LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-04-2004, 04:09 PM   #1
lil_drummaboy
Member
 
Registered: May 2003
Location: Victoria, CANADA!
Distribution: OpenBSD, Slackware, Debian
Posts: 85

Rep: Reputation: 15
DNS Aliasing Question


Hey,

I have a server farm running OpenBSD 3.5 except for the webserver which is on Slackware 9.1 . My network structure is as follows: my internet comes into my dedicated router's IN NIC (OpenBSD 3.5 machine) then out through the OUT NIC to a switch that connects all my servers (web, mail, sql, security). My question regards DNS. I am a huge newb when it comes to DNS. I am wondering if it is possible to have a internal server (under the router in the diagram) to do dns aliasing (eg. files.mydomain.com, members.mydomain.com, etc.) Can my router point all DNS requests to a dedicated DNS server under it to deal with all requests that have a subdomain and direct it to it's appropriate server? I would have say, members, files and www.mydomain.com on my webserver and mail.mydomain.com to my mail server etc. So can my router redirect these request to an internal server or does all DNS have to take place on my router? Also which server would work best for this task, BIND or NAMED?

Any help would be great.

Last edited by lil_drummaboy; 06-04-2004 at 04:12 PM.
 
Old 06-04-2004, 04:45 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 75
BIND provides named. BIND stands for Berkeley Internet Name Daemon. Another option would be DJB DNS, aka TinyDNS.

You seem very confused about how DNS works, so perhaps reading a DNS tutorial would be in order. Your router doesn't "handle" DNS requests, it routes packets. Only a DNS server handles DNS requests, but that DNS server can be anywhere. In your domain registration record at your registrar (Verisign/Network Solutions, GoDaddy, Tucows, etc) you designate in your WHOIS contact information what DNS servers should be used to locate your domain. Those DNS servers could be operated by some 3rd party, by the registrar itself, by you, etc... You could run a DNS server on any machine, but the only way to get requests to it is to have it listed in your WHOIS information, and allow the DNS network traffic through your firewall.

DNS requests are issued from source port of either 53 (UDP or TCP, depending on the situation) or a UDP|TCP port above 1023. DNS requests always have a destination port of 53, and normally they use UDP as a transport, but if the answer is very large it will exceed the size of a UDP datagram and will fall back to using TCP instead. This is why you should always allow both UDP and TCP requests to your DNS server.

Some people will tell you that TCP is only used for zone transfer (and that you should block zone transfers by not allowing TCP requests), but this is incorrect. It's true that zone transfers always use TCP, but it's not true that the only zone transfers use TCP. Reread that as many times as necessary until you understand it. As I said above, a DNS response that is too large for UDP will be sent with TCP instead.

Last edited by chort; 06-17-2004 at 02:45 AM.
 
Old 06-08-2004, 01:59 AM   #3
lil_drummaboy
Member
 
Registered: May 2003
Location: Victoria, CANADA!
Distribution: OpenBSD, Slackware, Debian
Posts: 85

Original Poster
Rep: Reputation: 15
I have a wildcarding DNS that has no WHOIS option or whatnot; it sends whatever.mydomain.com to my IP regardless of what the subdomain is. If I get my router to let DNS through to a DNS server, then can the DNS server redirect my packets to the appropriate servers?

If what i just said makes no sence, I swear i give up on DNS. Thanks for your help again Chort, you always seem to have the answer to my problems, lol.

Last edited by lil_drummaboy; 06-08-2004 at 02:01 AM.
 
Old 06-08-2004, 02:30 AM   #4
Pete M
Member
 
Registered: Aug 2003
Location: UK
Distribution: Redhat 9 FC 3 SUSE 9.2 SUSE 9.3 Gentoo 2005.0 Debian Sid
Posts: 657

Rep: Reputation: 32
lil_drummaboy

You could use a local DNS server to resolve the names, members, files and www, to their associated IP's, is that what you are asking ? please don't take my advise as gospel but I have Bind running locally resolving all the machine names on my Lan plus mail.mydomain, www,mydomain, pop3.mydomain, smtp.mydomain, my understanding of it is, and I'm still very new at this, is that now when I enter pop3.mydomain in my email client it knows via DNS which machine to go to via it's IP, previously before I set up Bind I could only use IP addresses

Hope all this makes sense and perhaps someone else a lot more knowledgable than myself can elaborate on this

Pete

Last edited by Pete M; 06-08-2004 at 02:31 AM.
 
Old 06-17-2004, 01:39 AM   #5
lil_drummaboy
Member
 
Registered: May 2003
Location: Victoria, CANADA!
Distribution: OpenBSD, Slackware, Debian
Posts: 85

Original Poster
Rep: Reputation: 15
So i should let port 53 (UDP + TCP) through my firewall to a DNS server and it should work? I have a wildcarding DNS from DynDns.org that sends all request to my domain to my ip (regardless of the subdomain, everything to that address goes to my ip), Will it work?
 
Old 06-17-2004, 02:54 AM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 75
No, you're still confused. DynDNS.org is handling your DNS. When someone does a query for your domain (or any subdomain) that query will go to the DNS servers at DynDNS.org and their DNS servers will return back the IP of your server. Then the client will use your IP to connect to your site on whatever port they were trying to access (port 80 for HTTP, for example).

No DNS traffic makes it to your site at all, period. That's handled by DynDNS.org before anything gets sent to you. That is how clients know to send requests to your IP instead of some other random IP.

It sounds like what you're really asking for is virtual host names, i.e. for you to be able to host multiple sites on the same IP. You can do that with HTTP, most SMTP servers, some POP3 servers, etc... That is totally dependent on how the server software is setup for each protocol and has nothing to do with DNS. Go to Apache.org and view their documentation on the httpd project. There is a whole section on various kinds of virtual hosting. You want name based virtual hosting (since it will all use a single IP). If you want to do virtual hosts for other protocols, then you must look in the documentation for your server software (for instance, Postfix can do this for SMTP).

If you want different service requests (from outside) to be directed to different internal machines (based on what service is being requested) you can do that with firewall (netfilter/iptables) rules to redirect incoming traffic. If you want traffic to go to different internal machines to handle requests to the same service (i.e. multiple boxes running httpd) then you'll need to use a proxy server to redirect the requests from your main IP, based on what hostname is being requested (Apache should be able to do that for HTTP with mod_proxy).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ip aliasing and traffic shaping question emphaze Linux - Networking 2 03-11-2004 05:03 AM
DNS Question? rufius Linux - Networking 1 09-28-2003 05:28 PM
DNS question jolu2000 Linux - Networking 3 06-04-2003 10:26 AM
dns question -- new to dns gadhiraju Linux - Networking 7 05-09-2001 05:59 PM
dns question -- new to dns gadhiraju Linux - General 2 05-09-2001 07:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration