Setup a DNS server

[Kevin Darcy]

Do you want to host this domain internally, or externally, or both?

If you want to use it only internally, then you could just define your Linux
box as master for the domain, populate it, and point all of your clients to it.
Then, if those clients also need to be able to resolve Internet names, set up
your Linux box either a) as a caching server with an Internet "hints" file
(this requires full Internet connectivity to work)or b) to forward to your
ISP's nameserver. The decision of which configuration to use depends on whether
you have full Internet connectivity or not, and, if you do, which configuration
performs better. Note that if you want your internal clients to be able to see
all of the external names in your domain, you'll have to add those names to
your version of the domain even if they already exist in your ISP's version of
the same domain, i.e. duplicate the information -- even when configured to
forward, named currently has no way to "fail over" to another nameserver if it
can't find a name in a zone for which it is master or slave.

If you just want to take over maintenance of your external domain from your
ISP, then you would need to get a copy of the zonefile from your ISP, then set
it up on your Linux box as master. If you are able and willing for other
nameservers to query your nameserver about the domain, then you would also need
to change the domain delegations (through a domain registrar) and the
NS records in the zonefile to include your nameserver. Your ISP may be willing
to handle the communications with the domain registrar. Also, you need at least
2 nameservers serving your domain -- you should probably ask your ISP to revert
from being the master of the domain to being a slave to your box. Or get
someone else to be a slave. Note that it is possible to set things up in such a
way that your machine is master for the domain, but not known to the Internet
as a nameserver for the domain (this is sometimes called a "hidden
master" configuration). In this way, you can have control of the domain
contents without having to deal with the query traffic. All of the slaves
(you'd need at least 2 slaves in this configuration) would handle the query
traffic instead, and all your machine would do is replicate the zone to the
slaves whenever it changes.

If you want to host the domain both internally *and* externally, then there is
an important decision you have to make: do you want the same domain contents to
be visible internally and externally? If so, then you can just follow all of
the steps in the two preceding paragraphs (except for the part about having to
duplicate names). If, on the other hand, you want to "hide" some of your domain
information from external clients, which is a very common practice because of
security reasons, then you need to either a) put all of those internal names
into subzones, e.g. host.internal1.example.com, which you can protect from
external queries with ACLs, or b) implement "split DNS", or c) some combination
of the two. This message is already too long, so I won't go into split DNS
here. Look in the archives of this newsgroup/mailing-list.

You should also get a copy of the _DNS_and_BIND_ book (from O'Reilly) if you
want to do anything serious with DNS.


- Kevin

root wrote:

> Hello everyone,
>
> I would like to setup a DNS server for my small company.
> My mail & Web server are hosted by my ISP. I have a ISDN link with my ISP.
>
> I use this IP address class 192.168.1.x and the ISP's DNS 194.2.0.20
> My router has 192.168.1.1
> My Linux server has 192.168.1.2
> My stations are configured to use 194.2.0.20 for DNS and 192.168.1.1 for the
> gateway.
>
> How can i configure my Linux server to become a DNS server for my
> workstations (Win and Linux). ?
> Can i use the same domain name manged by my ISP "company.com". ?
> What kind of DNS server could i setup secondary or primary ?
> If i use the same domain name that my ISP, could i get a conflict ?
> How can i forward the the official address to my ISP DNS server ?
>
> Thank a lot for your help.
> MDR