I use a Caching DNS server at my office and wanted to host my website on my own webserver instead of using a hosting company. My question is what to I have to due to get that going. From what I understand I have to tell the company where I have my domain parked to redirect there all DNS traffic to my DNS server? Also what do I have to do to my caching DNS server(bind) to get this to work. help!

At your domain registrar company control panel point your domain name to your server at home. You can take a look here: http://www.webhostingtalk.com/showthread.php?t=558645

good luck!

Is there any adjustments that I need to make on my caching DNS server to accomidate outside DNS requests other then to allow traffic to port 53?

You can not use a "caching DNS" to service your own zone. You need to create a DNS server that acts as the start of authority for your zone. If you are using Bind, create 2 views, an internal view to service your internal clients, and an external view to service any requests from the internet. You will need at least 2 public IP addresses for a master and a slave DNS server, and it would be preferable if they were located in different locations. You also need to make sure that your ISP will work with you on reverse DNS or if they won't, will they at least delegate to you your slice of the IP space. But I really have a suggestion for you. Instead of putting a DNS server out on the internet for it to get raped by people that are more knowledgeable or be cause of DNS pollution to the root servers, why don't you use a service that has DNS built in? Try the Canadian outfit, Easy DNS. It cost $20 USD a year, but you will not have to worry about attacks to your server. You can then concentrate on learning about zone creation, maintenance, and security. Once you have become comfortable with that then you can move onto learning BIND by installing you own on your net. If you try to do your own DNS server and learn BIND at the same time, and the in's and out's of dealing with your DNS ISP it can be a daunting experience. Try baby steps first.

much love,

The Dude.

here is another stupid question, how will using an external DNS hosting company forward traffic to my own web server hosting. Also Can I have a DNS server along with APACHE on the same server and only have port 53 and 80 open to the public. I really want to learn using BIND and APACHE for the future. If I stick my webserver/DNS on my DMZ and use decent IPTABLES rules set will that suffice as the basics for security? So essentially I will have an external DNS in my DMZ for web requests and have my internal DNS for internal request(Caching Server)! What do you think? I was planning on using VHOSTS in APACHE for a couple of websites so I will not need several IP's for each site.

It won't "forward" any traffic at all, it will merily tell all DNS clients what IP your www.mydomain.com is located at.

You sure can. Just make sure that you are not running either service as root.


Not really. I would set up the webserver and DNS internally only. Study up on both BIND and Apache httpd. Make sure that it is not externally accessible so that your network can not be abused. Both of the services that you are interested in are very easy to mis-configure and very easy to abuse, hence play with it internally. When you think you got it down, go external.

It is do-able, but for your virtual hosts, are they all going to need SSL access? If none of them do, then, yeah, you can get away with only having only having one IP address.

What are the problem areas to look for? I've been contemplating locally hosting my site for a while. I've used Apache2 before, but i've never had to worry about security issues with it. The linux box will be behind a firewall that only forwards port 80 to the httpd server.

Sorry, I did not respond quicker, I have been under quite a hectic work load.

If you are going to run any type of scripts, any Java, or database, then you will really need to make yourself knowledgeable on the security issues. On a normal HTML only site, I think the big worry would have been O/S security and Apache security. Locking the O/S and Apache down so there were no leaks of sensitive info (ie stuff like your /etc/passwd or /etc/shadow files being parsed, or .htaccess, etc.). If you are going to be hosting your own website on your own server, then you need to pay careful attention to file permissions and ownership, vulnerability alerts and their patches from the distributors, . You should also try to toughen the O/S and the TCP/IP stack. Most Linux distributions are suspectable to fork bombs and other attacks that use the system's resources up.

If you are going to be running any type of CGI script (stuff written in PHP, Perl, Python, etc.), Java, or database, then pay close attend to your config and code so that you do not open yourself up for cross site scripting or SQL injection in addition to the already mentioned stuff. I suggest that you go to sans.org and spend some time in the reading room. Also visit owasp.org and nist.gov and read the stuff there. Get the Ivan Ristic's book, Apache Security, and Ryan Barnett's book, Preventing Web Attacks with Apache and read them. Test your site/machine Nessus and with CIS bench mark tools. These sites and tools will really open your eyes up to how your computer can be pwned. Keep in mind that the Apache team is far more knowledgeable about their stuff than I or any of the other people here are, however, they managed to get themselves hacked back in 2000. The cause was careless configuration. Good luck with your site.

Thanks for the response. I will look into that. I'll probably be using php/MySQL and some python(zope/plone).

cheers.