address for the computer to (System Preferences > Network > iP Address)  so that it is outside of the DHCP range from which the AEBS assigns addresses.  Based on Galley 3.2 from your book, for DNS Servers (System Preference > Network >Advanced> DNS Servers) I have (the mini's Lan address) and (OPEN DNS).  For Search Domains:

A computer 2 (other than the mini, same network), Network Utility>Lookup both and reports  Network Utility>Lookup for reports a comcast address (

computer 2, when I run nslookup", it reports
Server: [the address of the AEBS]

Non-authoritive answer:     canonical name =

On the mini, when I run "nslookup",  it reports

On the mini, when I run "nslookup", it reports

Address: name =

On the mini, Network Utility>Lookup both and reports 

Network Utility>Lookup for reports: ->

On Server>DNS, , the service is toggled to "On" and the status now shows
[greendot] Set your network DNS settings to to use this server

On Server>Overview> Internet
[greendot] Reachable at, no services available.

When I try to reach the or from other computers, the connection times out.

Your guidance and instruction is appreciated.

Welcome and thanks for reading.  I hope it is helpful.

So, you have a fixed address of the device at  This is a LAN address, not a public address.  (This address should NOT be in your DHCP range.)  I will assume you are deploying your server behind a firewall/modem and not placing it directly on the Internet.

Ok, if this is the case, then you will want to employ split horizon DNS to ensure that LAN clients and WAN clients can access resources from the server using the same name.  Here is how this works in brief.  Let's say the server's name is  When devices join your LAN, they will get an IP address in the 10.0.1.x/x range.  They should also be served your server's IP address as the primary DNS server.  Thus, when a LAN client asks for resources on the answer will come from your server and be  Ah, but once those devices leave your environment, then will not have access to your LAN.  They must reference a public DNS server which will point to your WAN's public IP address (and then you will use NAT or PAT forwarding to allowing specific packets into your network.

So I think the question becomes, where is your server sitting?  On the WAN or behind a firewall on the LAN?  If DNS service is showing a public address, then I would suspect you are deploying the server on a WAN address, not behind a firewall.

Let's start there and see if we can sort you out.

Following you admonition, I have spend a lot of time trying to get the DNS setting correct.

I have the server setup using the manually assigned address  [set in the DHCP server and input in the network setting for the mac running the server app]. With the Server app running, when I select the Advanced>DNS, the window opens and shows "Status: [image of green light] Set your network DNS settings to XX.XXX.XXX.XXX [the ISP issued IP address] to use this server"   I am uncertain if I need to make any changes and if so what what settings to change.  Your help is appreciated.

Took some time off for the holidays.  Still getting back into the swing of things. 

Advanced Services is available now.  Added a lot of content to system imaging.  The Web chapter is on schedule for January release.
El Capitan Server - Foundation Services / Re: Typo - page 43
« Last post by Reid Bundonis on December 29, 2015, 05:27:44 PM »
Thanks again!  Any and all typos, please let me know.  It is amazing how many time I read through it and how many things I find something I missed.  That one is so obvious I am smacking myself in the head.
El Capitan Server - Foundation Services / Re: Feedback on DHCP section of book
« Last post by Reid Bundonis on December 29, 2015, 05:24:37 PM »
Thank you for the feedback and welcome to the forums!  I've toyed with the idea a number of times but always keep that content out.  One of the reasons is the one feature I want to work, option code 81, is not respected by Apple's implementation of bootpd.  I have a number of corporate clients that tie DNS and DHCP together and then Macs are always causing chaos with workflows based on names.

Since I've already started on some of this content, I will dust it off and consider it for the next update.  Thanks again.
El Capitan Server - Foundation Services / Feedback on DNS section of book
« Last post by FromOZ on December 29, 2015, 11:43:44 AM »
On page 80 there is the statement

"If the Forwarding Servers' setting does not contain an external DNS server, your server will not be able to resolve names outside of your LAN."

Strictly speaking this is obviously not correct — BIND, the DNS server in OS X Server, can do name resolution by directly querying (recursively) responsible name servers on the Internet. Of course this will not be as fast as going through a (close) public name server which will have records for almost all major domains cached, but I think for completeness and accuracy it is better to explain the complete DNS setup and then specify — as a best practices suggestion — to use a forwarding server.

It would also be good to explain DNS split horizon as that is something — by virtue of having an internal (LAN) DNS server answering Internet legal domain names with non-legal (private) IP addresses — all OS Server admins will be setting up. Which is obviously a good thing so as clients go out and in of the LAN, resources like mail servers, which were (should) defined using hosts names, not IP addresses, will be seamlessly available.
Pages: 1 2 [3] 4 5 ... 10