|
How to make my own DNS server?
I have registered my domain name on a third-party Domain Registry. I used to alter DNS entry by logging in to domain administration on their website.
I just want to ask if it is possible for me to just configure one dedicated server on our end and input the DNS entries there so I wouldn't need to logon to the Domain Registry and alter DNS entries. If so, how can it be known to the whole internet? I mean what are the things that I need to do? Thanks. |
If you are asking if you can setup your own DNS server that will propagate changes to the rest of the DNS servers on the Internet and allow you to maintain your own domain name, you can't do that.
|
I just want our organization to manage our own DNS entries. Right now, when we want to make changes on our DNS entries, lets say I want to add an "IN A" entry of mywebsite2 on the domain mydomain.com pointing to IP Address 1.1.1.1, we would need to call our provider and tell them to add this entry to their DNS Server. I just want to manage this DNS entries by having to input it on the server in our organization and to make it visible to the rest of the world..Or at least to our ISP..
|
Yes, managing your own DNS will do exactly what you are looking for. Your ISP will have nothing to do with it. The only issue you might have is you can't have just one DNS server, you need 2, a master and a slave. You can use your package manager (by the way, put your distro in your profile) to install BIND, or you can compile it from source. The newest BIND is 9.4 as of a few days ago, so I suggest compiling it, unless your package manager already has a 9.4 installer.
Peace, JimBass |
Okay. Can you please explain to me how the DNS entries that I will put into these servers be propagated on the internet? I mean if ISP has nothing to do with it, how do I broadcast for example my MX record and my IN A record? Thanks.
|
You go to the webpage of your registrar, and on that page you can specify your DNS servers. You create A records for whatever you call your DNS servers, say ns1.domain.com, and ns2.domain.com. Then identify your servers at the registrar by IP address. That way you don't have to notify your current DNS provider about the change until it is complete.
Then when somebody tries to reach your site, the registrar has the top level domain servers pointed at you. So if your site ends in .com, the query will go to the roots who point it at the top level domain, who point it to your DNS server. Peace, JimBass |
That's cool but is it really necessary to create 2 nameservers? I mean isn't it possible to create one primary server and the other one is being maintained by the ISP? So the main logic in there is that when you tell your DNS provider the IP Address of your nameservers, everytime someone would query your domain it will then pass the DNS provider and points him/her to the IP address you gave them? is that right? So in that way, i can do any entries I like on my nameserver and it will be propagated in the internet? let's say i put A record to myname.mydomain.com then it will be seen in the internet
ANother questions is that what are the requirements of building a DNS server? I need a public static IP for this one right? Should it be behind the firewall or just wide open without any local area networks connected? Thanks. |
It absolutely is necessary. There must be 2 nameservers so in the event one is down, info about your domain is still available to the net.
You can have a slave server anywhere on the net, that is a standard way of doing things. You can't however just decide what the second server will be, it needs to be configured as a slave to your primary machine. Your ISP may be willing to do that, but I have never seen an ISP that is willing to slave a zone for customers. The nameserver like any other internet facing machine, should be behind a firewall. The nameserver will need port 53 open to the public net, both UDP and TCP. Having it connected to a LAN is your choice. It is fine to, but it does pose a bigger security risk if the machine is compromised. Peace, JimBass |
Ok so I should configure each two machines to be primary or slave? Do I get this correct? So configuring machine A, I should tell that machine as Primary and Slave on Machine B? Can I add more than two Nameservers for failsafe approach? I mean two servers is connected in our infrastructure and two other on a site far away from our office?
|
You can have at least 2 and as many as 7 nameservers. With 2, one is configured as master, and one as slave. With more, you keep one master and propagate the changes to as many slaves as needed. One server in one location, and one in another. Technically, they should be both in separate physical locations, and on separate public class C networks. That isn't enforced though, you can have both at the same location and on similar addresses.
Peace, JimBass |
Okay thanks so much. I now want to start configuring bind. Any pointers or at can you give me a guide on how to configure bind for newbies like me? What are the things that I need to prepare? I have 6 static public IPs and two servers. I wanted to start by configuring two machines which are both located in our office. And if possible, instruct our ISP to include our entries into their NS for backup. Once I completed the installation and configuration of bind on the two machines, I will then assign a static IP on the two machines and input in on my DNS registrar as well as the "A" entries of the two. As a failsafe, I will include the NS of my ISP. Thanks so much.
|
There are thousands of guides to setting up DNS on the net already, and it is far too large of a topic to go into in a single post. Based on the previous questions you've asked I get the impression that you aren't very familiar with google. I strongly suggest changing that habit, as everything you've asked as easily answered by google, just typing in the exact questions that you've asked here.
Long story super short is install BIND, put your domain name in the named.conf file, create the zone file, fill it with the correct info in terms of A records, MX records, SOA (start of authority) etc. Restart BIND, and it should be good. The slave doesn't get the zone manually like the master does, you set that named.conf as a slave, and it pulls the zone from the master. You CANNOT assume your ISP will slave your zone for you, odds are very good that they won't. That puts them at fault if your zone doesn't resolve. You can completely screw up the zone on your end, they copy the bad zone from you, then when another customer or ISP can't resolve you, since your ISP would have to be listed as an authoritative nameserver, people would contact them over the problem, except it wouldn't be their problem, it would be yours. For that reason alone, 99% of ISPs will not slave zones for customers, they will only be the master if anything. Check with them first of course, and when they tell you no they won't slave, you still can do it by yourself. Just be aware any time your DNS isn't working properly, you get no email, no website visits, nothing at all. Peace, JimBass |
JimBass,
I already searched google on this but since the topic is so broad and I wanted to build a specific technology for this (on this case Open Source), I tried to ask it here. I am very grateful on enlightening me on this topic. It has been a great help answering my questions. I will just have to review bind. My main goal is to manage our own domain and provide our own secondary mail server which will get all mails just in case the MX 10 went down. Thanks very much. |
I understand completely man. Some things to bear in mind -
BIND is 100% open source, and is far an away the most popular DNS server on the planet. Any search for DNS questions will usually gets answers for BIND, unless you add something else to it, like microsoft DNS. I didn't say what I did about google to insult you, it is simply that if you put the exact wording of the questions you asked here into google, you'd have gotten the same answers in seconds as opposed to waiting for posts. If you're going to be running real world servers (which both mail and DNS are), then you will have problems come up, and you'll want them fixed as soon as possible. Waiting 3 or so hours for somebody here to read and respond isn't the best circumstance when the problem is you have no email coming in, or nobody can reach your website. You can find many times more info about open source products than you can closed source. That is yet another great benefit to using open source. You can put in "bad" query terms 5 times, and get it right on the 6th. Just read and adjust. You're very welcome for the help we've provided you with so far, and will give more in the future when you need it. Peace, JimBass |
Thanks man.
I really appreciate all the help you gave me. I now work in a company where all technology are proprietary. I don't know why people would decide to go for a expensive one just for support when I am getting all of the sort from this kind of community. And every time they here open source, they always seem to be uninterested about it. I am still hoping that open source will grow exponentially someday. Thanks again. |
| All times are GMT -5. The time now is 06:35 AM. |