[ingalaxy]

I am looking to setup OS X Server to run 3 websites (separate domains - like a.ccom, b.com and c.com) How can I do that? No UNIX or terminal experienc, no time to learn BIND. Server has 1 NIC card and 1 IP. DNS setup will point to a mail server for 2 domains only, that runs OS X standard and CommunigatePro software on 1 IP. I need easy and fast setup. Is QuickDNS or iTools from Tennon my only options?

[Camelot]

Originally posted by ingalaxy:
<STRONG>I am looking to setup OS X Server to run 3 websites (separate domains - like a.ccom, b.com and c.com) How can I do that? No UNIX or terminal experienc, no time to learn BIND. Server has 1 NIC card and 1 IP. DNS setup will point to a mail server for 2 domains only, that runs OS X standard and CommunigatePro software on 1 IP. I need easy and fast setup. Is QuickDNS or iTools from Tennon my only options?</STRONG>

iTools and QuickDNS have nothing to do with running virtual hosts. It's all in the Apache config.

Have you read http://www.apache.org/docs/vhosts/ as indicated in the httpd.conf file?

In short, edit /private/etc/httpd/httpd.conf

Find the line:

#NameVirtualHost *

and remove the #. Then change the * to your system's IP address

Then add the following lines for EACH of your virtual hosts:

<BLOCKQUOTE><font size="1"face="Geneva, Verdana, Arial">code:</font><HR><pre><font size=1 face=courier>
&lt;VirtualHost <A HREF=<font color = red>"http:<font color = brown>//www.domain.com&gt;"</font> TARGET=_blank>www.domain.com&gt;</A> </font>
ServerAdmin webmaster@domain.com
DocumentRoot /www/docs/domain.com
ServerName <A HREF=<font color = red>"http:<font color = brown>//www.domain.com"</font> TARGET=_blank>www.domain.com</A> </font>
ErrorLog logs/domain.com-error_log
CustomLog logs/domain.com-access_log common
&lt;/VirtualHost&gt;
</font>[/code]

Obviously you'll replace www.domain.com with the relevant hostname, and change the values of the various fields so they properly relate to each domain's setup. In this way each domain will have a different DocumentRoot (important otherwise all sites would serve the same content, which defeats the purpose) and will create separate log files.

[ingalaxy]

[QUOTE]Originally posted by Camelot:
[QB]

iTools and QuickDNS have nothing to do with running virtual hosts. It's all in the Apache config.

I can see a button (second from the top in left column named "virtual hosts" http://www.tenon.com/images/iToolsScreenShot.jpg in iTools. I thought that iTools allows you to control Apache better than Server Admin that comes with OS XS.

From Tennon Website: "The new iTools Manager lets webmasters set up virtual hosts, create URL Aliases and Redirects, create self-signed SSL certificates and SSL certificate requests, create realm-based, host-based, and cipher-based Access Controls, and perform a myriad of other tasks. No need for Macintosh webmasters to "learn" Apache.
Using Apple's bundled Apache as a point-of-departure, Tenon's iTools extends this underlying server platform with a point-and-click interface and a rich set of new features. Included with iTools, in addition to extensions and enhancements to the Mac OS X Apache web server, are a powerful WEBmail server, a state-of-the-art domain name server, a multihoming FTP server, a robust SSL encryption engine to support eCommerce, a powerful caching engine with state-of-the-art proxy support, and a Sherlock-savvy search engine. All of the tools are supported using a secure point-and-click browser-based administration tool. "

[Camelot]

OK, I think I need you to better clarify exactly what it is you want. My first read of your post sounded like you just wanted tun run virtual web sites on one computer.

Then you start talking about DNS.

So now I'm thinking that you really want to run three domains off one system, including DNS, mail and web hosting.

For an all-round product suite, iTools would be a good bet. However, if money is not a problem you might get better results from a combination of different products.

IMHO QuickDNS is a great DNS program that is easier to manage than BIND (even with iTools front end).

Communigate Pro from Stalker would be a far easier mail server to setup and maintain than sendmail, but Communigate Pro can be expensive, especially once you start bundling the lists, multiple domains, lots of users, etc.

WebSTAR X handles multiple domains and has a familiar interface to anyone who's used WebSTAR on previous Mac OS versions.

Together, these products would probably cost more than iTools but would be easier to setup.

Alternatively, find someone who understands Mac OS X and can setup the free, included products for you for less than the cost of the other apps (I'm available )

[ingalaxy]

I am sorry for not being specific. I am reading so much about this that I have a mess in my head already. OK. Let me explain what i want to do. I am a Mac manager working for printing company. My boss asked me to setup an internal server with website, ftp and mail. I know how to fix macs and setup networks, but not much about this stuff. What I have so far is: G4/400 with OS X Server 10-user 10.1.3 which I will use as a web server and ftp server. I have G3/233 with OS X (not server), that will be CommunigatePro server (mail). I have T1 with static IPs. DNS records with my ISP. I just installed CommunigatePro (I am reading how to setup this for 2 domains and my webserver will be hostting 2 websites, my company's website (alpha.com) and one of my salesman's (beta.com) (He is print broker). Same with mail server - 2 domains my own and broker's. Since I have to setup for 2 I thought why not setup for 3 (gamma.com) (my own personal site). That is where the problem is. I had webserver running with one (alpha.com) without problems. I am messed up with this DNS thing. I am not sure what is the best way to do that? Should I have DNS server in the company? Or, just tell my ISP to create a DNS records for beta.com and gamma.com and point to my OS XS box? I am trying to understand DNS - How this works? What all those records do? Why do I need them? A-record is my OS XS box IP right? MX-record is mail for A-record? I don't know what CNAME is and NAME SERVER and REVERSE LOOKUP? for As far as I understand I can use server admin to setup virtual host without any other software. But Since I would like to learn DNS stuff I thought I would be better off with buying DNS server like QuickDNS. But I found iTools, that has DNS setup, FTP server and some other stuff also for not much more money than QuickDNS. I do not want to run too many programs. I've never seen Webstar. What I am thinking is to buy Communigate Pro (50 users - $500) and iTools for $400. What would you do? If you would not want to spend your time in terminal? What kind of setup do you have? Are you running your own server? You can email me directly to ingalaxy@mac.com

[prolix]

As far as dns goes, i suggest you let your isp handle it, otherwise you have to setup your own dns server and get it registered as an authoritative name server, and also get the dns editied for all of your domains. its not really worth the hassle, especially for 3 domains. just tell your isp what you want to do and they will know where to point the different records. tell them what domains go to what ip and that you want to run web and email for them, they will know what to do.

i run around 6 domains off a single linux box, and they all share hte same ip. they all have email and web. the way i handle it is i use virtual hosts in apache for all of the domains, configured in a similar fashion as an above post mentions. for mail i use sendmail, it too has a virtual host configuration. i've never used communigate so i can't speeak specifically to your problem, but in general what you are wanting is fairly easy to do. i would suggest using apache for your websites, and just manually create the virtual hosts.

what you are trying to do is very common, so i would check and make sure whatever software you decide upon supports virtual hosts, and if you end up spending money on it and have problems, just call the support for the software, if they know their product they should be able to walk you through the config pretty quickly.

here is a good article on virtual hosts in apache:
http://www.apacheweek.com/features/vhost

[Camelot]

OK, given what you've said so far, here's what I recommend.

For your primary domains (alpha.com and beta.com) I'd have your ISP maintain the DNS for now. Install QuickDNS|iTools to run DNS for your personal domain gamma.com.

Your ISP is familiar with maintaining DNS and you're then not likely to impact your business domains if you make an error in your DNS setup. You can use your own domain to play with DNS and migrate alpha.com and beta.com to your own DNS server once you feel confident.

As for web and mail, it's entirely feasible to serve multiple domains off one server either using Apache with the configuration controls already discussed or iTools. For mail, Communigate Pro would be a good alternative to learning and configuring sendmail so that sounds like a good plan.

As for DNS itself, there are various resource types in a typical zone file (e.g. alpha.com). The commonest one is the A record, as you've already encountered. A stands for Address, and it's the simple map between a hostname and an IP address. For example:

www.alpha.com. IN A 123.45.67.89

maps www.alpha.com to the IP address 123.45.67.89

You'll usually have one A record for each host in your domain.

MX records define Mail eXchangers, i.e. servers that handle mail for a particular domain. Mail exchange records are used so that you can route mail to a number of mail servers for that domain. Typically, you'll have something like:

alpha.com. IN MX 10 mail.alpha.com.
mail.alpha.com. IN A 123.45.67.90

Here, all mail addressed to &lt;username&gt;@alpha.com should be routed to the server known as 'mail.alpha.com'. Additionally, mail.alpha.com is defined as the address 123.45.67.90 and hence that's where the mail will be sent to. One other advantage here is that you can define multiple MX records so that mail can be delivered to a secondary (or tertiary) mail server should the primary server be unavailable. For example:

alpha.com. IN MX 10 mail.alpha.com.
alpha.com. IN MX 20 mail.isp.com.
mail.alpha.com. IN A 123.45.67.90

Here, mail.aphla.com has a preference value of 10 and mail.isp.com has a preference value of 20. Mail would be sent first to your mail server unless it is unavailable, in which case the mail would be routed to your ISP where they'd hold it until your mail server came back online (clearly, isp.com would have to configure their mail servers to accept your mail)

You can also set multiple MX records for subdomains within your domain. For example, you might want to give staff an address of username@corp.alpha.com, or separate geographically (username@uk.alpha.com, username@us.alpha.com, etc.) You can then route mail to different mail servers specific to the subdomain.

CNAMEs
Technically there should only be one A record per IP address but sometimes you want to run multiple services on the same machine but using different names - for example www.alpha.com and ftp.alpha.com.

This gives you the ability to not only mask the fact you're using the same machine, but also gives you the ability to move ftp to a different server at a later date without having to inform everyone else of the change (if they'd been ftping to www.alpha.com they wouldn't hit the new ftp server).

CNAME records are a way of assigning multiple names to the same machine. For example:

www.alpha.com. IN A 123.45.67.89
ftp.alpha.com. IN CNAME www.alpha.com.

Here, ftp.alpha.com is CNAMEd to www.alpha.com so when anyone performs a name lookup on ftp.alpha.com they'll get the IP address of www.alpha.com without breaking the rule of one A record per IP. If you later add a dedicated ftp server, you just change the DNS record from a CNAME to an A record with the new IP, and everything continues to work.

REVERSE DNS
Reverse DNS, as its name implies, performs reverse name mapping. In 'normal' (i.e. forward) DNS you're mapping names to numbers (i.e. www.alpha.com -&gt; 123.45.67.89). Reverse DNS performs the reverse map (123.45.67.89 -&gt; www.alpha.com)

In most cases, reverse DNS is less important than the forward, but there are some specific cases where it's important.

Many mail servers perform reverse DNS lookups to validate incoming mail connections in order to counter spam. Any mail server can CLAIM to be a trusted source when it isn't. For example, I could setup my mail server to identify itself as mail.apple.com and you might trust that mail thinking that Apple is contacting you. However, if the reverse DNS lookup on my IP address says something different, you'll know something is amis (hmm, would mail.apple.com really be calling from dialup43.someisp.com)

When mail servers use this check, they'll validate that your IP address matches the name your server identifies itself as. The conversation will go something like this (clearly simplified :

You: Hey, I'm 123.45.67.90
Remote: Hi 123.45.67.90
You: My name is mail.alpha.com
Remote: Hi mail.alpha.com, I can see that mail.alpha.com resolves to 123.45.67.90, and I can also see that 123.45.67.90 resolves to mail.alpha.com. Nice to meet you. How can I help?

If your reverse DNS wasn't setup correctly the last comment might be more along the lines of:

Remote: Hi mail.alpha.com, I can see that mail.alpha.com resolves to 123.45.67.90, but 123.45.67.90 resolves to somename.someisp.com. I think you're lying to me. Goodbye.

In this situation, you'll have all kinds of problems sending mail since many people won't trust your mail server.

When using BIND, you're responsible for maintaining both the forward and reverse DNS files. QuickDNS will automatically maintain the reverse DNS based on what you enter for the forward DNS. I'm assuming that iTools will do this too, but I'm not certain.

There's one other step in reverse DNS, which is defining the authoritative servers. ARIN (American Registry for Internet Numbers) maintains the directory of who 'owns' which IP addresses in the US (APNIC and RIPE maintain the databases for Asia-Pacific and Europe, respectively), and they define which DNS server is authoritative for any given IP address. Currently the chances are that your IP addresses are 'owned' by your ISP, meaning that all reverse lookups on your addresses will hit their servers and not yours. Therefore you either need to have your ISP update their DNS records based on your requirements, or you need to have them delegate control of your IP addresses to your server (a process called SWIPping). The alternative to SWIP is to approach ARIN (or APNIC or RIPE) for your own address block, but they typically don't do this unless you need at least 4096 IP addresses.

Now you can see why I recommend using your ISP for maintaining DNS until you're more comfortable with it. If you make a mistake you could make your site unavailable.

[ingalaxy]

Camelot.
WOW. This is GOLD. I really appreciate for the time it took you to write all this. Can you tell what do you do for living? (if you do not want to post it here email: ingalaxy@mac.com). I have seen your other posts and let me tell you - This is very impressive. How did you learn all this? I would think that you work for ISP as a Service Manager.

You are right. It is very complicated, but I guess all of us (mac users) have to learn a bit of DNS and UNIX. OS X is here to stay and we have no chioce.

I will do exactly as you suggested. I will host my 2 primary websites at my ISP and I will get QuickDNS so I can play with it.

The only thing not clear for me is "the name of the server known as "mail.alpha.com" Is this the computer name from Sharing entry (network indentity) or a name from Communigate Pro? My ISP put my name exactly as you said:

alpha.com. IN MX 10 mail.alpha.com.
mail.alpha.com. IN A 123.45.67.90

But my computer name is "m8" (in sharing) This is the computer where CgatePro is installed. Communigate Pro main domain is: "alpha.com", not "mail.alpha.com". Does that make a difference. If it does - how can I name a server mail.alpha.com? Are you talking about file sharing name?

alpha.com. IN MX 10 mail.alpha.com.
mail.alpha.com. IN A 123.45.67.90

Here, all mail addressed to &lt;username&gt;@alpha.com should be routed to the server known as mail.alpha.com. Additionally, mail.alpha.com is defined as the address 123.45.67.90 and hence that's where the mail will be sent to.

Is Virtual host and domain alias the same in Apache?

Do you have an experience with Communigate Pro? To set up a mailserver for 2 domains Should I nmake a 1 domain and an alias for the other? Or make a 2 domains? If 2 domains is the answer - what is an alias in CgatePro for?

[Camelot]

Originally posted by ingalaxy:
<STRONG>Camelot.
WOW. This is GOLD. I really appreciate for the time it took you to write all this. Can you tell what do you do for living? (if you do not want to post it here email: ingalaxy@mac.com). I have seen your other posts and let me tell you - This is very impressive. How did you learn all this? I would think that you work for ISP as a Service Manager.
</STRONG>

Close, I'm the operations manager for a fairly large ASP (we run internet sites for other companies, including several Fortune 500 companies), so we're doing this kind of thing all the time.

<STRONG>You are right. It is very complicated, but I guess all of us (mac users) have to learn a bit of DNS and UNIX. OS X is here to stay and we have no chioce.</STRONG>
That's not a bad approach

<STRONG>The only thing not clear for me is "the name of the server known as "mail.alpha.com" Is this the computer name from Sharing entry (network indentity) or a name from Communigate Pro? My ISP put my name exactly as you said:

alpha.com. IN MX 10 mail.alpha.com.
mail.alpha.com. IN A 123.45.67.90

But my computer name is "m8" (in sharing) This is the computer where CgatePro is installed. Communigate Pro main domain is: "alpha.com", not "mail.alpha.com". Does that make a difference. If it does - how can I name a server mail.alpha.com? Are you talking about file sharing name?
</STRONG>

The name of your machine doesn't directly relate to the name other people will reference it by (although it can be). You should be able to tell Communigate Pro the name of the domain(s) it's handling mail for independent of the name of your machine.
Remote users should only ever see the DNS name (or reverse DNS name) of your machine, and never the actual hostname you've defined

<STRONG>Is Virtual host and domain alias the same in Apache? </STRONG>
Not directly, in Apache's case, Apache looks at the name of the domain the user is requesting and uses that to determine which page to return.

For example, when a user makes a connection to Apache, they send a request along the lines of 'give me the index.html page for www.alpha.com'. You use DNS to tell other users where to send their requests for www.alpha.com.

<STRONG>Do you have an experience with Communigate Pro? To set up a mailserver for 2 domains Should I nmake a 1 domain and an alias for the other? Or make a 2 domains? If 2 domains is the answer - what is an alias in CgatePro for?</STRONG>
No, I've never used Communigate Pro myself but multiple domains is a common-enough task that I can't imagine it isn't supported.

A quick poke around the Stalker site indicates that it's possible, although not quite straightforward. You have to do some work to enable POP/IMAP access all the accounts in the secondary domains, but it's possible. This thread hints at what needs to be done.

As for the question of domains vs. aliases, it sounds like you really want two domains, so you'll have two separate MX entries, one in each domain, even if they point to the same mail server at the end.
Within Communigate Pro, though, it sounds as though you can only define a primary domain and have to alias the other domain, but I'm not a Communigate Pro expert, so I probably shouldn't say too much more.

[ingalaxy]

Thank you very very very much for your help. I knew it it was bread and butter for you. I am positive your answers will help a lot of mac users here. It is good to have someone from the ASP here. Maybe It will make your jobs easier too.