Using DYNDNS.com with OS X Web server (10.4)

[TodVader]

Hi. I'm running Mac OS X 10.4 Server on an old 667 MHz G4 PowerMac. For DNS, I'm using dyndns.com's free service.

I've associated 2 different hostnames to my IP address (96.21.*.*)

qcmat.dnsalias.net
qcmat.dynalias.com

My domain is from 1and1. When asked to enter my 2 name servers (they want a primary and secondary), I guess this error after a couple of hours:

There is a domain registration error in the DNS.

If you enter qcmat.dnsalias.net or the other one in the browser, it will open the temporary OS X Server page (I didn't change it yet).

Is there something I don't understand?

Thanks for the help.

 

[plinden]

nslookup shows you have both those host names pointing to 96.21.*.* (it's pointless to obfuscate that since anyone can see the IP address knowing the host name, but I'll do it anyway since you did.)

Likely your firewall and/or router is blocking access from outside your local network.

 

[TodVader]

ok I don't really want to hide it anyways. Can you see the temporary OS X server page from your house?

I've created to 2 hostnames (pointing to the same IP) because 1&1 only accepts 2. Maybe that's where they get their "error" from.

btw, the error is on the 1&1 page, not here on my computer.

I've used 1&1 with hostgator hostnames many times and never had any problems.

I have really no idea how to fix this

 

[SC68Cal]

You have WAY too many open ports. The reason why you aren't seeing your web page is because port 80 is being blocked by your firewall. Not much else is though.

Interesting ports on modemcable099.3-21-96.mc.videotron.ca (96.21.3.99):
Not shown: 1694 closed ports
PORT      STATE    SERVICE
21/tcp    open     ftp
22/tcp    open     ssh
25/tcp    filtered smtp
53/tcp    open     domain
80/tcp    filtered http
106/tcp   open     pop3pw
135/tcp   filtered msrpc
136/tcp   filtered profile
137/tcp   filtered netbios-ns
138/tcp   filtered netbios-dgm
139/tcp   filtered netbios-ssn
311/tcp   open     asip-webadmin
389/tcp   open     ldap
445/tcp   filtered microsoft-ds
548/tcp   open     afp
625/tcp   open     apple-xsrvr-admin
749/tcp   open     kerberos-adm
1080/tcp  filtered socks
1720/tcp  filtered H.323/Q.931
6881/tcp  filtered bittorrent-tracker
16080/tcp open     osxwebadmin

http://96.21.3.99:16080

 

[TodVader]

I haven't activated the server's software firewall yet. I just desactived DNS too since I'm using DYNDNS.com's service (I got dynamic IP addresses so I will use their service with an auto updater). Maybe it didn't work because DNS was active on the server too?

For port 80, I forwarded it to my server's IP address (192.168.1.103).

Btw, I followed this tutorial: http://www.s2studios.com/blog/osx-server-104-tutorial/

Can you see the temporary OS X page when you go to my IP address or one of the above hostnames? I can on other computers but don't have access to other networks right now to test it.

Thanks

EDIT: I just realised that I forgot to click the "enable" box after I forwarded port 80 to 192.168.1.103.

Still, the problem seems to be with the hostnames. 1&1 seems to reject them.

 

[SC68Cal]

You really should reconsider what you're doing - You have AFP open, remote Xserve administration, all kinds of stuff. You're just asking to get your server hacked. You have no clue what you're doing. Put that box back behind your router, you're way in over your head.

 

[TodVader]

ok I just started the server firewall and opened port 80. Security should be better now... ?

btw, this is just a little learning exercise for me. I was given this stuff for free and am just trying to learn a little bit here. No serious stuff that security could be a problem.

All my sites are well and safe with real hosting companies and will stay there...

 

[kg9ov]

Hi. I'm running Mac OS X 10.4 Server on an old 667 MHz G4 PowerMac. For DNS, I'm using dyndns.com's free service.

I've associated 2 different hostnames to my IP address (96.21.*.*)

qcmat.dnsalias.net
qcmat.dynalias.com

My domain is from 1and1. When asked to enter my 2 name servers (they want a primary and secondary), I guess this error after a couple of hours:

There is a domain registration error in the DNS.

If you enter qcmat.dnsalias.net or the other one in the browser, it will open the temporary OS X Server page (I didn't change it yet).

Is there something I don't understand?

Thanks for the help.

So, you're entering the qcmat.dnsalias.net & qcmat.dynalias.com names for the primary & secondary nameserver for your own domain at your registrar (1and1)? If so, you can't do that. The nameservers you enter for your domain must be on static IP addresses. They would also have to actually be DNS servers. DynDNS can do dns hosting for your domain, but you have to have a Custom DNS account and that's not free (unless you happen to have an OLD account that has been grandfathered because you made a donation when they were just a little startup company).

 

[SC68Cal]

Your DNS settings are fine. qcmat.dynalias.com resolves to your IP.

Security is getting better.

Starting Nmap 4.68 ( http://nmap.org ) at 2008-09-14 16:29 EDT
Interesting ports on modemcable099.3-21-96.mc.videotron.ca (96.21.3.99):
Not shown: 1712 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
311/tcp open  asip-webadmin
625/tcp open  apple-xsrvr-admin

Block port 311 and port 625. Those should not be accessible from outside your LAN. Port 80 might be blocked by your ISP. Set apache up on a different port and use a DyDNS webhop.

 

[SC68Cal]

The nameservers you enter for your domain must be on static IP addresses.

Not true.

 

[TodVader]

I just blocked the ports you told me to and opened port 8080. I set apache to 8080 and you can access the website at 96.21.3.99:8080

Is the above guy right by saying I can't take my 2 QcMat nameservers and use them on 1&1? My IP might not be static but DynDns is updated automatically everytime it changes.

Thanks

 

[kg9ov]

Not true.

OK, it doesn't technically HAVE to be on a static IP, but the downtime when the IP address of your DNS server suddenly changes is generally unacceptable considering the TTL on the records in most of the TLD zones. Good luck getting DynDNS to register a name in one of their dynamic zones as a nameserver too...

 

[TodVader]

OK, it doesn't technically HAVE to be on a static IP, but the downtime when the IP address of your DNS server suddenly changes is generally unacceptable considering the TTL on the records in most of the TLD zones. Good luck getting DynDNS to register a name in one of their dynamic zones as a nameserver too...

I have an app that automatically sends any new IP address to dyndns.com within seconds.

 

[kg9ov]

I have an app that automatically sends any new IP address to dyndns.com within seconds.

I understand that, but that's not the problem. The biggest problem is that your server is not a nameserver. Next, every sensible registrar requires that the nameservers you enter are registered as nameservers (there are glue records for their names) and that's never going to happen for those names.

 

[TodVader]

I understand that, but that's not the problem. The biggest problem is that your server is not a nameserver. Next, every sensible registrar requires that the nameservers you enter are registered as nameservers (there are glue records for their names) and that's never going to happen for those names.

I just don't understand how I'm supposed to point my domain name to my server. I thought that dyndns.com's job was to create nameservers that would point to my IP which would point to my server which would point to the website.

 

[kg9ov]

I just don't understand how I'm supposed to point my domain name to my server. I thought that dyndns.com's job was to create nameservers that would point to my IP which would point to my server which would point to the website.

DynDNS is a DNS hosting provider among other services. They have a service to do what you want to do, but it's the non-free Custom DNS service, not the Dynamic DNS service.

Also, they have a lot of information about how DNS works and why what you are trying to do doesn't work in their knowledge base.

 

[SC68Cal]

For what he's doing, DyDNS will work just fine. If anything, he can have the domain name do a redirect to his DyDNS domain name.

 

[kg9ov]

There still has to be a DNS server somewhere hosting his personal domain for that to work. With DynDNS, that's the Custom DNS service and if you get that, there is no point in using their Dynamic DNS service because the Custome DNS service can do everything it does and more...

 

[SC68Cal]

There still has to be a DNS server somewhere hosting his personal domain for that to work.

Seems to work just fine.

dig qcmat.dynalias.com A +trace

; <<>> DiG 9.4.2-P1 <<>> qcmat.dynalias.com A +trace
;; global options:  printcmd
.			454805	IN	NS	M.ROOT-SERVERS.NET.
.			454805	IN	NS	F.ROOT-SERVERS.NET.
.			454805	IN	NS	L.ROOT-SERVERS.NET.
.			454805	IN	NS	I.ROOT-SERVERS.NET.
.			454805	IN	NS	E.ROOT-SERVERS.NET.
.			454805	IN	NS	K.ROOT-SERVERS.NET.
.			454805	IN	NS	A.ROOT-SERVERS.NET.
.			454805	IN	NS	C.ROOT-SERVERS.NET.
.			454805	IN	NS	J.ROOT-SERVERS.NET.
.			454805	IN	NS	G.ROOT-SERVERS.NET.
.			454805	IN	NS	B.ROOT-SERVERS.NET.
.			454805	IN	NS	H.ROOT-SERVERS.NET.
.			454805	IN	NS	D.ROOT-SERVERS.NET.
;; Received 500 bytes from 192.168.1.1#53(192.168.1.1) in 17 ms

com.			172800	IN	NS	A.GTLD-SERVERS.NET.
com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
;; Received 508 bytes from 198.41.0.4#53(A.ROOT-SERVERS.NET) in 27 ms

dynalias.com.		172800	IN	NS	ns1.dyndns.org.
dynalias.com.		172800	IN	NS	ns2.dyndns.org.
dynalias.com.		172800	IN	NS	ns3.dyndns.org.
dynalias.com.		172800	IN	NS	ns4.dyndns.org.
dynalias.com.		172800	IN	NS	ns5.dyndns.org.
;; Received 136 bytes from 192.26.92.30#53(C.GTLD-SERVERS.NET) in 27 ms

qcmat.dynalias.com.	60	IN	A	96.21.3.99
dynalias.com.		86400	IN	NS	ns5.dyndns.org.
dynalias.com.		86400	IN	NS	ns4.dyndns.org.
dynalias.com.		86400	IN	NS	ns1.dyndns.org.
dynalias.com.		86400	IN	NS	ns2.dyndns.org.
dynalias.com.		86400	IN	NS	ns3.dyndns.org.
;; Received 232 bytes from 208.78.69.75#53(ns3.dyndns.org) in 208 ms

With DynDNS, that's the Custom DNS service and if you get that, there is no point in using their Dynamic DNS service because the Custome DNS service can do everything it does and more...

He doesn't need anything more than a simple mapping between his residential IP addresss and a domian name.

 

[kg9ov]

Right, he has two names setup that point to his IP address and that works... All well and good...

But, from what I can gather, he also has a domain name he has registered with 1and1 and wants that to point to his IP address also. So, DNS for that domain has to be hosted somewhere.

 

[TodVader]

For my websites that are hosted with hostgator, I use the 2 nameservers they gave me:

ns863.hostgator.com
and
ns864.hostgator.com

I just enter those on the domains from 1&1 and it works like a charm. (I use those with addon domains on cPanelX)

Don't my 2 qcmat addresses above work just like that? It doesn't seem so because they return errors in 1&1.

 

[kg9ov]

Well, the short answer is: No, it doesn't work like that.

Basically, when you create a new site in cpanel, it creates the dns zones in your hosts nameservers and populates them with all the required records behind the scenes. That's why it "just works".