Configuring Mac Server DNS

FQDN: SERVER.company.local

did you mean FQDN: SERVER01.company.local ?

Yes I did - sorry.

I have done a few tests like:
sudo changeip -checkhostname
hostname

Both are successful - below is actual message I get.

I did try this one but was not 100% on <KERBEROS.REALM.ALL.CAPS> value. How do I figure this one out?

hmmm, even after completing above I still get this same error.

Any ideas on restarting over DNS?

It would be COMPANY.LOCAL -
but before you get too far, are you married to the idea of using a ".local" domain? If not, it's best in a Mac network to use something else (I like ".lan"), because Apple's Bonjour use the .local top-level domain to advertise services on the LAN.
See:
http://labs.hoffmanlabs.com/node/1603

I did see that recently ... like today after I had built server.

Definitely not married to it, so happy to change but is this a re-build?

should not have to rebuild, but my mind is getting too groggy, and I need to go to bed. You should be able to change it to a standalone server and then go from there with the changed domain name. Worth a try, anyway, before rebuilding.
Good night, and good luck.

Cheers schaps ..... I think a rebuild is fine as this is a brand newy so no migration/restore.

Will let you know how I go.

I am referring more to the DNS Service rather than adaptor settings.

to make it easier answer this question: what IP do you have entered in System Preferences / Network / DNS

OK, so I have rebuilt Server so can not confirm what my settings were, but my new settings are:

System Preferences > Network > DNS Server: 127.0.0.1
DNS > Accept recursive queries from the following networks: localnets
DNS > Forwarder IP Addresses: 203.129.32.147, 202.55.145.2 (ISP DNS)

See below for DNS Zones.
 
I simply let the Setup Wizard set this up - the only thing I changed during setup is DNS was set to ISP Servers, and changed to 127.0.0.1.

Open Directory I decided to setup during setup and looks good now.

Any comments?

If Open DIrectory looks good are you still getting the kerberos error? In the grand scheme of things do you need to Kerberise the server? What are you trying to acheive?

If it's all working, I'd simply comment 'congrats.'
:)

Yeah I think we are all good now - I had been following some training videos on Lynda.com which led me to the original issue. As much as I hate rebuilding to resolve an issue, in this case I am happy to not dig too deep to find the root cause.

Cheers for your comments.

What am I trying to achieve ....... setting up a Mac Server for Home Business Use. Deal with Windows Servers everyday, so trying to expand the skillset but also provide some functionality in a VPN to share files and perhaps host my own Mail and a Wiki for keeping documentation on each of my clients.

Any recommendations?

Of course indeed - well done.

Thank you all for your input.

Root cause not found, but a rebuild of Server and used Setup Wizard to configure.

I'd argue that your DNS is wrong - the snow leopard installer will create it wrong for you.

If the server name is CBRDC01.RBDSOLUTIONS.LAN  then the zone should just be RBDSOLUTIONS.LAN you will then have an A record in that zone for CBRDC01

Likewise, the reverse zone should just be 200.168.192.in-addr.arpa with a PTR record in that zone of 10 for your server.

Does that make sense?

You must correct this now - dns is the foundation of all services.

gmbaxter - This is what the videos had also said.

So I have adjusted the for RBDSOLUTIONS.LAN, but after Removing record from Reverse Zone, how do I add correct PTR?

In Server Admin, Server--> Export all your settings and preferences, back them up elsewhere. Wouldn't hurt to use SuperDuper or CCC to make a complete image.
It sounds like it will be exposed to the Internet, so be sure to check security often "Shields up!" at http://www.grc.com/default.htm is good.
Have fun.

You should be able to simply select your reverse zone, then select add record, input its name and IP address.

Nope - Add Record is greyed out:
 

You should be able to simply select your reverse zone, then select add record, input its name and IP address.

I believe OS X Server manages the reverse zone for you. Not as flexible, but in some ways more reliable. Dare I say "Goof proof"?

Well not so goof proof if I can remove a record but not add one. hmmmmm I feel another rebuild coming on.

No, just redo the zone at most...

So how to create a Reverse Zone ..... Creating a Primary Zone seems straight forward, but re-creating a Reverse Zone is a small mystery to me.

Rebuild started .... I will backup Server Settings first then look at modifying Reverse Zone.

Create zone, add a record, reverse zone is not created?

Zone Type states 'Primary Zone' and not sure where I would change to Reverse Zone.

I know I missing something really simple here, but have not woken up yet :)

You available on IM at all?

You just create the primary zone first. Adding a host creates the reverse zone. Try it with the 'example.com.' Domain it defaults to, don't change anything, just add imaginary ip for the nameserver field (it will tell you if you missed something).
When primary example.com is created,then add first host, reverse should appear. Then do same thing with real domain, and if reverse zone is NOT auto-created, the something is goofed up. Try a restart before anything drastic.

Ok, so back to a fresh build.

Now I have exported Server Settings and updated Primary Zone from CBRDC01.RBDSOLUTIONS.LAN. to RBDSOLUTIONS.LAN. but wanted to confirm the change I should be making in Reverse Zone .... attached is current state which seems correct in my inexperienced-DNS mind.

 

looks good, but does it work?

How can I test DNS to be 200% sure as I know it is critical core service?

You have another computer on the network pointing to your new server for DNS? Then lots of tips here:
http://labs.hoffmanlabs.com/node/1347
The article is written regarding OpenVMS, but it's also applicable to OS X Server.
Important is that the network clients only point to the OS X server for DNS, they do not have external DNS referenced. Only the server should have the ISP's DNS Server IPs as forwarders.

Yes that picture looks correct now.

Are there any DNS tests that you are aware of that I should do?

Are there any DNS tests that you are aware of that I should do?

Not sure whom you were addressing, but the link I posted last lists a bunch of ways to test DNS.

Less caffeine and some sleep may help me read all posts :)

Cheers schaps!