DNS setup question
Kevin Darcy
kcd at daimlerchrysler.com
Tue Aug 27 22:33:32 UTC 2002
BigB wrote:
> Hello All,
>
> I recently purchased a domain name and only have web forwarding
> available (www, pt 80). I want to be able to run a (small) newsgroups
> for family and https, and FTP services. I contacted whom I purchased the
> domain from and was advised I need to run 2 (1 primary and 1 secondary)
> DNS servers. I can then use those servers to resolve the correct
> computers names locally with respective services to have full control
> over the services I run. I plan to upgrade to 2 static ip's (0ne for
> each DNS server)
>
> No problem, I have the physical resources, but I need to know how to
> configure it. I have some experience with Red Hat and plan to impliment
> the BIND daemon available with it. But I have never set up DNS before.
>
> For physical connections, I am thinking 2 NICS in each DNS server...
>
> Linksys router
> (192.168.1.1)
> / \
> DNS 1 DNS 2
> (external IP 1) (external IP 2)
> \ /
> Linksys switch
> / \
> FTP HTTP
> (192.168.1.2) (192.168.1.3)
> I am not sure if the DNS will "route".
>
DNS and routing are separate functions. You could set up the DNS boxes in
this diagram to do packet forwarding, but this function would be logically
independent of the DNS function. I'm not sure exactly what the point would
be of using these boxes as routers: it doesn't seem to buy you any
functionality and would be more complicated and expensive (because you'd
need more NICs).
> the other physical layout.....
>
> ROUTER
> |
> ------------------------------------------
> | | | |
>
> DNS 1 DNS2 FTP HTTP
>
> IN this case, only 1 NIC is in each box, I assume I will have to route
> the external IP's to the 2 DNS servers with the zones listed. The
> rest...I assume it then gets routed to the appropriate box.
>
> several questions:
> 1- DNS typically listens to port 53, I assume this is open to external
> communication (it would have to resolve computer names).
The Linksys already enables DNS by default outbound. You'd have to set up
port forwarding for inbound.
> 2- does a DNS server act as a "router" to the integral computers?
Logically no, but the same box can be a DNS server and also forward
packets, i.e. be a "router". See above.
> 3- (stupid question) how do I set the Linksys to "split" ip's
I don't think you can. See below.
> 4-can a DNS router run on the same box providing http and FTP services?
Yes, but be aware that caching nameservers tend to be memory-intensive.
Having said all of this, let me point out that the reason for requiring 2
nameservers is for redundancy, and if you put both nameservers behind the
same router, or even behind the same non-redundant cable/DSL/whatever
connection, you pretty much defeat the purpose. As a Linksys owner myself,
I doubt that you can configure it to serve multiple WAN IP addresses anyway
-- the best you could hope for is to put one of the DNS servers in parallel
with the Linksys (assuming it is suitably hardened for Internet exposure,
of course), and one internal. If you were going to do that, why not just
configure the external box as a routing/NAT'ting firewall with multiple
physical or virtual WAN addresses -- you implied that you were going to run
the Linux, so this should be possible -- and do away with the Linksys
completely? You'd get more flexibility and better logging that way (lack of
syslog capability is my biggest complaint with the Linksys implementation).
Or, alternatively, have just 1 (port-forwarded) DNS server behind your
Linksys, and get secondary services from some other organization. Some
secondary services are free; or you can pay a reasonable fee to get a
higher level of service. If someone else is running your secondary service,
you wouldn't even need that second static IP...
- Kevin
More information about the bind-users
mailing list