Hi all,

Scenario:-
Linsys Router
External IP (xxx.xx.xx.xx)
Internal IP (192.168.1.1)

Router DMZ on and points to Linux box (192.168.1.10)

Linux Box (192.168.1.10)

Now I have a domain name www.mydomain.com registered with a registrar
(Currently uses their dummy name servers need to supply my own)

1) I cannot ask my ISP for this service or the registrar due to $$
2) I would like to use run my own name server for flexibility (i will
find a secondary nameserver)
3) I have tried free name server providers (but the refresh times are
too long >24hr)

How do I set up so when a user points to www.mydomain.com so it
resolves to my Static IP address (xx.xx.xx.xx)?
My primary dns/www/mail server will all be on one machine
(192.168.1.10), is this configuration possible for an individual with
one IP address? If so how?
Please brief me on the DNS named and zone files as to what IP address
they should contain (local 192.168.1.10 or external (xx.xx.xx.xx)).

All suggestions welcome however wish your answer can be detailed as I
am now worn out....

p.s. I have gone through a lot of postings but not come across with my
setup above.(I could eliminate the router in between and configure
Linux as the router)

Use the external public IP as the primary dns... as example for mydomain.com

Have all the CNAMES for services point to the domain name, thus smtp or www
resolves to mydomain.com at the public IP.

Have the Linksys direct the open service ports, you should turn off DMZ if
the port forwarding is sufficient.

Get a friend, or another site or your isp, to be your primary/secondary
dns... be creative... exchange services...

"Ivan" <ivanfernandes@flashmail.com> wrote in message
news:e5a5360a.0401211340.2e5f844e@posting.google.c om...

Ivan wrote:
There are three possibilities:
1. You don't need a DNS server.
2. You do need a DNS server.
3. You don't want a DNS server but a DNS cache.

1. You don't need a DNS server.
If you registered your domain name with www.mydomain.com then it will be
on their DNS servers. The domain name would be pointing to a
holding/dummy web server, not a dummy nameserver. Putting your domain
name into your browser wouldn't bring up anything otherwise.

2. You do need a DNS server.
Make sure you read "1. You don't need a DNS server" a couple of times.
If you're convinced that you still need to supply your own DNS server,
read this.

So you want a DNS server on your network, resolving your domain name to
an ip address for anybody on the Internet?

Setting up a public DNS server is complicated. Seeing that you don't
know whether you can have dns/www/mail on one computer makes me think
that you might be in over your head.

If you're stubbornly determined, heres the HOWTO:
http://langfeldt.net/DNS-HOWTO/BIND-8/

3. You don't want a DNS server but a DNS cache.
If what you really want is a DNS cache for your local network, then have
a look at chapter 3:
http://langfeldt.net/DNS-HOWTO/BIND-8/DNS-HOWTO-3.html

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

Ben Measures <saint_abroadremove@removehotmail.com> wrote in message news:<6mDPb.4$_l2.3@news-binary.blueyonder.co.uk>...
--Well not really dummy, but they said thier NS's hold no records that
point to my IP address ?

--Just wondering if there would be any conflict with the 3 services
all under one IP specialy since NS and www are at the same IP.

-- Thanks, Have read the file and implemented it but to no avail
which leades me to ....
Since i have to provide my own 2 NS's to my registrar
Does my name servers have to be registered (according to Dr DNS it has
to), as i am pointing my domainname NS at the registrar end to
NS1.mydomain.com (my computer) and with whom do i do that?.

--Thanks for all the support.
Regards Ivan

Ivan wrote:
You need to get in contact with the company you registered your domain
with (www.mydomain.com?) and tell your ip address. Their NS will then
resolve all requests for www.yourdomain.com to your ip address. If their
NS won't then you've made a mistake in registering the domain with
whomever you did - there are others who will, for less money.

BTW, what is your domain? It would help a great deal in determining if
they will resolve it for you.

Now, are you *absolutely sure* about this? The only way to be sure is to
do whois (http://www.internic.net/whois.html) on the domain. It will
list the nameservers registered with the domain.

Yes you do have to register your name servers. That is the complicated
bit. I don't know who with or how. Maybe its with whoever handles
..com/.biz/.org or whatever your domain name ends with.

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

Ivan wrote:
This is totally possible to do. I would say that the responses you've
received thus far haven't been overly enlightening. I wish I had the
time to get really detailed with you, but I don't right now. But basically:

(1) Start by getting your Linux machine set up first:
- Create your DNS zone file for mydomain.com in /var/named
- Reference the zone file in /etc/named.conf allowing zone transfers
from the registrar and whomever you chose as your secondary DNS (more on
that soon)
- Restart named on your machine (# /etc/init.d/named restart)

(It's totally possible to setup your /etc/named.conf to allow your DNS
to work as a local caching DNS as well as your primary DNS simulatneously.)

(2) Ready your router/firewall:
- Port forward (I believe the correct nomenclature for Linksys) your
service ports to the box or boxes behind your router that will be doing
the HTTP, SMTP, etc. processing. If it's the Linux box, then port
forward 80, 25, and whatever else you want to 192.168.1.10.
- You don't need DNS set up to test to see if these work, just telnet
(from an outside IP preferably) to your public IP at port <x>.
- Port forward port 53 to 192.168.1.10. This will allow the DNS servers
you specifed in /etc/named.conf to complete their zone transfers. You
HAVE to do this.

(3) Get a secondary DNS.
- You have to do this for most registrars.
- I can't recommend any secondary DNS service providers, but I used
www.twisted4life.com with GREAT success. It was free and updates were
zone transfers, make sure that address is specified in /etc/named.conf
so that they can do zone transfers.
- You should, within the refresh period, see the zone transfer take
place from the secondary DNS provider to your Linux box (xxx.xxx.xxx.xxx
-> 192.168.1.10) by looking in /var/log/messages.

(4) Update your registrar records.
- Go back to your registrar and specify your primary DNS address as your
public IP and your secondary DNS providers IP as your secondary.
- Wait. Should take 24 hours but they allow for 72 hours.


This *should* do it.

It is totally possible for all your services to run off the same box and
to have the same IP set in your DNS zone file. Works just fine. There
are differing opinions in the DNS world as to whether you should use
CNAME records for the same IP, but I use regular A records, and this
works just fine. CNAME cause an additional DNS lookup, so I use A
records. Either way is going to get you what you want if you set it all
up correctly. It's a BIT tedious, but it's not impossible to do and
very rewarding to be running your own DNS...

When you are all done and you know your new DNS servers have propogated
out from updating your registrar records, run your public IP through
http://www.dnsreport.com You should come back with a good report.

If you are going to run email through your box, you need to address MX
records as well in your zone file.

Sorry I can't get more detailed right now (about the configuration of
the zone file which is important!!!) Maybe you can read up on that. If
you are going to run your own DNS, you should at least get serious and
purchase O'Reilly's "DNS and BIND" book. It's the best. And it details
the configuration of a simple zone file which should work for you. It
has a couple of "cookbook" scenarios in the book. It's well worth your
money if you are going to be serious about this. Everything will hang
on the proper configuration of your zone file...

The guys in the Linux networking group will do you better than here,
more than likely, if you need some tweeking.

Chris
-----
Chris Olive
chris (-at-) technologEase (-dot-) com
http://www.technologEase.com
(pronounced "technologies")

Chris wrote:
Oops... I meant to say updates are <24 hrs (less than). Usually within
1-2 hrs.

Chris
-----
Chris Olive
chris (-at-) technologEase (-dot-) com
http://www.technologEase.com
(pronounced "technologies")

Chris wrote:
I dont think Ivan is wanting to be able to resolve names like
www.somedomain.com, ftp.somedomain.com, irc.somedomain.com, etc.

AFAICT, he thinks he needs to create a DNS server so that the
higher-level somedomain.com is resolved - this need is quite unlikely
IMO, the "registrar" should provide a DNS server for you. Getting other
(public) nameservers to refer requests to you is quite complex, at least
for a beginner.

It would be much easier if Ivan would post the domain so that people
could do whois for him.

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

On 21 Jan 2004 13:40:56 -0800, ivanfernandes@flashmail.com (Ivan)
wrote:

I agree with Ben, I don't think you need your own name server, anyone
can do this for you. I'll do my best to explain what I think you
need.

Your name server is the computer that has the public ip addresses for
your network. From what you've said, you only have one public ip
address, the ip address of your Linux box gateway. This makes things
fairly simple The name server can be anywhere, it doesn't have to be
on your Linux box, in fact it's probably easier if it isn't. Your
name server is the one that other dns servers come to in order to get
your ip address.

This is basically what happens when a domain name is resolved in say,
your web browser, (the simplified explanation). The browser will ask
a local dns server for the ip address. That server will 'ask around',
other name servers and will find out where the 'authoritive' name
server is. The authoritive name server has the ip address for the
name and this will get relayed back to the web browser( or email
client or whatever ).

So what you have to do is determine who you want to be your
authoritive name server, and then configure that name server so that
it has the public ip address of your network And then you have to let
all the other name servers on the internet know where the authoritive
name server for your domain is. It's actually a lot simpler than it
might sound.

The hard way will probably be to use your own network gateway Linux
box as your name server. I use a free name server at
www.zoneedit.com. It's free if you have less than five domain names
and your traffic isn't huge. And even if you have a lot of traffic,
it's still cheap. There are others as well, but this is the one I've
had experience with. You set up an account with them and configure it
with your domain name. Then you configure the domain name with the
public ip address of your network. Very easy, can be done with a web
browser in a few minutes. Now it knows the ip address of your network
and can tell other name servers what it is. One of the advantages of
using them is that they have diesel generators as a backup in case of
a power failure, and a secondary name server on a different network
altogether. So you're name server isn't likely to be down.

Now you have to let name servers on the internet know where your
authoritive name server is. When you created the account with
zoneedit, they tell you what the addresses of the their (your) name
servers are( primary and secondary). It will be something like
ns1.zoneedit.com and ns2.zoneedit.com. These are the name servers
that are authorative for your domain name. Now you go back to your
domain name registrar, the place where you registered the name, and
tell them these two addresses. Some of them let you do this via web
configuration, you go to the place where it says primary and secondary
name servers, and you put in the addresses that were given to you.
You should at least be able to do this via email. The name of your
authoritive name server propogates from the registrar through to the
rest of the name servers on the internet, or at least to the root
ones. This is where the delay comes in. This will take somewhere
between 24 to 72 hours before it's finally done, but once that's
completed you're set.

You can run your different services, like web and mail servers, on the
one computer, or you can put them on different machines on your
network. All of the request for your domain name will come to the
gateway machine. The services can be running there, or the gateway
can forward them to another computer.

You might want to run a caching name server on your network to speed
up access to external sites, or you might want a name server local to
your network to resolve names for the computers on your network, but
this is a different story.

Dan

dan_nelson123>>>>>>>hotmail>>>>>com

Hi All,

I have finally manages to set it up and have my site online, the
reason I had not posted my web address is due to client
confidentiality. Dan, I did use zoneedit.com after looking around for
a lot of free name-servers and then hit upon them, yes they are FREE
and great. Very easy to manage. I tried to use granitecanyon.com but
could not get the 'zone config' right in their manage box and then
they would bounce my mail back when I tried to confirm (could not
figure it out).

I went down this part as I a sure others have, first I got a web
address and then realized that I need to get nameservers and both my
registrar and ISP where charging for that. now Linux is a free world
so i was sure a solution was out there, then this led me to run my own
NS which now realizing I configured right with the help from various
websites and books BUT ALL don't mention (guess common sense for a
administrator) that you have to have your nameservers registered with
the top level domain (means more $$). that was where the frustration
was I got it all working but should not access it from the internet.
But i got hold of the DNS and BIND book, along with Dr DNS that one's
NS have to be registered.

Anyway I am happy bunny (or penguin) now! But I am sure there are a
lot of people out there who think there, who think they could just
register thier domain name and rock in roll (funny no registrar (that
I encountered) mentions they will hold you at ransom for not having a
NS, friendly call it 'DNS Parking' that has no name-ip resolution
(this is just done so that they get your business, as the main country
domain body requires 2 NS when you register)

I hope other novice eager web-registration people like me take note,
also I think the DNS FAQ's should advice one about registration (if I
missed it) when the speak about running you own NS

Thanks Michael, Chris and Dan your inputs where very timely, detailed
and precise. Cheers!!!

Ivan

On 23 Jan 2004 07:32:46 -0800, ivanfernandes@flashmail.com (Ivan)
wrote:

I love the free nature of Linux. Glad I could make a small
contribution by helping someone else, I'm usually the one asking the
questions.

Good luck managing your network.

Dan

Dan wrote:
Sharing the knowledge is a good way to start. At least that's what I try to do.

We all were newbies once, and some of /still/ have the odd question. Learning
never stops.


Luck to you as well


--
Lew Pitcher

Master Codewright and JOAT-in-training
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.

Along with the other great responses, I thought I'd share my interesting
setup with ya. I have the exact same hardware configuration as you, except
I have a dynamic dns.

I use www.no-ip.com's authoritive DNS servers with the registar. They offer
a service that lets me run a client and send my IP to them when it changes
so their records can reflect this (You don't have to worry about this).

My gateway box is also setup to be the authoritive nameserver on my domain.
However, since "the world" sees the authoritive ones as ns1.no-ip.com and
ns2.no-ip.com, it's only really authoritive to machines I tell it to be for
(in this case, my local network).

I did this so I could have all of my local machines (which have private IP's
and get NAT'ed through the gateway) use my domain.

Some example config:
I have gateway.mydomain.tld registered with no-ip to point to my gateway
box. the no-ip record has my internet ip.

I have bind9 on the gateway acting as the authority for my domain:

from named.conf:

zone "mydomain.tld" {
type master;
notify no;
file "pri/mydomain.tld";
};

and my zone file for my domain:
$TTL 86400

@ IN SOA mydomain.tld. jlowery.mydomain.tld. (
2 ; Serial
8H ; Refresh 8 hours
2H ; Retry 2 hours
1W ; Expire 1 week
1D ; Minimum 1 day
)

NS gateway
MX 10 gateway.mydomain.tld
gateway A 192.168.1.1
www A 192.168.1.1

# some machines on my local network
oracle A 192.168.1.10
trinity A 192.168.1.11

The one thing to be sure of is keeping the gateway records in sync with my
external provider's records. if I put a cname on the external provider for
the gateway, I have to do it on the gateway too.

So as far as my local network is concerned, gateway controls mydomain.tld.
Oh, and also named.conf needs the "hints" record to be able to resolve
everything else.

zone "." IN {
type hint;
file "named.ca";
};

The only thing left to do is have all the local network machines use
192.168.1.1 (the gateway) as their nameserver.

So all the machines on my local network are using DNS for my domain (I only
have 5 but this is my network and I like playing and it works globally
as well.

if you resolve the gateway from the internet you get the external IP, if you
resolve it from the LAN you get the internal IP.

Jeremy