redpaw.co.uk

Applicable to Panther server, version 10.3.5 at time of writing.

This is the basics for a domain "example.com" where the server is called "server.example.com" and has a local static IP 10.0.0.1. Don't type the quotation marks used to indicate an entry ;-)

First, a note on using "." (period) to indicate Fully Qualified Domain Names (FQDNs) in DNS files:
If you look inside a zone file, all FQDNs are terminated with a period. A relative domain name (the subdomain part before the zone name) is indicated without a trailing period. E.g. "server.example.com." is a FQDN, "server" is a 'relative' name within zone: example.com.

Server Admin: DNS pane:
First take a copy of the default settings in case you need to get back to a clean start. Drag that little document icon on the bottom right corner of the Settings screen onto your desktop. To reload defaults, drag it back to settings screen.

General Pane: switch OFF Zone Transfers, keep ON Recursion.

Zones Pane:
Leave the 2 default zones (localhost and 0.0.127.etc)

Add: Zone Name: "example.com" (no trailing period - otherwise your zone file gets called "example.com..zone" !)
SOA (start of authority): "server.example.com." (trailing period)
Admin email: "admin.example.com." (trailing period) translates as admin@example.com

++++ FLAKEY GUI ALERT +++
Click 'OK', and then double click the zone name just added (example.com) to bring it back to the entry window, then 'OK' again.

That last part is required to force the GUI to write out the correct FQDN format for the NS (name server) entry for the zone. Otherwise it 'randomly' does not add the "." at the end of "example.com." in the first declaration for the NS record, which can screw up everything. Usually it will get 'accidentally' forced later when you are trying to figure out why it went 'wrong', but by that time you have started changing things needlessly. Swearing and flying objects rapidly follow.

Add record type: A (Address). From: "server" To: "10.0.0.1"
Click: Create reverse record (this is important!!!)

No trailing period for "server" is required as this is correctly a relative domain name. This is the recommended form for A records according to Apple documentation, particularly when using reverse records as well. I have seen some strange reverse zone entries when FQDNs are used in A records via the GUI.

That's it.

To ensure that changes are loaded, check the log after you hit 'save'. It should record that it reloads the zone file (with an advanced serial number). If in doubt, stop service, count 5, start service. It seems to be a bit hesitant when adding a new zone for the first couple of times in a new install.

Test THOROUGHLY on server and clients after this basic stage using Terminal.app with "dig server.example.com" and "dig -x 10.0.0.1". They should all resolve with an "Answer Section" and "Authority Section". The latter should show the NS record (the SOA) for the zone. Test an external query if required with dig apple.com.

Set your clients (usually via the DHCP server) to get the server's IP as their DNS server. Make sure you delete any other DNS ips in the client prefs.

Set server's own DNS settings to 127.0.0.1 (localhost). It will automatically send anything unknown out to the internet's 'root' servers via the router (which you should have set in Network prefs).

If you have other names for the same server (e.g. mail.example.com), best practice for this: use a 'Cname' record (an alias):
Add Record Type: CNAME From: "mail.example.com." To: "server.example.com." (both with closing periods).

If you want to look at the resultant zone files for learning or debugging, the named.conf is in /etc and the zone files are in /var/named. Once you get more proficient you will be tempted to ditch the GUI and edit the zone files directly.