LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   DNS Server for 2 domains - Bind9 (http://www.linuxquestions.org/questions/linux-server-73/dns-server-for-2-domains-bind9-507751/)

bence8810 12-05-2006 05:00 PM

DNS Server for 2 domains - Bind9
 
Hi

I have high hopes that one day I may master linux :) However, I am not yet even a beginner. Having said that, I hope you wont beat me up too much for asking a stupid question.

I have used a WebHosting service for 3-4 years now, and I am thinking on moving all to my local server. These sites are not very important, non commercial sites, even if they are down for a week, it wont matter.

I have a single server, and I want to set up DNS. I know for DNS, I need two servers at least, but I only have one. Can this still be done? Like ns1.domain.com and ns2.domain.com are both pointing to the same Server, same IP?

Now the thing I cannot figure out, and I am sure is very simple.
I have two domains. A.LNX and B.LNX for example. I want to host my own DNS for both. Is it possible? I am with Godaddy, and when I go there to change my DNS servers, what do I put? Now both A.LNX and B.LNX are pointed to my webhost. I would like to make A.LNX my DNS domain, such as ns1.a.lnx. Now, if I go to my Registrar to change A.LNX's DNS servers, can I set it to ns1.a.lnx already? I think it would not resolve, right? I mean it sounds silly that its being pointed at itself..... Please clear this up, I am lost....

I guess once I have the first domain set, I can point the second domain to the first for DNS.

Thanks for any help, and sorry for the ambiguous message, at least it is for me.

Ben

chort 12-05-2006 05:39 PM

When you specify DNS servers with your registrar, if they aren't "well-known" DNS servers you need to give their IP addresses. The last time I was setting this up it required two DNS servers that resolve to different IPs. I don't know if GoDaddy requires that (I already had two when I switched to GoDaddy). If you can get two static IP addresses, you can just use port forwarding to send both of the IPs to the same server. Regardless, you need two DNS servers at minimum with your registrar and you need to setup with your registrar what their IPs are (staticly defined hosts).

You can use the same DNS servers for more than one domain. That is not a problem.

gani 12-06-2006 02:32 AM

We're just running one DNS server. Although in our registrar, we pointed our NS servers to two different IP just to fake our registrar that we have two but in reality, only one is currently existing. This is possible if you have more than one public IP address.

Here is our setup:

5 IP addresses
IP1 = ourdomain.com
IP2 = used by the gateway of a separate LAN
IP3 = reserved for other purposes
IP4 = ns1.ourdomain.com
IP5 = ns2.ourdomain.com # non-existent host

IP1 = ourdomain.com = mail.ourdomain.com = otherdomain.com = mail.otherdomain.com
= www.ourdomain.com = www.otherdomain.com

bence8810 12-06-2006 05:22 AM

Hi

Thanks for the answers.

So basically speaking, without having 2 Static IP's, I cannot really do anything, right? I have only 1 Static, and a friend of mine has a Dynamic with a DDNS domain name attached to it, but I guess that is for no use since the Static IP is needed.

In these respects, I can forget having my own DNS hosted. However, I would still like to have a DNS server for internal purposes, so in case I want to make a specific DNS entry, I could.

Would BIND9 be still useful for me in this case?

I am on a VPN most times when I am at home, and there are names I need to resolve, and the only way would be with a sustom DNS server, where I can specify.

server.fakevpndomain.loc should point to 10.10.10.10 for example.

Can I use Bind for this?

Thanks

Ben

gani 12-06-2006 06:00 AM

If you are mentioning of an internet site that can't be resolved, it's no longer your responsibility but of your ISP. You need to talk to them why there is certain site in the internet that your DNS can't resolve for me.

If you are planning to create a local/internal only domain so that you can access your local hosts/computers using names and not IP, you can build your own local DNS and as well use that as your local caching server.

BIND as what I feel, is still the widely used DNS server and for startups I can recommend this tutorial that I myself started from:

http://langfeldt.net/DNS-HOWTO/BIND-9/

bence8810 12-06-2006 07:48 AM

Hi

I actually mean, that from home I connect to a corporate Lan, which has its own internal domain, and unless I have one of their DNS servers among my DNS's, then I wont be able to use outlook, etc. It doesnt work on purely IP bases.

What I think of doing is to have my Linux server as my primary DNS server, and it would work as a forwarder except for the VPN fake domain. Lets says its

company.global.loc

Now I need somethimes to access outlook through

exchange.company.global.loc and its obviously not resolvable from the outside, just with the company's DNS servers, which are also only reachable in the VPN area, so if I am not connected to VPN, but have the company's DNS as my DNS server, I cannot do anything on the internet as the DNS is not reachable. Until 2nd-ary DNS kicks in, I am out of luck. This is about a 10-20 sec latency, quite annoying.

Thanks

Ben

gani 12-08-2006 12:55 AM

Try to use your Linux server as a local DNS caching server and use that as your DNS, i.e., its IP. But that (your server) should be able to connect to the internet.

Just follow the link I gave earlier, it has the instructions on how to do this. Actually this is just some few steps and just two lines in /etc/resolv.conf

lookup file bind
nameserver 127.0.0.1

If your desktop is Linux (that I thought not since your are mentioning about outlook), install there a caching nameserver and you will become mobile that won't need updating your nameservers entries in resolv.conf everytime you transferred to another place and network.

bence8810 12-08-2006 04:14 AM

Hi

Great idea, I read through the article, and set my BIND9 up accordingly. It even works, but still, I have one question left.

I have a domain at dyndns.org, and it is (only example of course)

mydomain.homelinux.org

Should I name my computer that, or

mycomputer.mydomain.homelinux.org ?

Also, if I have my server's name is this, I should make this for the DNS name in the config, right? I mean like in /etc/resolv.conf after the "search" I should add that right?

Now, for the

company.global.loc I would create a new zone, correct? So I would end up having two zones in my DNS? One for my internal domain name, and one for the company VPN domain.

So basically my only zone is this now:

$TTL 3D
@ IN SOA mydomain.homelinux.org. myemail.mydomain.homelinux.org. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS mydomain.homelinux.org.
1 PTR localhost.



But I would create another file like this corresponding to the VPN domain. Is it correct? Also also an entry to named.conf?

Sorry for the flood oq questions, I am still trying to fogure out what DNS is all about. The article you sent was very helpful understanding basically how it works though.

thanks for all,

Ben

gani 12-08-2006 06:04 AM

>> I have a domain at dyndns.org, and it is (only example of course)

>> mydomain.homelinux.org

>> Should I name my computer that, or

>> mycomputer.mydomain.homelinux.org ?

Your domain will be - mydomain.homelinux.org and therefore any host you want part of that domain will become anyhostname.mydomain.homelinux.org or for your computer as you already said.

As an example guide:

Zone file name: relevant-dir/mydomain.homelinux.org
Forward resolution

Code:


$ORIGIN mydomain.homelinux.org.
$TTL 3D
@      IN      SOA      mydomain.homelinux.org. myemail.mydomain.homelinux.org. (
                        200612081  ; YYYYMMDD#  Serial
                        8H        ; Refresh
                        2H        ; Retry
                        4W        ; Expire
                        1D )      ; Minimum TTL
                           
                            NS  ns1.mydomain.homelinux.org.
mydomain.homelinux.org.      A    static.public.ip.addr1
ns1.mydomain.homelinux.org.  A    static.public.ip.addr2
localhost                    A    127.0.0.1

mydomain.homelinux.org.      MX  10 mail.mydomain.homelinux.org.                 

; CNAMES

www                        CNAME  mydomain.homelinux.org.
mail                      CNAME  mydomain.homelinux.org.

Reverse resolution:

Zone file name: relevant-dir/mydomain.homelinux.org-rev

Code:


$ORIGIN oct3.oct2.oct1.in-addr.arpa.
$TTL 3D
@      IN      SOA      mydomain.homelinux.org. myemail.mydomain.homelinux.org. (
                        200612081  ; YYYYMMDD#  Serial
                        8H        ; Refresh
                        2H        ; Retry
                        4W        ; Expire
                        1D )      ; Minimum TTL
                           
                  NS  ns1.mydomain.homelinux.org.
oct4-1            PTR  mydomain.homelinux.org.
oct4-2            PTR  ns1.

oct# = octet# as in 1.2.3.4 where 1 = oct1 and so forth.

So it is really necessary that you should be assigned with continous IPs in a block which is really the case when you will acquire a multi-IP account from an ISP.

named.conf just showing the revevant portion:

Code:


// Master zones
//
//zone "myzone.net" {
//      type master;
//      file "master/myzone.net";
//};
zone "mydomain.homelinux.org" {
        type master;
        file "relevant-dir/mydomain.homelinux.org";
};
zone "oct3.oct2.oct1.in-addr.arpa" {
        type master;
        file "relevant-dir/mydomain.homelinux.org-rev";

Then as I understand this, you should create a separate zone files both for forward and reverse resolution for your internal hosts within your LAN and put them on your named.conf file. Also, if your DNS server is behind a firewall, it should port forward tcp/udp port 53 to that box. And as a security measure since bind has history on this, it is not advisable to maybe join this within your LAN but on a separate DMZ or directly/separately connect it to the public as I've done here in OpenBSD with bind running chrooted and no other else there, but bind alone.

Then if this would be your case, you would create an internal bind server to place there your internal hosts in their own zone files which I did here by at the same time using our OpenBSD firewall as internal DNS at the same time and I'm blocking queries coming from the internet and only coming from within our LAN.

Just to give an idea and maybe others has something to share also.

----------
GANI

bence8810 12-08-2006 09:38 AM

Hi

Great Examples, I have already configured my DNS server, and looks to be okay.

Why you say opening port 53 is necessary, when this DNS server is only for Internal basis? I am sure you have a reason, but I dont understand it at this point.

I think in the beginning of the thread, we established that I cannot have this server as a DNS for my domains, because I only have one static IP :(

This dyndns domain is hosted on their server anyways, but I am unalbe to create a CNAME record there. Is it possible to have the CNAME record on my server, even though the DNS is hosted at dyndns.org?

The reason is that I only have mydomain.homelinux.org and I would like to have mail.mydomain.homelinux.org, and it isnt possible through dyndns.

Also, the other not too clear area is what I should do about the VPN'd domain. I need to create two records for that as well? Like one forward and one reverse lookup record? And those also have to be master records? Is there anything else besides master records, or everything is a master.

Thanks, and again, sorry for the amount of questions.

Ben

gani 12-08-2006 11:57 PM

Quote:

Why you say opening port 53 is necessary, when this DNS server is only for Internal basis? I am sure you have a reason, but I dont understand it at this point.

I think in the beginning of the thread, we established that I cannot have this server as a DNS for my domains, because I only have one static IP
I got out of my mind for a while and lose my imagination. :scratch:

Of course you won't need to open port 53 if its for internal use only.

This is showing now that dyndns is your dns host pointing your domain to your static public IP. So that when someone there outside looks for your domain, dyndns would return your static public IP. This is now clear. Then here it goes your next question:

Quote:

This dyndns domain is hosted on their server anyways, but I am unalbe to create a CNAME record there. Is it possible to have the CNAME record on my server, even though the DNS is hosted at dyndns.org?
:scratch:

:study: One option I'm seeing best possible is to register a domain and talk to your ISP to host it for you but of course with cost involved. There your ISP can create you CNAMEs and all of that pointed to your IP. But I doubt if this is really what you intended.

:twocents: Or I'm thingking of adding a sub-domain to your dyndns domain like int.mydomain.homelinux.org then create a zone file out of this that you can use only internally.

Code:


$ORIGIN int.mydomain.homelinux.org.
....
....
.......

                                    NS int_ns.
localhost.                          A  127.0.0.1

; my dyndns domain
mydomain.homelinux.org.              A  static.public.ip.add

; my internal sub-domain
int.mydomain.homelinux.org.          A  192.168.0.253

; my internal nameserver
int_ns.int.mydomain.homelinux.org.  A  192.168.0.254

; my MX host
int.mydomain.homelinux.org.          MX 10 mail.int.mydomain.homelinux.org.

; CNAME/Aliases

www                                CNAME  int.mydomain.homelinux.org.
mail                                CNAME  int.mydomain.homelinux.org.
ftp                                CNAME  int.mydomain.homelinux.org.

; the rest of my internal hosts follows below

Then just create its reverse zone file.

Your DNS server in our example (192.168.0.254) would be 'int_ns' host and in its '/etc/hosts' file it should appear as:

/etc/hosts

Code:


127.0.0.1    localhost.int.mydomain.homelinux.org  localhost
192.168.0.254 int_ns.int.mydomain.homelinux.org      int_ns

/etc/hostname

int_ns.int.mydomain.homelinux.org

One said that you shouldn't do both a caching and an authoritative nameserver at the same time but another one said that if you want to do both, you will need to list 'nameserver 127.0.0.1' first. I followed the later and I don't see problem for almost a year now in my public dns server. I don't know what others have to say about this.

/etc/resolv.conf

Code:


lookup file bind
nameserver 127.0.0.1
nameserver 192.168.0.254
search int_ns.int.mydomain.homelinux.org myOTHERns.otherdomain.com myISPns.myISPdomain.com

Your clients now can use your DNS internal IP as their primary dns.

Quote:

Also, the other not too clear area is what I should do about the VPN'd domain. I need to create two records for that as well? Like one forward and one reverse lookup record? And those also have to be master records? Is there anything else besides master records, or everything is a master.
Could you expound on this by maybe describing your actual VPN scenario? I can't figure this out to look for the an answer.

---------
GANI

billymayday 12-09-2006 12:46 AM

I hate to butt in at the end of a thread, and I haven't read all of the posts, but have you thought of using a DNS service like zoneedit.com for your nameservers? I've maintained a couple of domains on my server and simply use zoneedit as the internet facing nameservers. Never had a problem, and it's free for up to 5 or so sites.

bence8810 12-13-2006 03:18 AM

Hi

You are right, I did use Zoneedit before, and I know its good. I think your point is valid, and I need to start using it again.

So lets assume I will get started with Zoneedit, and in that case, can I uninstall DNS or I still need to keep it for internal purposes?

Is it enough if I make entries in my /etc/resolv.conf like

192.168.0.34 server.vpn-domain.company.loc

If I set the computers on my LAN to use my linux server as DNS, even if it doesnt run DNS services, will the forwarding still work, or it will fail?

I am just thinking ,if I let Zoneedit do the DNS for my domains, then I dont really need a DNS server at home, unless for internal purposes.

Thanks

Ben

billymayday 12-15-2006 06:38 PM

You can use DNS for local resolution or resolv. I use DNS and simply relay out to external nameservers for internet resolution

bence8810 12-17-2006 05:15 AM

Hi

So basically if I only have 1 server and 2 laptops at home, and I only need to get myself one domain resolved localy with only 3 entries, then Resolv.conf is enough?

From my laptops, I need to translate 3 names to IP addresses which the world doesnt know about, so building a DNS server for these 3 entries might not make sense, if resolv.conf can take care of it.

If I add the server's IP as my Primary DNS on the laptops, and this server has no DNS services just the resolv.conf edited, will that take care of the resolution for the laptops, or it will be bounced back and fored to use the 2nd-ary DNS which is set as my router and has no idea about the 3 records I need?

Thanks

Ben


All times are GMT -5. The time now is 01:30 PM.