The Intended Setup:
We want to be able to run the OSX provided Wiki, Calendar and Blog features of the WebService. In addition we want to also run Mercurial (http://mercurial.selenic.com/) and RefBase (http://www.refbase.net/).
We want to run:
- OSX services at
mephaa.xyz
- Mercurial at:
hg.mephaa.xyz
- Refbase at:
ref.mephaa.xyz
These sites are for our work group only, they need not be accessible to the outside world. But if in the process we can make our setup of such a nature that an invited guest could collaborate with us on our project and view our workgroups’s collaboration area that would be ok. We will be using the MacPorts version/method of running mercurial.
Aside: Since I originally started out to resolve this challenge I have acquired mephaa.org
, as a real registered domain.
Network layout:
We have a dynamic IP from our neighbor’s router. (We share the line and they are up stream. That is just the way things work in this location in Mexico. They are in turn connected to the ISP.)
The connection from the neighbor is hardwired to the WAN port on the Airport Extreme. The Airport Extreme is using NAT & DHCP (see settings below). I have 9 machines connected to the Airport. One of which is the MacMini server. It is the only one that is hard wired to the Airport. The rest are laptops that connect wirelessly.
The MacMini is assigned a stable IP address by the Airport Extreme based on its MAC address. The IP address for the server behind the firewall: 10.0.1.5.
The Settings on the AirPort Extreme:
The Challenge: As I presented it and discussed it on apple’s forums, on Nov. 20th.
Status: (Nov 20th)
We do not have an outside domain name that we have purchased. We just are using the name of the computer as it was set up during the install of the OSX.
I have the Wiki, Calendar and Blog features running at
macminimarlett.local
.
I can typemacminimarlett.local
in any web browser on the server side of the Airport Extreme and access the OSX provided WebServices (aka the wiki, blog and calendar.)I would like to make the mercurial repository available at:
hg.macminimarlett.local
I would like to make the refbase instance available at:ref.macminimarlett.local
These “additional” websites are hosted on the same machine as MacMiniMarlett.§1. So What must I do to get
hg.macminimarlett.local
to resolve at all to anything?
§2. So What must I do to gethg.macminimarlett.local
to resolve to my mercurial instance?Currently I can not get
hg.macminimarlett.local
to resolve at all. “Safari can not find the server”. But browsers do findmacminimarlett.local
.
This leads me to think that it is a problem with my OSX server settings not with my install of Mercurial.
Suggestions offered on the 20th:
- Do not use
.local
. - Do not use
.private
. - Change the domain to something other than the computer name.
- Computers on the LAN can find
macminimarlett.local
because of bonjour. Not because of any special DNS entry.
We dropped the .local
and the .private
and switched to mephaa.
instead of using macminimarlett.
. I left the macminimarlett.
zone in the DNS records just incase. This leads us to the server settings on Nov. 21st.
To this point I had been assuming that .private
in the DNS registry was being translated to .local
in the bowsers. This was an errant assumption.
Server Settings: Nov 21st
Suggestions received from John on Nov. 21st:
Your DNS is incorrect. Run the terminal command:
sudo changeip -checkhostname
You need to get this sorted out because it effects a lot services.Here’s the crash course version: the
.
(period) at the end of the domain name means it is a full qualified domain name (meaning that it is real domain that real people use, likegoogle.com
.) also the primary domain record should be like thismacminimarlett.com.
Ormacminimarlett.private.
Ormacminimartlett.local.
(beaware that Microsoft Server 2008+ is droping.local
support and you need a real domain name and public IP/dedicated IP – which means using.local
isn’t future proofing).One thing to know, the primary domain record doesn’t have to be a fully qualified domain, but it should be as everything is heading that way in the future.
At the moment your server is thinking the
macminimarlett.
Andmepaa.
Are the.com
part of the domain name.Yeah there will be a lot of confusion in the mepaa domain record as there isn’t any reverse mapping for it. And the cname record is at the
.com
level (layer 1) which won’t resolve very well for clients.Next, what is the forwarder settings set to? These should be set to the ISP DNS and then to the router (you can add as many DNS servers as you like for redundancy).
What is doing DHCP to the clients? What DNS are they getting? The clients need to know where your subdomains are in the network. For example if a pc is typing in
hg.macminimarlett
(which is a bad idea – it should behg.macminimarlett.private
or something like that) then the pc client checks the DNS server for which server (IP address) has the subdomainhg.macminimarlett
– but if the DNS server doesn’t have a record ofhg.macminimarlett
then the DNS server will reply with not a real address (because it doesn’t know who that is).Regards,
Nov. 22nd.
I now realize that the syntax of my DNS entries (when and only when I am not using a registered domain name) need to be:
- For a Zone: <
Some Name
>.<Something Unique
>. - For the domain root, which is an entry in the zone: <
Some Name
>.<Something Unique
>. - For a subdomain, which is also an entry in the zone: <
Some Name
>.<Some Name
>.<Something Unique
>.
Where the above corresponds to the following: (domain name level).(TDL level).
Where the above corresponds to the following: (domain name level).(TDL level).
Where the above corresponds to the following: (subdomain prefix).(domain name level).(TDL level).
My current entries in my DNS are not set up this way. I need to change them. Before I do that I should likely run the changeip -checkhostname
as suggested by John.
I ran sudo changeip -checkhostname
And this is what I got:
Now my question is: is this message saying I need to run this again? What am I to do with the results of the message from changeip
? I read the Manuals but that did not yield any profound insights.
- Mac OS X Server 10.4.6 or later: changeip now requires fully qualified domain names
- changeip(8) Mac OS X Server Manual Page
I added .private
to all the DNS records in the DNS service, in order to fix the syntax of the DNS records as indicated by John. After that I ran changeip
again. It now shows that there is nothing needing to be changed. I think this part is now resolved.
Now this is what the server settings are (Noon 22nd) :
Aside: I corrected a spelling error in the DNS Records where mephaa was mispelled as mepaa. All the records now read with the mephaa spelling, as indicated in the second picture.I got hg.macminimarlett.private
to resolve from the server to a test index.html
page on the server. But I could not get it to resolve from a client on the network.
- Is this because I have the wrong type of records?
- Is this because I am not passing the DNS records to where the clients are looking for the records?
- How do I pass these DNS entries to my clients?
- Is this something I have to enter in the Airport Extreme? If so which entries on which lines?
From Camalot via the Apple forum post:
A hostname is a record of a host within the domain. For example,
hg.macminimarlett.private
is the hostname for the hosthg
within themacminimarlett.private
domain.
I don’t see anything in the Server Admin titled “hostname”… There is one thing under the Primary zone that says “hostname” but what should this be set to? the IP of the computer on this LAN?
Server Admin doesn’t know what additional hostname you want for your domain. It’s up to you to create them. You create additional records (either ‘A’ records (Alias) for physical machines, or ‘CNAME’ records for additional hostnames that you want to map to an existing machine.
§7. Ok so in what manner do I add hg.macminimarlett.private.
to that zone? Do I add it as a CNAME, as a secondary zone, as a Machine (A) recored?
In this case it sounds like you want to add three records to your existing zone.
One A record for your server (call it whatever you want, but
server.macminimarlett.private
seems to make sense). Give this the IP address of your server.
Two CNAME records – one forhg
and one forref
that both point toserver.macminimarlett.private.
Now you’ll be able to resolve all three hostnames, and they’ll all point to the same physical IP address. From there it’s just Apache’s configuration telling it how to deal with the different requests.
From John:
Yeah there will be a lot of confusion in the mepaa [sic] domain record as there isn’t any reverse mapping for it. And the cname record is at the
.com
level (layer 1) which won’t resolve very well for clients.Next, what is the forwarder settings set to? These should be set to the ISP DNS and then to the router (you can add as many DNS servers as you like for redundancy).
What is doing DHCP to the clients? What DNS are they getting? The clients need to know where your subdomains are in the network. For example if a pc is typing in
hg.macminimarlett
(which is a bad idea – it should behg.macminimarlett.private
or something like that) then the pc client checks the DNS server for which server (IP address) has the subdomainhg.macminimarlett
– but if the DNS server doesn’t have a record ofhg.macminimarlett
then the DNS server will reply with not a real address (because it doesn’t know who that is).
I am not sure what is giving DNS to the clients. I did have to put something (I think it is the IP of my neighbors router, see the image above) in the DNS settings of the Airport Extreme in order to get the Internet to be passed to the clients. So what I did was put the internal IP address of the MacMini Server in the DNS field on the Airport Extreme. I also found this interesting: http://www.dyndnscommunity.com/questions/4567/custom-dns-with-subdomain-and-airport-extreme
It seems that an AirPort Extreme will always identify itself as the DNS server. If I want the network to look for a DNS server elsewhere. Then I need to follow one of these options: http://discussions.apple.com/thread.jspa?threadID=121990, http://wiki.amahi.org/index.php/Airport_express or http://discussions.apple.com/thread.jspa?threadID=2288123&tstart=0. (Restart might be required. Also I might be looking for something called “split horizon DNS”.)
http://www.dyndns.com/support/kb/apple_airport_with_custom_dns.html
http://www.dyndnscommunity.com/questions/1087/apple-airport-does-not-create-global-dynamic-hostname-in-custom-dns-zone
Hugh,
failing getting the DNS to propergate over DHCP, why not just enter into each client the DNS servers of the internal server plus googles DNS server (8.8.8.8)?
That way it will definitely query the internal server first and if it’s a laptop it will try the google DNS server if it isn’t in the same network as the internal server.
Good Hunting,
John
please summarise in the mac-mgrs list once you find the answer – for helping others.