Configuring DNS servers

You can manually configure a Microsoft DNS server or a BIND for Windows DNS server to do the following:

AirPrint advertisement
Service discovery for the Lexmark Print Management solution
Reply to Unicast DNS queries from an AirPrint-capable device

This section provides information on how to add the DNS role, create a zone or domain, and add the required subdomains and appropriate resource records (TXT/PTR/SRV).

This section provides information on the most common configurations for an enterprise environment and is intended for network administrators. For information on other configurations, contact the Lexmark Professional Services team.

Configuring DNS servers for AirPrint advertisement

Adding a DNS role

Note: Make sure that the server is configured with a static IP address.

For Windows Server 2012

From the Windows Administrative Tools window, click Server Manager.
Click Manage > Add Roles and Features > Next.
For the installation type, select Role-based or feature-based installation, and then click Next.
Click Select a server from the server pool, and then select the appropriate server.
Select DNS Server > Add Features > Next.
Click Install.

For Windows Server 2008

From the Windows Administrative Tools window, click Server Manager.
Click Roles > Add Roles > Next.
Select DNS Server > Next.
Click Install.

Adding a forward lookup zone

Note: Make sure that you have the domain name and IP address of your DNS server.

From the Windows Administrative Tools window, click DNS.
Expand the host name of your server, right-click Forward Lookup Zones, and then click New Zone > Next.
For the zone type, select Primary zone, and then click Next.
Specify the name of your domain, and then click Next.
Click Create a new file with this file name, and then click Next.
Select Do not allow dynamic updates > Next.
Note: Allow dynamic updates only when adding the new zone to a parent DNS server or when the new server installation is the only network DNS server. For more information on your environment, contact your system administrator.
Click Finish.

Adding a reverse lookup zone

Notes:

Make sure that you have the domain name and IP address of your DNS server.
This process is optional. Add a reverse lookup zone only when your network does not have a parent DNS server that manages the host records for clients on your network. You can also add a reverse lookup zone when your organization does not allow dynamic updates to occur on the parent DNS server.

From the primary DNS server, navigate to the Windows Administrative Tools window, and then click DNS.
Note: The primary DNS server is the parent DNS server of your organization or the new DNS server that you are installing.
Expand the host name of your server, right-click Reverse Lookup Zones, and then click New Zone > Next.
For the zone type, select Primary zone, and then click Next.
Select IPv4 Reverse Lookup, and then click Next.
Enter the first three octets of the IP address of your DNS server, and then click Next.
Click Create a new file with this file name, and then click Next.
Select Do not allow dynamic updates > Next.
Note: Allow dynamic updates only when adding the new zone to a parent DNS server or when the new server installation is the only network DNS server. For more information on your environment, contact your system administrator.
Click Finish.

Adding a host A record

Note: This process is optional. Add a host A record only when your network does not have a parent DNS server that manages the host records for clients on your network. You can also add a host A record when your organization does not allow dynamic updates to occur on the parent DNS server.

From the primary DNS server, navigate to the Windows Administrative Tools window, and then click DNS.
Note: The primary DNS server is the parent DNS server of your organization or the new DNS server that you are installing.
Expand the host name of your server, right-click the domain that is created in the forward lookup zone, and then click New Host (A) > Next.
Specify the host name and IP address of the LPM server.
Note: In an enterprise system, make sure that the LPM server is performing a load balancer role and that its IP address is static.
Select Create associated pointer (PTR) record > Add Host.

Other considerations

Host A records in the forward and reverse lookup zones are created automatically in the following scenarios:

When joining Active Directory Domain
When the DNS server is not a member of Active Directory Domain and Dynamic Updates are allowed

When creating host A records in a zone or subdomain, specify only the host name of the server, and not the fully qualified domain name.

Adding a Canonical Name (CNAME) record

Note: This process is optional. Add a CNAME record only when you have the DNS entries of an existing server and you want to use lpm-airprint as an alias for the server.

From the primary DNS server, navigate to the Windows Administrative Tools window, and then click DNS.
Note: The primary DNS server is the parent DNS server of your organization or the new DNS server that you are installing.
Expand the host name of your server, right-click the domain that is created in the forward lookup zone, and then click New Alias (CNAME) > Next.
Specify the alias name and the fully qualified domain name of the server.
Click OK.

Adding the _universal PTR record

From the Windows Administrative Tools window, click DNS.
Expand the host name of your server, and then expand the _tcp and _ipp subdomains following the forward lookup zone.
Right-click the _sub subdomain, and then click Other New Records.
In the Resource Record Type dialog box, select Pointer (PTR), and then click Create Record.
In the Host IP Address field, type _universal.
In the Host name field, type the host name in the following format:
hostname._ipp._tcp.domain.com
Where:
- hostname is the host name of the server used when creating the host A record.
  Note: Use the correct server host name in the PTR record for the _sub domain and the PTR, SRV, and TXT records for the _ipp domain.
- domain is the domain name of your organization.
Click OK.

Adding the PTR, SRV, and TXT records

From the Windows Administrative Tools window, click DNS.
Expand the host name of your server, and then expand the _tcp subdomain following the forward lookup zone.
Right-click the _ipp subdomain, and then click Other New Records.
In the Resource Record Type dialog box, do any of the following:
For PTR
1. Select Pointer (PTR), and then click Create Record
2. Leave the Host IP Address field blank.
3. In the Host name field, type the host name in the following format:
  hostname._ipp._tcp.domain.com
  Where:
  - hostname is the host name of the server used when creating the host A record.
    Note: Use the correct server host name in the PTR record for the _sub domain and the PTR, SRV, and TXT records for the _ipp domain.
  - domain is the domain name of your organization.
For SRV
1. Select Service Location (SRV), and then click Create Record
2. In the Service field, type the host name of the server.
3. In the Protocol field, type _ipp.
4. Make sure that the Priority and Weight fields are set to 0.
5. In the Port number field, enter 631.
6. In the Host offering this service field, type the fully qualified domain name of the LPM server.
For TXT
1. Select Text (TXT), and then click Create Record
2. In the Record name field, type the host name of the server.
3. In the Text section, specify the correct key and value pairs.
  Sample key and value pairs (_ipp subdomain)
```
txtvers=1
qtotal=1
product=(Lexmark Print server version 1.0)
note=Physical location to advertise
pdl=image/urf,application/pdf,image/jpeg,application/octet-stream
adminurl=http://SERVERIPADDRESS:9780/lpm/config
priority=0
rp=lpm/ipp/print
URF=V1.4,CP1,PQ3-4-5,RS300-600,MT1-2-3-4-5-6-8-10-11-12-13,W8,ADOBERGB24,DEVRGB24,DEVW8,SRGB24,IS1,IFU0,OB10
Color=T
Duplex=T
Scan=F
Fax=F
Binary=T
Transparent=T
Copies=T
Collate=T
ty=Lexmark Print server version 1.0
UUID=b15525c7-8885-4279-a0a2-2ec669b9fbaa
TLS=1.2
kind=document
PaperMax=<legal-A4
air=none
```
  Note: The key and value pairs from the DNS Record window on the configuration portal of your server (http://serverIPaddress:9780/lpm/config) apply to the _ipp and _ipps subdomains. However, the value for the air= key must be none, and the printer-type= key and value pair must be omitted from the _ipp TXT record.
Click OK.

Adding the _universal PTR record for _sub subdomain

From the Windows Administrative Tools window, click DNS.
Expand the host name of your server, and then expand the _tcp and _ipps subdomains following the forward lookup zone.
Right-click the _sub subdomain, and then click Other New Records.
In the Resource Record Type dialog box, select Pointer (PTR), and then click Create Record.
In the Host IP Address field, type _universal.
In the Host name field, type the host name in the following format:
hostname._ipps._tcp.domain.com
Where:
- hostname is the host name of the server used when creating the host A record.
  Note: Use the correct server host name in the PTR record for the _sub domain and the PTR, SRV, and TXT records for the _ipps domain.
- domain is the domain name of your organization.
Click OK.

Adding the PTR, SRV, and TXT records for _ipps subdomain

From the Windows Administrative Tools window, click DNS.
Expand the host name of your server, and then expand the _tcp subdomain following the forward lookup zone.
Right-click the _ipps subdomain, and then click Other New Records.
In the Resource Record Type dialog box, do any of the following:
For PTR
1. Select Pointer (PTR), and then click Create Record
2. Leave the Host IP Address field blank.
3. In the Host name field, type the host name in the following format:
  hostname._ipps._tcp.domain.com
  Where:
  - hostname is the host name of the server used when creating the host A record.
    Note: Use the correct server host name in the PTR record for the _sub domain and the PTR, SRV, and TXT records for the _ipps domain.
  - domain is the domain name of your organization.
For SRV
1. Select Service Location (SRV), and then click Create Record
2. In the Service field, type the host name of the server.
3. In the Protocol field, type _ipps.
4. Make sure that the Priority and Weight fields are set to 0.
5. In the Port number field, enter 443.
6. In the Host offering this service field, type the fully qualified domain name of the LPM server.
For TXT
1. Select Text (TXT), and then click Create Record
2. In the Record name field, type the host name of the server.
3. In the Text section, specify the correct key and value pairs.
  Sample key and value pairs (_ipp subdomain)
```
txtvers=1
qtotal=1
product=(Lexmark Print server version 1.0)
note=Physical location to advertise
pdl=image/urf,application/pdf,image/jpeg,application/octet-stream
adminurl=http://SERVERIPADDRESS:9780/lpm/config
priority=0
rp=lpm/ipp/print
URF=V1.4,CP1,PQ3-4-5,RS300-600,MT1-2-3-4-5-6-8-10-11-12-13,W8,ADOBERGB24,DEVRGB24,DEVW8,SRGB24,IS1,IFU0,OB10
Color=T
Duplex=T
Scan=F
Fax=F
Binary=T
Transparent=T
Copies=T
Collate=T
ty=Lexmark Print server version 1.0
UUID=b15525c7-8885-4279-a0a2-2ec669b9fbaa
TLS=1.2
kind=document
PaperMax=<legal-A4
air=username,password
printer-type=0x4C0901C 
```
  Note: The key and value pairs from the DNS Record window on the configuration portal of your server (http://serverIPaddress:9780/lpm/config) apply to the _ipp and _ipps subdomains. However, the value for the air= key must be username,password, and the printer-type= key and value pair must be added in the _ipps TXT record.
Click OK.

Adding the _services, b, and lb PTR records for _dns-sd subdomain

From the Windows Administrative Tools window, click DNS.
Expand the host name of your server, and then expand the _udp subdomain following the forward lookup zone.
Right-click the _dns-sd subdomain, and then click Other New Records.
In the Resource Record Type dialog box, do any of the following:
For _ipp
1. Select Pointer (PTR), and then click Create Record
2. In the Host IP Address field, type _services.
3. In the Host name field, type _ipp._tcp.domain.com, where domain is the domain name of your organization.
For _ipps
1. Select Pointer (PTR), and then click Create Record
2. In the Host IP Address field, type _services.
3. In the Host name field, type _ipps._tcp.domain.com, where domain is the domain name of your organization.
For b and lb
1. Select Pointer (PTR), and then click Create Record
2. In the Host IP Address field, type b or lb, respectively.
3. In the Host name field, type the domain name of your organization.
Click OK.

Setting up a DNS forwarder

In network environments where primary or secondary DNS servers are installed, create a forwarder to the new DNS server. The new DNS server must be where the resource records for AirPrint advertisement and services discovery are maintained. The forwarder lets AirPrint devices locate the LPM server without adding the records required for AirPrint advertisement to the existing DNS servers. It is not necessary to update the IP address of the primary and secondary DNS servers on the client devices or computers.

Note: Setting up a DNS forwarder is not necessary when adding the resource records to a parent DNS server. It is also not necessary when the new server installation is the only network DNS server. For more information on your environment, contact your system administrator.

From the primary or secondary DNS server, navigate to the Windows Administrative Tools window, and then click DNS.
Note: The primary DNS server is the parent DNS server of your organization or the new DNS server that you are installing.
Right-click the host name of your server, and then click Properties.
From the Forwarders tab, click Edit.
In the Selected domain's forwarder IP address list field, specify the IP address of your new server installation.
Click Add.

Configuring BIND

From Windows Explorer, navigate to the BIND installation folder, and then open the etc folder.
Open the named.conf file, and then add the following line:
options { forwarders { DNSserver; }; forward only; };
Where DNSserver is the IP address of the DNS server that contains the appropriate AirPrint resource records.
Save the file.

Delegating a domain

In network environments where primary or secondary DNS servers are installed, create a delegation map for the new domain to the new DNS server. The new DNS server must be where the resource records for AirPrint advertisement and services discovery are maintained. Delegation mapping lets AirPrint devices locate the LPM server without adding the records required for AirPrint advertisement to the existing DNS servers. Make sure that the IP address of the new DNS server is added to the list of DNS servers on the client devices or computers.

Note: Setting up a delegation is not necessary when adding the resource records to a parent DNS server. It is also not necessary when the new server installation is the only network DNS server. For more information on your environment, contact your system administrator.

From the primary or secondary DNS server, navigate to the Windows Administrative Tools window, and then click DNS.
Note: The primary DNS server is the parent DNS server of your organization or the new DNS server that you are installing.
Right-click the zone or domain where you want to create a delegation, and then click New Delegation > Next.
Specify the name of the subdomain to delegate, and then click Next > Add.
Specify the IP address of the DNS server that contains the appropriate AirPrint resource records for the subdomain, and then click Ok.
Click Finish.

Configuring BIND for AirPrint advertisement

Creating named.conf files

From the command prompt, navigate to the BIND installation folder. For example, cd C:\dns.
Switch to the etc directory. For example, cd etc.
Type start notepad named.conf, and then press Enter.
When prompted to create a file, click Yes.
At the top of the file, type options { directory dir-install; };, where dir-install is the BIND installation directory, and then press Enter.
From Windows Explorer, navigate to the BIND installation folder, and then open the etc folder.
Open the rndc.conf file, and then copy the text following the # Use with the following named.conf.. line.
Open the named.conf file, and then paste the text after the options {directory... line.
Remove # from all lines except the Use with the following... and End of named.conf lines.
Click File > Exit > Save.

Creating forward lookup zone files

Note: Make sure that you have the domain name and IP address of your DNS server.

From the command prompt, navigate to the BIND installation folder. For example, cd C:\dns.
Switch to the etc directory. For example, cd etc.
Type start notepad db.domain, where domain is the domain name of your server, and then press Enter.
When prompted to create a file, click Yes.

In the new zone file, add the following in bold:

$TTL 3600
@ IN SOA lpm-airprint.domain.com. unused-email (1 10800 3600 604800 60)
@ IN NS lpm-airprint.domain.com.
lpm-airprint.domain.com. IN A 192.168.1.10
b._dns-sd._udp IN PTR @
lb._dns-sd._udp IN PTR @
_services.dns-sd._udp IN PTR _ipp._tcp.domain.com.
_services.dns-sd._udp IN PTR _ipps._tcp.domain.com.
_universal._sub._ipp._tcp IN PTR lpm-airprint._ipp._tcp.domain.com.
_universal._sub._ipps._tcp IN PTR lpm-airprint._ipps._tcp.domain.com.

_ipp._tcp IN PTR lpm-airprint._ipp._tcp.domain.com.
lpm-airprint._ipp._tcp IN SRV 0 0 631 lpm-airprint.domain.com.
lpm-airprint._ipp._tcp IN TXT "txtvers=1""qtotal=1""product=Lexmark Print server version 1.0""note=Physical location to advertise""pdl=image/urf,application/pdf,image/jpeg,application/octet-stream""adminurl=http://SERVERIPADDRESS:9780/lpm/config""priority=0""rp=lpm/ipp/print""URF=V1.4,CP1,PQ3-4-5,RS300-600,MT1-2-3-4-5-6-8-10-11-12-13,W8,ADOBERGB24,DEVRGB24,DEVW8,SRGB24,IS1,IFU0,OB10""Color=T""Duplex=T""Scan=F""Fax=F""Binary=T""Transparent=T""Copies=T""Collate=T""ty=Lexmark Print server version 1.0""UUID=b15525c7-8885-4279-a0a2-2ec669b9fbaa""TLS=1.2""kind=document""PaperMax=<legal-A4""air=none"

_ipps._tcp IN PTR lpm-airprint._ipps._tcp.domain.com.
lpm-airprint._ipps._tcp IN SRV 0 0 443 lpm-airprint.domain.com.
lpm-airprint._ipp._tcp IN TXT "txtvers=1""qtotal=1""product=Lexmark Print server version 1.0""note=Physical location to advertise""pdl=image/urf,application/pdf,image/jpeg,application/octet-stream""adminurl=http://SERVERIPADDRESS:9780/lpm/config""priority=0""rp=lpm/ipp/print""URF=V1.4,CP1,PQ3-4-5,RS300-600,MT1-2-3-4-5-6-8-10-11-12-13,W8,ADOBERGB24,DEVRGB24,DEVW8,SRGB24,IS1,IFU0,OB10""Color=T""Duplex=T""Scan=F""Fax=F""Binary=T""Transparent=T""Copies=T""Collate=T""ty=Lexmark Print server version 1.0""UUID=b15525c7-8885-4279-a0a2-2ec669b9fbaa""TLS=1.2""kind=document""PaperMax=<legal-A4""air=username,password""printer-type=0x4C0901C"

Where:

lpm-airprint.domain.com is the fully qualified domain name of your server.
192.168.1.10 is the IP address of your server.
lpm-airprint is the host name of your server.

Note: The key and value pairs are listed in the DNS Record window on the configuration portal of your server (http://serverIPaddress:9780/lpm/config). Make sure that the extra parenthesis for the product= key and value pairs are removed.

Save the file.

Creating reverse lookup zone files

Note: Make sure that you have the domain name and IP address of your DNS server.

From the command prompt, navigate to the BIND installation folder. For example, cd C:\dns.
Switch to the etc directory. For example, cd etc.
Type start notepad db.domain.in-addr.arpa, where domain is the first three octets of the IP address of your server in reverse order, and then press Enter.
When prompted to create a file, click Yes.
In the new zone file, add the following:
```
$TTL 3600
@ IN SOA lpm-airprint.domain.com. unused-email (1 10800 3600 604800 60)
@ IN NS lpm-airprint.domain.com.
20 IN PTR lpm-airprint.domain.com.
```
Where:
- lpm-airprint.domain.com is the fully qualified domain name of your server.
- 20 is the last octet of the IP address of your server.
Notes:
- If there are duplicate AirPrint advertisements on the client devices when using BIND on Linux or Unix in the db.domain file, remove the _universal._sub._ipp._tcp IN PTR lpm-airprint._ipp._tcp.domain.com line.
- If character limitations occur when using GUI tools to add DNS records to a BIND server, reduce the key and value pairs to air=, pdl=, qtotal=, rp=, tls=, and urf=.
- If there are Mac OS X 10.10 or later client workstations on the network, then add the Color= and Duplex= key and value pairs. Starting with Mac OS X 10.10, depending on the value of Color= and Duplex=, the color and duplex print settings for an AirPrint printer are disabled.
Save the file.

Referencing zone files in the named.conf file

Note: The zone file may not be in the same folder as the named.conf file.

From Windows Explorer, navigate to the BIND installation folder, and then open the etc folder.
Open the named.conf file, and then add the following after the options {directory... line:
```
zone "domain.com." { type master; file "db.domain"; allow-update { any; }; };
zone "1.168.192.in-addr.arpa" { type master; file "db.1.168.192.in-addr.arpa"; allow-update { any; }; };
```
Notes:
- The value after the file element is the relative path to the zone file. The path and file name must be correct based on the zone file that you have created. The allow-update key allows clients to add or update their DNS records, known as Dynamic Update.
- Allow dynamic updates only when adding the new zone to a parent DNS server or when the new server installation is the only network DNS server. For more information on your environment, contact your system administrator.
Save the file.

Starting the ISC BIND service

After the following are created, start the ISC BIND service:

Key files
Zone files
named.conf file

Note: Make sure that the startup type for the service is set to Automatic.

From the Windows Administrative Tools window, click Services.
Right-click the ISC BIND service, and then click Properties.
From the Log On tab, set Log on as to Local System Account, and then click OK.
Right-click the ISC BIND service, and then click Start.

Other considerations for DNS server configuration

The zones, domains, and resource records for AirPrint advertisement can be added to the parent DNS server of your organization. These domains and resource records can also be added to an existing zone. Clients that are configured to use that DNS server can discover the server using AirPrint when the following are specified in the network properties:

DNS server IP address
Search domains

However, we recommend installing the DNS role on the LPM server, and then adding the appropriate zones, domains, and records to that server. Specify that server as a secondary DNS server or configure a forwarder on the parent DNS server using the IP address of the LPM server.

Zone transfers

Zone transfers can be considered a security risk. It must not occur between the parent DNS server and the LPM server. Setting up a forwarder or a delegation prevents zone transfers between the parent DNS server and the LPM server.

Note: For more information on your environment, contact your system administrator.

Client configuration

You can configure the following with the IP address of the DNS server that is configured with a forwarder to the DNS server. The DNS server must be where the resource records for AirPrint advertisement and services discovery are maintained. Make sure that the iOS mobile device contains the correct zone or domain name as a search domain. For example, domain.com. These settings can be configured on the mobile device using a DHCP server or by manually editing the settings of that particular network:

Mobile devices
Macintosh computers

Note: For more information on your environment, contact your system administrator.

Creating profiles using Apple Configurator

An AirPrint device or AirPrint server can be deployed to a mobile device using a profile.

Note: AirPrint profiles are applicable only on mobile devices running on iOS 7 or later.

From your Macintosh computer, launch the Apple Configurator tool.
Click Supervise.
Select All Devices > > Create New Profile.
Select AirPrint, and then click Configure.
From the AirPrint window, click .
Do either of the following:
Manual configuration
1. From the Configure printer menu, select Manually, and then type the IP address of the load balancer.
2. In the Resource path field, type lpm/ipp/print.
LPM configuration
Note: The following instructions are applicable only when your Macintosh computer is on the same subnet as the AirPrint server. You must also enable Bonjour discovery in the LPM web portal.
1. From the Configure printer menu, select Lexmark Print Management, and then type the IPv4 or IPv6 address of the load balancer.
2. In the Resource path field, make sure that /lpm/ipp/print is entered.
Note: You can add multiple AirPrint devices to a profile.
From the Supervise window, select the profile, and then export it.
Type a unique name for the profile, and then specify the location.
Click Save.

To install the profile on a mobile device, do the following:

Use the Apple Configurator tool
E-mail the profile to the mobile device as an attachment
Deploy the profile using a mobile device management tool

Understanding the command line tools for DNS server configuration

NSLookup—Lets you resolve names in the forward and reverse lookup zones. From the command line of a Windows or Macintosh computer, do either of the following:
- Type nslookup IPaddress, where IPaddress is the IP address of the server, and then press Enter. Make sure that the correct host name is returned to indicate that the host (A) records have been created successfully.
- Type nslookup HostName, where HostName is the IP address of the server, and then press Enter. Make sure that the correct IP address is returned to indicate that the host (A) records have been created successfully.
DNS-SD—Lets you view a list of AirPrint-advertised services and their associated domain names. You must be on the same network subnet as the server to view the mDNS advertisements of the server. This tool lets you check whether the records for AirPrint advertisement have been created correctly for the appropriate zone or domain name.
With the Bonjour SDK installed on your Windows computer, from the command line, type dns-sd -B _ipp._tcp.
To check the details of an advertised printer service, from the command line, type the following:
dns-sd -L HostName _ipps._tcp DomainName
Where:
- HostName is the host name for your environment.
- DomainName is the domain name for your environment.
Note: To prevent conflicts with the Bonjour Service used for mDNS advertisements, do not install the Bonjour SDK (or Bonjour for Windows) on the LPM server.
DIG—Lets you check whether the resource records are correct from a terminal session on a Macintosh computer. The following are sample DIG commands:
- dig -t PTR _ipps._tcp.domain.com
  This command returns the host name for the PTR record in the Answer section of the response.
- dig -t SRV lpm-airprint._ipps._tcp.domain.com
  This command returns the priority, weight, port, and host name information for the SRV record in the Answer section of the response.
- dig -t TXT lpm-airprint._ipps._tcp.domain.com
  This command returns the key and value pairs for the TXT record in the Answer section of the response.
- dig -x 192.168.1.10
  This command performs a forward lookup. It returns the host name in the Answer section as defined in the forward lookup zone for the sample IP address 192.168.1.10.
- dig lpm-airprint.domain.com
  This command performs a reverse lookup. It returns the IP address in the Answer section as defined in the reverse lookup zone for the sample host name lpm-airprint.domain.com.