Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi,
I'm currently interesting in setting up a name server for my first time. I have an all right understanding of DNS, but I have a few questions.This is my setup and what I have done:
I'm using an old box with windows 2000 installed, which I created my zone name (example: ns1.domainname.info). I've registered my domain name using yahoo as my DNS registration service, and have designated one of my name servers as ns1.domainname.info. Yahoo's default name servers are set as defaults (yns1.yahoo.com, yns2.yahoo.com). I removed the primary name server with my ns1.name.info.
First question:
Should I instead be creating my zone on my windows 2000 machine as the following domainname.info and then the machine name would be ns1?Second question:
When I specify a nameserver through yahoo's DNS service, is it the same as a client configuration, where the client uses the primary DNS server only, and then the secondary when the primary is down? I guess my main question is should I be removing yahoo's name servers, and just have my own?Third question:
Should I somehow be registering my nameserver with something, which is located on my firewalls DMZ.If my logic is all-wrong here, can someone list the main points in order, and I can research in more detail on what I should be doing.
Thanks for any help!
Ok. First off, why are you doing this? What functionality are you looking to get? Just provide your LAN more efficient name resolution? And/or are you trying to allow outside computers resolve names to your servers?
Please help survivors of Hurricane Katrina!
www.redcross.org
0 
heropsycho2177,
I'm doing this currently for knowledge/experience, and someday I will be pointing to my different servers. I did some more research, and figured out some of my questions.What I found is that I need to register my nameserver, and yahoo is not very friendly at doing this. For me to register my nameserver I have to email them. I couldn't find an option on doing this, and it really threw me off.
First question = Duh, this would be a sub-domain and was a not very smart question.
Second question = Still not really clear on this, and would like a little explanation. Although, I think I'll only be listing my nameservers.
Third question = Do all domain registrar's make you contact them to register a nameserver, or is it an option in your account settings?
0
I don't know what service you have with Yahoo. Is this referring to registering your domain name? Is this DDNS?
Other question of course is does your IP change? If so, do you have DDNS?
Please help survivors of Hurricane Katrina!
www.redcross.org
0
This is why I'm emailing yahoo my info
If you registered your domain name through Yahoo! and want to host your own name servers, we'll be happy to register new ones for you. You can use the new name servers as backups for your Yahoo! name servers, or replace your Yahoo! name server settings with your own. Please be aware that Yahoo!'s name servers must be listed as the primary and secondary name servers in order for Yahoo! to host your domain services properly. If you replace Yahoo!'s default name servers, Yahoo! will no longer be able to provide any services associated with your domain.
Please note: Any changes that you make to your advanced DNS settings can interrupt your service. If you are not an advanced user, we strongly recommend that you do not change these settings.
To register a new name server host name, such as ns1.yourdomain.com, please send us an email including the information listed below. We'll use this information to verify your account and create your new name servers.
0
OK. Your DNS server has a static IP. Is that within your LAN? You do have a router, right?
If so, does the IP on your router's WAN interface change? (In other words, the IP address given to you by your ISP.)
Please help survivors of Hurricane Katrina!
www.redcross.org
0
Yes I do have a router, and firewall. My dns server is in my dmz network, and it is assigned one of my private ip’s.
0
Exactly.
So, does your ISP provide static IP to you, or dynamic. If dynamic, you must get DDNS service as well.
"Milk was a bad choice!"
0
"ISP provides static, hence private IP for my DNS server."
That makes no sense.
Private IP = IP address within commonly accepted ranges by convention for use with networks not connected to the internet originally, although the inception of NAT now allows routing from them to and from the internet. 192.168.0.1 is an example of a private class C IP address.
Static IP means the address is configured manually on a node. ANY IP address, public or private, can be statically configured on a server.
Dynamic IP means your IP is obtained by a DHCP server. ANY IP address, public or private, can be obtained dynamically.
If your DNS server has a private IP, you must be using NAT to share whatever public IP addy you have. But all that is irrelevant to this question of whether your WAN IP is static or dynamic.
What router do you have? Is this a SOHO router like a Linksys, Dlink, Netgear...? Or is this a Cisco router?
"Milk was a bad choice!"
0
heropsycho2177,
My WAN IP is static.
I understand the basics, and understand most of the stuff you said, but I don’t always communicate everything correctly, sorry. (I always get private and public mixed up).More detailed information on what I have.
I have a SOHO router, which is a Sonicwall Pro 2040, and it has two options for DMZ.
The sonicwall has 3 ports, Lan, WAN, and a dedicated DMZ port, where the dmz devices are suppose to be plugged into.[Manual of sonicwall
http://www.sonicwall.com/support/pdfs/SonicWALL_SonicOS_Standard_30_AdminGuide.pdf]Currently I have it setup using the first option I listed below, but want to switch over using NAT instead.
The option I’m using is called transparent mode, where you can specify public IP addresses. The manual describes it by saying it bridges the DMZ network onto the WAN interface. I actually have to configure the nameserver with a public ip address this way, and then specify on my dmz port, which the addresses will be connected to it.
Second option is of course is using NAT
I do have a question using NAT though, and hopefully my terminology makes sense. In NAT mode it looks like I’m suppose to list a private network address and then subnet it to specify what hosts are located on the dmz. If I’m correct on this, does this mean I use a different IP range then my lan. Example: my lan is 10.1.1.0/24 does this mean for my dmz I can use something like 10.1.2.240/28?
Thanks for spending the time to figure out my situation
0
First off, if this DNS service is going to be used for both LAN and WAN clients to resolve internal and external clients, you honestly need two DNS servers for security and technical purposes, especially if you start using NAT. At the very least, you'll need two zones, and don't use the same domain name for your internal and external zones. For example, your internal LAN should be domain.local, where as your external should be domain.com or whatever. This is especially important if you get into Active Directory, as it is DNS dependent.
"If I’m correct on this, does this mean I use a different IP range then my lan."
Yes. Otherwise, neither subnet would know to send traffic to a router to get the traffic to its destination.
So back this this whole scenario. If your firewall will block traffic into the DMZ once you go to NAT, you need to open ports for DMZ related traffic. Basically, you need to give yahoo the public IP address your DNS server will be answering to.
"Milk was a bad choice!"
0
Alright thanks! I hope to have things running in the next few days. I'll keep my progress posted. Quick question, about how many days does it take for other DNS servers to update on my changes? Or is it immediate?
0
"Quick question, about how many days does it take for other DNS servers to update on my changes? Or is it immediate?"
Hosting companies say up to 3 days. Expect most people to resolve your domain within 24 hours.
"Milk was a bad choice!"
0
DMZ is setup, and will be setting up DNS soon.
Another quick one:
Do you see a problem with a DNS server, and a mail server being on the same machine? I believe with my yahoo service I can leave one of their DNS servers as a secondary. If I leave the correct MX records in yahoo, will mail still be directed to the correct address if my DNS service fails (Counting on the server not being crashed)?
Also, I see BIND is a more popular DNS solution, then using window's DNS. Should I read up on BIND, or is win2k DNS sufficient enough?
Thanks again for your help!
0
"Do you see a problem with a DNS server, and a mail server being on the same machine?"
If it's a mail server storing mail, absolutely. You don't want DNS traffic flowing to and from your mail server for security reasons.
"I believe with my yahoo service I can leave one of their DNS servers as a secondary."
Good idea. Is this a standard secondary in DNS terms? If so, Yahoo's DNS server will host a read only copy of your zone. That will help tremendously for performance, too.
"If I leave the correct MX records in yahoo, will mail still be directed to the correct address if my DNS service fails (Counting on the server not being crashed)?"
If we're talking standard primary/secondary DNS architecture, then yes, and you control the MX record on your DNS server. Yahoo simply houses a copy of your zone info, with your DNS server being the master copy.
"Also, I see BIND is a more popular DNS solution, then using window's DNS. Should I read up on BIND, or is win2k DNS sufficient enough?"
BIND is DNS on unix/linux basically. People often use BIND since the underlying OS can be free (most linux distros for example), and can run on older hardware. Windows DNS is fine, especially if you are familiar with how to navigate the management interface for it.
As with any server in a DMZ, make sure you lock it down tight. This is particularly important with Windows. Microsoft has security guides for both W2K and W2K3 freely available with prebuilt templates, packet filtering scripts, etc. with descriptions and recommendations for various types of servers. Check them out! Make sure you do the other standard Windows chores like patching to current, run MBSA on the server, etc.
Please help survivors of Hurricane Katrina!
www.redcross.org
0
"Also, I see BIND is a more popular DNS solution, then using window's DNS. Should I read up on BIND, or is win2k DNS sufficient enough?"
There are a number of reasons why this is so. Firstly, historical: most of the organizations using Unix for DNS were doing it before Windows became a realistic option. Secondly, lower cost, as heropsycho2177 said. Thirdly, lower cost of fault tolerance: there's a good argument for putting DNS on a separate computer even in a small network. Windows Active Directory absolutely depends on DNS. It's good to have secondary DNS server/s. Setting up that other machine on Linux or FreeBSD for example is a lot cheaper than buying another Windows license. Fourthly: DNS admin can be accomplished quicker by a skilled Unix/BIND tech.
Is W2k DNS sufficient? Definitely. The main thing to recognize is that you can use just Windows, or just *nix, or a combination for your DNS.
"If we don't succeed, we run the risk of failure." - BILL CLINTON
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
