• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

DNS configurations in linux: right/wrong?

hi all experts,

I have a linux server running behind a router (port 53 enabled, public IP 209.172.108.9) whose local ip is 192.168.1.2. I'd like to have this server to be a dns server to response internet requests to other web/mail servers on a different network.

1. i register 2 nameservers point toward that IP 209.172.108.9
2. my /etc/resolv.conf consisted of
nameserver 192.168.1.2
nameserver 209.81.59.3
nameserver 209.81.9.152 (these 2 are 2 dns resolvers from the ISP)

are those correct?

thanks so much
0
valleytech
Asked:
valleytech
  • 5
  • 4
  • 2
2 Solutions
 
msklizmantasCommented:
hi,

mostly correct, but one nameserver should be separate machine, just in case your server dies.

regards,

m
0
 
valleytechAuthor Commented:
thanks! another part that i'm confusing is that...when i registered namservers, i have to set its IP to be 209.172.108.9 correct? if so, then why the /etc/resolv.conf set nameserver to be 192.168.1.2
0
 
msklizmantasCommented:
because internally (from inside network) you can connect to server using this ip: 192.168.1.2 and it is no point of connecting to it via external (which sometimes even doesn't work, depending on the router).
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
valleytechAuthor Commented:
thanks!
if so, then I only need to activate my named.conf and point other domains to the 2 nameservers  I set. they should work?
Do i have to assign any IPs or set up A records for 2 nameservers within my dns?

0
 
msklizmantasCommented:
yup,

you need two named servers on different machine. and you need to setup your dns zone on both of them. of course, it is possible to run only one named server, just have two names for it (ie n1.domain.com, n2.domain.com).

more information could be found here:

http://www.redhat.com/magazine/026dec06/features/dns/
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch18_:_Configuring_DNS

regards,

m
0
 
valleytechAuthor Commented:
thanks again!
do u mind for another dumb question?
can one public IP have 2 namservers registered on it?
0
 
Gabriel OrozcoSolution ArchitectCommented:
Hi valleytech

I do not think you really understand how this works:

Lets say we are onon of those web/mail server machines and the domain you are authority for is a .com one:
for every dns query, it will ask its default dns (knows it because of its own /etc/resolv.conf)
if its dns does not have the domain in its cache, it will begin a thread:
1) ask to the root dns servers for the .com resolver
2) ask to one of the .com master servers it got from the previous step, WHO is the authority for this particular .com domain. it gets the ip address of your dns server
3) ask your dns server for the record being looked. if it is who is the mail server for this domain, it will ask for the MX record. if it wants the ip address of the web server, it will ask for the A record. etc.

so:
* your dns server does not need to be referenced at all on these web/mail servers.
* usually you never allow externals to ask you for any other domain than the ones you are authority for, since everyone will then try to use your server as a public dns and will consume your bandwidth. you only allow requests for those domains you added on your dns server and nothing more
* on your own dns server you can still use your isp's dns resolvers or you can create a more complex setup to be your own dns server (resolving even external domain names, but only to a defined range of ip addresses: yours)

this said, what I recommend is this:
on that dns server your
/etc/resolv.conf:
nameserver 209.81.59.3
nameserver 209.81.9.152

/etc/named.conf  (let's say your default directory is /var/named as mine)
acl internals { 192.168.0.0/24; 127.0.0.1; };
acl externals { any; };

options {
        directory "/var/named";
        pid-file "named.pid";
        allow-recursion { internals; };
        version "trulinux.com dns Server"; // Hide bind version
};
zone "domain1.com" {
        type master;
        file "domain1.com";
};
zone "domain2.com" {
        type master;
        file "domain2.com";
};

and on /var/named directory, you need the two domain files:

/var/named/domain1.com: (assuming domain1 has web and mail servers on the same box, x.y.z.w, and pointing WWW to the sape IP as the one of the box):
$ORIGIN .
$TTL 259200     ; 3 days
domain1.com       IN SOA  domain1.com. root.domain1.com. (
                                2009092901 ; serial
                                600        ; refresh (10 minutes)
                                7200       ; retry (2 hours)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
                                )
                        NS      ns.domain1.com.
                        MX      10 mail
                        A       x.y.z.w
$ORIGIN domain1.com.
ns                     A       209.172.108.9
www               CNAME @
mail                   A       x.y.z.w


the other (domain2) is similar.

once you have that, anyone on the internet will know where your servers are if they ask to your name server.

hope that helps
Gabriel
0
 
valleytechAuthor Commented:
thanks somuch for your clear explanation. I was able to understand more about DNS functionality
below is my zone file for domain.com with name nameservers at dns1.mynameserver.net (209.172.108.9) and dns2.mynameserver.net (209.172.108.10)  
web/mail server is located at x.y.z.w

does it look allright? sofar it is working fine. just to make sure ;) .thanks.11

; Zone file for domain.com
$TTL 14400
@      86400    IN      SOA     dns1.mynameserver.net. email@yahoo.com. ( 2007071109      ; serial, todays date+todays
                86400           ; refresh, seconds
                7200            ; retry, seconds
                3600000         ; expire, seconds
                86400 )         ; minimum, seconds

domain.com. 86400 IN NS dns1.mynameserver.net.
domain.com. 86400 IN NS dns2.mynameserver.net.

domain.com.       IN A 209.172.108.9
domain.com.       IN MX 25 domain.com.

mail IN CNAME domain.com.
www IN CNAME domain.com.
ftp IN A x.y.z.w
0
 
msklizmantasCommented:
hi,

yes it looks fine.

m
0
 
Gabriel OrozcoSolution ArchitectCommented:
just a note:

you are to replace the part "serial, todays date+todays" with the actual value
also when you write
domain.com.       IN MX 25 domain.com.

the 25 is the PRIORITY of the email server. that is usually 10, 20 , 30 etc. so when the first priority email server is down, email can go to the secondary priority server. in your case you have only one email server and is USUAL to have it with priority 10 (although not needed, and your setup is fine). when I saw "25" I wanted to make clear is not the PORT where you expect email, but the priority.

other than that... your setup looks good
0
 
valleytechAuthor Commented:
thanks !!!
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now