Author Topic: DNS - Manually assigned (DHCP) Address on Local Network vs IP Address from ISP  (Read 665 times)

PDJSF

  • Newbie
  • *
  • Posts: 2
    • View Profile
Following you admonition, I have spend a lot of time trying to get the DNS setting correct.

I have the server setup using the manually assigned address 10.0.1.160  [set in the DHCP server and input in the network setting for the mac running the server app]. With the Server app running, when I select the Advanced>DNS, the window opens and shows "Status: [image of green light] Set your network DNS settings to XX.XXX.XXX.XXX [the ISP issued IP address] to use this server"   I am uncertain if I need to make any changes and if so what what settings to change.  Your help is appreciated.

Thanks,
PDJ

Reid Bundonis

  • Administrator
  • Full Member
  • *****
  • Posts: 107
    • View Profile
Welcome and thanks for reading.  I hope it is helpful.

So, you have a fixed address of the device at 10.0.1.160.  This is a LAN address, not a public address.  (This address should NOT be in your DHCP range.)  I will assume you are deploying your server behind a firewall/modem and not placing it directly on the Internet.

Ok, if this is the case, then you will want to employ split horizon DNS to ensure that LAN clients and WAN clients can access resources from the server using the same name.  Here is how this works in brief.  Let's say the server's name is server.pdjsf.com.  When devices join your LAN, they will get an IP address in the 10.0.1.x/x range.  They should also be served your server's IP address as the primary DNS server.  Thus, when a LAN client asks for resources on server.pdjsf.com the answer will come from your server and be 10.0.1.60.  Ah, but once those devices leave your environment, then will not have access to your LAN.  They must reference a public DNS server which will point server.pdjsf.com to your WAN's public IP address (and then you will use NAT or PAT forwarding to allowing specific packets into your network.

So I think the question becomes, where is your server sitting?  On the WAN or behind a firewall on the LAN?  If DNS service is showing a public address, then I would suspect you are deploying the server on a WAN address, not behind a firewall.

Let's start there and see if we can sort you out.


PDJSF

  • Newbie
  • *
  • Posts: 2
    • View Profile
Thank you for the prompt response and I do appreciate the assistance.  I have vols 1 and 2 of your El Capitan Server book.  They are excellent guides but if things do not work based on the standard instructions (most probably attributable to operator error), I do not have the experience to successfully trouble shoot.  My initial goals in setting up the server are (1) to learn about server configuration and services and (2) to run VPN and (3) file sharing from the server.

My setup up is a AEBS standing in front of the mac mini running El Capitan and Server 5.0.15.  Comcast is the ISP and the AEBS serves as the DHCP servers and connects to the cable modem. 

I own a domain (www.mydomain.com) and have set the A records (for www.mydomain.com and server.mydomain.com) to the IP address assigned by Comcast (98.210.135.xxx).

On the mini, I changed the manually assigned Lan address for the computer to 10.0.1.221 (System Preferences > Network > iP Address)  so that it is outside of the DHCP range from which the AEBS assigns addresses.  Based on Galley 3.2 from your book, for DNS Servers (System Preference > Network >Advanced> DNS Servers) I have 10.0.1.221 (the mini's Lan address) and 207.67.222.222 (OPEN DNS).  For Search Domains: mydomain.com

A computer 2 (other than the mini, same network), Network Utility>Lookup both www.mydomain.com and server.mydomain.com reports 98.210.135.xxx.  Network Utility>Lookup for 98.210.135.xxx reports a comcast address (c-98-210-135-xxx.hsd1.ca.comcast.net).

computer 2, when I run nslookup www.mydomain.com", it reports
Server: 10.0.1.1 [the address of the AEBS]
Address: 10.0.1.1#53

Non-authoritive answer:
www.mydomain.com     canonical name =  mydomain.com.
Name:  mydomain.com
Address: 98.210.135.xxx

On the mini, when I run "nslookup www.mydomain.com",  it reports
Server: 10.0.1.221
Address: 10.0.1.221#53

Name: www.mydomain.com
Address: 10.0.1.221 
Name: www.mydomain.com
Address: 98.210.135.xxx
 
On the mini, when I run "nslookup 10.0.1.221", it reports

Server: 10.01.1.221
Address: 10.0.1.221#53
221.1.0.10.in-addr.arpa name = www.mydomain.com

On the mini, Network Utility>Lookup both www.mydomain.com and server.mydomain.com reports 98.210.135.xxx. 

Network Utility>Lookup for 98.210.135.xxx reports:
98.210.135.xxx -> c-98-210-135-xxx.hsd1.ca.comcast.net.

On Server>DNS, , the service is toggled to "On" and the status now shows
[greendot] Set your network DNS settings to 10.0.1.221 to use this server

On Server>Overview> Internet
[greendot] Reachable at www.mydomain.com, no services available.

When I try to reach the www.mydomain.com or 98.210.135.xxx from other computers, the connection times out.

Your guidance and instruction is appreciated.


 

Reid Bundonis

  • Administrator
  • Full Member
  • *****
  • Posts: 107
    • View Profile
I think I see some of the issues that you may be facing. 

In test one, you have computer 2 run NSLookup.  But the DNS server it is talking to is the Airport at address 10.0.1.1.  You want it to ask the server at 10.0.1.221.  This is likely because your DHCP server is not delivering your server's IP address as the primary DNS server. 

In the case of the server's nslookup, it appears you have two A records defined.  You have the one for the LAN address and another for the public address.

Now the big question.  You are naming the server www.  Is this server going to be your web server?  Or, do you already have an external web server that you need to access from the LAN?

If you would like, this might be easier over the phone and with a remote session.  If you want, we can chat about it and I can demo the process rather quickly.  What time zone and availability do you have?

If you would like, we can schedule a time to