Tiny Deathstars of Foulness

OS X Server supports running a traditional bind implementation of DNS. You can define a record for most any name, including,,, etc. You can use this to redirect subdomains. In this example, we’ll create an A Record to point to without breaking other subdomains. To get started, let’s use the DNS service in the Server app to create The reason for this is that OS X will then create a zone file for If we created instead, then OS X would automatically create, which would break the other subdomains. To do so, open Server app and click on the DNS Service. Then click on the plus sign to create a new record. Screen Shot 2014-09-23 at 10.55.58 AM Now, if you restart dns and ping you should see the referenced IP. To then change, we’d edit the zone file stored at /Library/Server/named/ This file will look like this when you first open it: 10800 IN SOA ( 2014092301 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 1209600 ; expire (2 weeks) 86400 ; minimum (1 day) ) 10800 IN NS 10800 IN A We’ll add an a record for 10801 IN A Now, to change the apex record, you’d just replace the name you’ve been using with an @: @ 10801 IN A Good luck!

September 23rd, 2014

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Network Infrastructure, sites, Ubuntu, Unix

Tags: , , , , , , , ,

Sometimes you want to move a domain but you don’t have a copy of the zone file in order to recreate records. The easy way to do this is to grab a zone transfer. To do so, dig is your friend: dig -tAXFR Sometimes though (and actually more often than not) a zone transfer is disabled. In that case you’ll need to dig the domain a bit differently. I like to use +nocmd, query for any and list the results (+answer): dig +nocmd any +answer Which results in the following:
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39183 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN ANY ;; ANSWER SECTION: 1262 IN A 3600 IN MX 0 3600 IN MX 10 3600 IN NS 3600 IN NS 3600 IN SOA 2010010400 28800 7200 604800 3600 ;; Query time: 127 msec ;; SERVER: ;; WHEN: Tue May 7 22:31:15 2013 ;; MSG SIZE rcvd: 207
The above shows the naked domain name entry (yes, I still giggle every time I write the word naked so it’s ok if you giggled when you read it), all of the mail (which btw I don’t actually use that mail so please don’t try and send any at this time) and the ns servers. Now, the serial and refresh information isn’t included in this output. Actually, it is but it might not make sense, so we’ll just add the +multiline option which will make this look strangely like a zone file: dig +nocmd any +multiline +answer Notice the serial, refresh, retry, expire and minimum options are now listed in a much more fashionable way:
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10965 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN ANY ;; ANSWER SECTION: 3225 IN A 3225 IN MX 0 3225 IN MX 10 3225 IN NS 3225 IN NS 3225 IN SOA ( 2010010400 ; serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) ;; Query time: 22 msec ;; SERVER: ;; WHEN: Tue May 7 22:32:20 2013 ;; MSG SIZE rcvd: 207
And there ya’ go. You’ve basically done a zone transfer on a box, even though zone transfers are disabled. Silly DNS admins, disabling zone transfers and all that… Yes, I disable zone transfers on most of my DNS boxen as well, or at least only allow them for specific IPs… 😉

May 8th, 2013

Posted In: Active Directory, Mac OS X, Mac OS X Server, Mac Security, Network Infrastructure, Ubuntu, Unix, VMware, Windows Server, Windows XP, Xsan

Tags: , , , , , , , , ,

If you see a lot of subdomains that are actually other people’s domain names in your DNS records for NetSol then you can either delete them or call and open a ticket with NetSol.  This is zone file corruption on their side.

October 9th, 2007

Posted In: Network Infrastructure, sites

Tags: , , ,