Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have high hopes that one day I may master linux However, I am not yet even a beginner. Having said that, I hope you wont beat me up too much for asking a stupid question.
I have used a WebHosting service for 3-4 years now, and I am thinking on moving all to my local server. These sites are not very important, non commercial sites, even if they are down for a week, it wont matter.
I have a single server, and I want to set up DNS. I know for DNS, I need two servers at least, but I only have one. Can this still be done? Like ns1.domain.com and ns2.domain.com are both pointing to the same Server, same IP?
Now the thing I cannot figure out, and I am sure is very simple.
I have two domains. A.LNX and B.LNX for example. I want to host my own DNS for both. Is it possible? I am with Godaddy, and when I go there to change my DNS servers, what do I put? Now both A.LNX and B.LNX are pointed to my webhost. I would like to make A.LNX my DNS domain, such as ns1.a.lnx. Now, if I go to my Registrar to change A.LNX's DNS servers, can I set it to ns1.a.lnx already? I think it would not resolve, right? I mean it sounds silly that its being pointed at itself..... Please clear this up, I am lost....
I guess once I have the first domain set, I can point the second domain to the first for DNS.
Thanks for any help, and sorry for the ambiguous message, at least it is for me.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
When you specify DNS servers with your registrar, if they aren't "well-known" DNS servers you need to give their IP addresses. The last time I was setting this up it required two DNS servers that resolve to different IPs. I don't know if GoDaddy requires that (I already had two when I switched to GoDaddy). If you can get two static IP addresses, you can just use port forwarding to send both of the IPs to the same server. Regardless, you need two DNS servers at minimum with your registrar and you need to setup with your registrar what their IPs are (staticly defined hosts).
You can use the same DNS servers for more than one domain. That is not a problem.
We're just running one DNS server. Although in our registrar, we pointed our NS servers to two different IP just to fake our registrar that we have two but in reality, only one is currently existing. This is possible if you have more than one public IP address.
Here is our setup:
5 IP addresses
IP1 = ourdomain.com
IP2 = used by the gateway of a separate LAN
IP3 = reserved for other purposes
IP4 = ns1.ourdomain.com
IP5 = ns2.ourdomain.com # non-existent host
So basically speaking, without having 2 Static IP's, I cannot really do anything, right? I have only 1 Static, and a friend of mine has a Dynamic with a DDNS domain name attached to it, but I guess that is for no use since the Static IP is needed.
In these respects, I can forget having my own DNS hosted. However, I would still like to have a DNS server for internal purposes, so in case I want to make a specific DNS entry, I could.
Would BIND9 be still useful for me in this case?
I am on a VPN most times when I am at home, and there are names I need to resolve, and the only way would be with a sustom DNS server, where I can specify.
server.fakevpndomain.loc should point to 10.10.10.10 for example.
If you are mentioning of an internet site that can't be resolved, it's no longer your responsibility but of your ISP. You need to talk to them why there is certain site in the internet that your DNS can't resolve for me.
If you are planning to create a local/internal only domain so that you can access your local hosts/computers using names and not IP, you can build your own local DNS and as well use that as your local caching server.
BIND as what I feel, is still the widely used DNS server and for startups I can recommend this tutorial that I myself started from:
I actually mean, that from home I connect to a corporate Lan, which has its own internal domain, and unless I have one of their DNS servers among my DNS's, then I wont be able to use outlook, etc. It doesnt work on purely IP bases.
What I think of doing is to have my Linux server as my primary DNS server, and it would work as a forwarder except for the VPN fake domain. Lets says its
company.global.loc
Now I need somethimes to access outlook through
exchange.company.global.loc and its obviously not resolvable from the outside, just with the company's DNS servers, which are also only reachable in the VPN area, so if I am not connected to VPN, but have the company's DNS as my DNS server, I cannot do anything on the internet as the DNS is not reachable. Until 2nd-ary DNS kicks in, I am out of luck. This is about a 10-20 sec latency, quite annoying.
Try to use your Linux server as a local DNS caching server and use that as your DNS, i.e., its IP. But that (your server) should be able to connect to the internet.
Just follow the link I gave earlier, it has the instructions on how to do this. Actually this is just some few steps and just two lines in /etc/resolv.conf
lookup file bind
nameserver 127.0.0.1
If your desktop is Linux (that I thought not since your are mentioning about outlook), install there a caching nameserver and you will become mobile that won't need updating your nameservers entries in resolv.conf everytime you transferred to another place and network.
Great idea, I read through the article, and set my BIND9 up accordingly. It even works, but still, I have one question left.
I have a domain at dyndns.org, and it is (only example of course)
mydomain.homelinux.org
Should I name my computer that, or
mycomputer.mydomain.homelinux.org ?
Also, if I have my server's name is this, I should make this for the DNS name in the config, right? I mean like in /etc/resolv.conf after the "search" I should add that right?
Now, for the
company.global.loc I would create a new zone, correct? So I would end up having two zones in my DNS? One for my internal domain name, and one for the company VPN domain.
So basically my only zone is this now:
$TTL 3D
@ IN SOA mydomain.homelinux.org. myemail.mydomain.homelinux.org. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS mydomain.homelinux.org.
1 PTR localhost.
But I would create another file like this corresponding to the VPN domain. Is it correct? Also also an entry to named.conf?
Sorry for the flood oq questions, I am still trying to fogure out what DNS is all about. The article you sent was very helpful understanding basically how it works though.
>> I have a domain at dyndns.org, and it is (only example of course)
>> mydomain.homelinux.org
>> Should I name my computer that, or
>> mycomputer.mydomain.homelinux.org ?
Your domain will be - mydomain.homelinux.org and therefore any host you want part of that domain will become anyhostname.mydomain.homelinux.org or for your computer as you already said.
As an example guide:
Zone file name: relevant-dir/mydomain.homelinux.org
Forward resolution
Code:
$ORIGIN mydomain.homelinux.org.
$TTL 3D
@ IN SOA mydomain.homelinux.org. myemail.mydomain.homelinux.org. (
200612081 ; YYYYMMDD# Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ) ; Minimum TTL
NS ns1.mydomain.homelinux.org.
mydomain.homelinux.org. A static.public.ip.addr1
ns1.mydomain.homelinux.org. A static.public.ip.addr2
localhost A 127.0.0.1
mydomain.homelinux.org. MX 10 mail.mydomain.homelinux.org.
; CNAMES
www CNAME mydomain.homelinux.org.
mail CNAME mydomain.homelinux.org.
Reverse resolution:
Zone file name: relevant-dir/mydomain.homelinux.org-rev
Code:
$ORIGIN oct3.oct2.oct1.in-addr.arpa.
$TTL 3D
@ IN SOA mydomain.homelinux.org. myemail.mydomain.homelinux.org. (
200612081 ; YYYYMMDD# Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ) ; Minimum TTL
NS ns1.mydomain.homelinux.org.
oct4-1 PTR mydomain.homelinux.org.
oct4-2 PTR ns1.
oct# = octet# as in 1.2.3.4 where 1 = oct1 and so forth.
So it is really necessary that you should be assigned with continous IPs in a block which is really the case when you will acquire a multi-IP account from an ISP.
named.conf just showing the revevant portion:
Code:
// Master zones
//
//zone "myzone.net" {
// type master;
// file "master/myzone.net";
//};
zone "mydomain.homelinux.org" {
type master;
file "relevant-dir/mydomain.homelinux.org";
};
zone "oct3.oct2.oct1.in-addr.arpa" {
type master;
file "relevant-dir/mydomain.homelinux.org-rev";
Then as I understand this, you should create a separate zone files both for forward and reverse resolution for your internal hosts within your LAN and put them on your named.conf file. Also, if your DNS server is behind a firewall, it should port forward tcp/udp port 53 to that box. And as a security measure since bind has history on this, it is not advisable to maybe join this within your LAN but on a separate DMZ or directly/separately connect it to the public as I've done here in OpenBSD with bind running chrooted and no other else there, but bind alone.
Then if this would be your case, you would create an internal bind server to place there your internal hosts in their own zone files which I did here by at the same time using our OpenBSD firewall as internal DNS at the same time and I'm blocking queries coming from the internet and only coming from within our LAN.
Just to give an idea and maybe others has something to share also.
Great Examples, I have already configured my DNS server, and looks to be okay.
Why you say opening port 53 is necessary, when this DNS server is only for Internal basis? I am sure you have a reason, but I dont understand it at this point.
I think in the beginning of the thread, we established that I cannot have this server as a DNS for my domains, because I only have one static IP
This dyndns domain is hosted on their server anyways, but I am unalbe to create a CNAME record there. Is it possible to have the CNAME record on my server, even though the DNS is hosted at dyndns.org?
The reason is that I only have mydomain.homelinux.org and I would like to have mail.mydomain.homelinux.org, and it isnt possible through dyndns.
Also, the other not too clear area is what I should do about the VPN'd domain. I need to create two records for that as well? Like one forward and one reverse lookup record? And those also have to be master records? Is there anything else besides master records, or everything is a master.
Thanks, and again, sorry for the amount of questions.
Why you say opening port 53 is necessary, when this DNS server is only for Internal basis? I am sure you have a reason, but I dont understand it at this point.
I think in the beginning of the thread, we established that I cannot have this server as a DNS for my domains, because I only have one static IP
I got out of my mind for a while and lose my imagination.
Of course you won't need to open port 53 if its for internal use only.
This is showing now that dyndns is your dns host pointing your domain to your static public IP. So that when someone there outside looks for your domain, dyndns would return your static public IP. This is now clear. Then here it goes your next question:
Quote:
This dyndns domain is hosted on their server anyways, but I am unalbe to create a CNAME record there. Is it possible to have the CNAME record on my server, even though the DNS is hosted at dyndns.org?
One option I'm seeing best possible is to register a domain and talk to your ISP to host it for you but of course with cost involved. There your ISP can create you CNAMEs and all of that pointed to your IP. But I doubt if this is really what you intended.
Or I'm thingking of adding a sub-domain to your dyndns domain like int.mydomain.homelinux.org then create a zone file out of this that you can use only internally.
Code:
$ORIGIN int.mydomain.homelinux.org.
....
....
.......
NS int_ns.
localhost. A 127.0.0.1
; my dyndns domain
mydomain.homelinux.org. A static.public.ip.add
; my internal sub-domain
int.mydomain.homelinux.org. A 192.168.0.253
; my internal nameserver
int_ns.int.mydomain.homelinux.org. A 192.168.0.254
; my MX host
int.mydomain.homelinux.org. MX 10 mail.int.mydomain.homelinux.org.
; CNAME/Aliases
www CNAME int.mydomain.homelinux.org.
mail CNAME int.mydomain.homelinux.org.
ftp CNAME int.mydomain.homelinux.org.
; the rest of my internal hosts follows below
Then just create its reverse zone file.
Your DNS server in our example (192.168.0.254) would be 'int_ns' host and in its '/etc/hosts' file it should appear as:
One said that you shouldn't do both a caching and an authoritative nameserver at the same time but another one said that if you want to do both, you will need to list 'nameserver 127.0.0.1' first. I followed the later and I don't see problem for almost a year now in my public dns server. I don't know what others have to say about this.
Your clients now can use your DNS internal IP as their primary dns.
Quote:
Also, the other not too clear area is what I should do about the VPN'd domain. I need to create two records for that as well? Like one forward and one reverse lookup record? And those also have to be master records? Is there anything else besides master records, or everything is a master.
Could you expound on this by maybe describing your actual VPN scenario? I can't figure this out to look for the an answer.
I hate to butt in at the end of a thread, and I haven't read all of the posts, but have you thought of using a DNS service like zoneedit.com for your nameservers? I've maintained a couple of domains on my server and simply use zoneedit as the internet facing nameservers. Never had a problem, and it's free for up to 5 or so sites.
So basically if I only have 1 server and 2 laptops at home, and I only need to get myself one domain resolved localy with only 3 entries, then Resolv.conf is enough?
From my laptops, I need to translate 3 names to IP addresses which the world doesnt know about, so building a DNS server for these 3 entries might not make sense, if resolv.conf can take care of it.
If I add the server's IP as my Primary DNS on the laptops, and this server has no DNS services just the resolv.conf edited, will that take care of the resolution for the laptops, or it will be bounced back and fored to use the 2nd-ary DNS which is set as my router and has no idea about the 3 records I need?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.