Without DNS, the domain name system that translates computer names to IP numbers, most networks would fall apart completely. As well as directing traffic on the internet, DNS is used for name-based routing in corporate environments, and especially for machines (like laptops) which can span the two. With Apple’s recent focus on URL-based protocols, and despite the popularity of LAN-based systems like Bonjour, the ability to configure internal DNS properly is an essential skill. In this two-part article, we’ll look at how to do just that.

Before we begin, a quick word of warning: If you don’t already understand DNS, you really shouldn’t be allowed to make changes to it. Nothing will screw up your day, or your employment situation, faster than taking your whole network down. So if you’ve found yourself in the unenviable position of having to set up DNS without experience or guidance, do yourself a favor and practice the procedure on a test network first. The job you save could be your own.

Basic DNS Configuration:

To start your setup, select the server you’d like to configure, and choose “DNS” from the list of available services in Server Admin. Choose “Zones” from the toolbar, then press the “Add Zone” button in the center of the window and select “Add Primary Zone”. An entry for the example.com zone will appear at the top of the window.

At this point, you’ll be tempted to hit “Save” before proceeding, but doing so triggers a terrible bug in some versions of Leopard that will break the configuration file that Server Admin edits (leaving it to permanently believe example.com is in fact your real domain). Instead, immediately change the “Primary Zone Name” to the name of your own domain, followed by a period to indicate that the entry is “fully-qualified”. A fully-qualified domain name is one that doesn’t require the host’s domain to be appended to it.

You’ll also want to change the name and IP of the first machine record (also known as an A record) to those of the server you’re configuring, this time without a period after it to indicate that it’s part of the larger domain.

You’ll then need to add what’s called an MX record, indicating the host (or hosts) to which mail is sent for your domain. Do so by clinking the plus symbol beneath the “Mail Exchangers” field, and input each hostname followed by it’s priority (traditionally 10 for the first mail server, 20 for the second). Then, and only then, will you want to save your work.

Now that there’s a record of your domain, and one of its primary server, you’ll need to tell client machines where to look for information on other domains. Click “Settings” in the toolbar at the top of the window, then click the plus symbol beneath the section marked “Forwarder IP Addresses”. Add the IP addresses of the DNS servers at your internet service provider (those pictured are mine from Comcast here in Seattle), then hit “Save” once more. This will allow your client machines to receive DNS information for the remainder of the internet.

If your domain exists only within your own network, you’re ready to click “Start DNS” and configure your client machines to use your new DNS server. If your company has any kind of internet presence, however, you’ve got a little more work ahead of you.

Split DNS Configuration:

When DNS was originally designed, every machine on the internet used a static IP, and address translation from internal to external networks didn’t exist. Twenty-five years later, the internet is a very different place, and most corporate servers are well protected from it. This can create a problem when you try to use the same domain name both inside your own network and outside on the internet, as local users won’t be able to find externally hosted services like email or websites.

The most common solution is configuring a “split” DNS, where servers both inside and outside your network control customized resolution of your domain for only those machines that can see them. This would, were I hosting my own email for instance, let internet machines find mail.makemacwork.com at an external IP of 64.13.192.203 routed through my firewall, while still pointing internal clients at 192.168.0.250 on their local network. In this case, both IPs would be the same machine, but with the external record on the DNS server at my ISP and the internal record on my own internal server.

Even if you’re not hosting any internet-available services, though, your internal machines will see your new DNS server as the authoritative source of information on your domain. So if you’ve outsourced any kind of hosting with the same domain name, you’ll need to put that information in your internal zone record as well.

Go back to “Zones” in the Server Admin toolbar, highlight your domain, and choose “Add Machine (A)” again from the “Add Record” button. Repeat this until each external server has it’s own listing. If more than one hostname resolves to the same IP, all but one should be configured using the “Add Alias (CNAME)” option instead.

With all the hostnames on your domain configured, you can finally start the DNS service.

Next week in part two, we’ll look at configuring your client machines to find your new DNS server, and setting up a secondary DNS server for redundancy.

Recommended Reading: For a simple overview of How Domain Name Servers Work, there’s a great (if slightly web-centric) synopsis at the appropriately named “How Stuff Works”.