Help with DNS

Kal Feher kal.feher at melbourneit.com.au
Thu Apr 17 07:26:03 UTC 2008


First let me say that the whole 2-in-one approach to DNS is flimsy and a
really bad idea ...

Your time and money would be far better served deploying a more appropriate
solution.

Having said that my advice is below.

On 16/4/08 12:23 PM, "Bob Hoffman" <bob at bobhoffman.com> wrote:

> I think my post got lost in the mail...so here it is again..
> 
> 
> 
> Hi all, hope you are weathering the financial storms of the day well.
> 
> Okay....I have put together my 'logic' page for setting up my server and
> would like to hear any comments at all that could help me. Anything wrong or
> odd.
> 
> 
> The scenario- a standalone webserver connected to the internet at a
> datacenter. Just the server and the internet. The webserver will be its own
> nameserver for the two sites it is hosting. Linux, bind 9.something, apache
> 2.2, redhat/centos 5.1, snedmail.
> 
> The nameservers are not for any use other than to resolve the www sites on
> the server itself. The server is not part of a network, no clients,
> nothing..It is just one 'buttoned' up webserver.
> 
> ----------------------------Logic------------------------------
> 
> 1-  Using the sysconfig-network util on centos I changed the DHCP to static
> ip, added the info needed.
> 
> 2-  Using ifconfig set the ip and mask correctly with the ip
> 
> 3-  /etc/sysconfig/network will have network=YES and hostname=
> localhost.localdomain
> 
> 4-  /etc/hosts will have 127.0.0.1 localhost.localdomain
> 
> 5-  /etc/resolve.conf will have order hosts,bind and will have Nameserver
> <IP>
> Nameserver2 <sameIP or different one>
> 
> 6-  /etc/nsswitch.conf in not needed in this case, but has hosts: files,DNS
> in it.
> 
> 7-  Named.ca will list the root servers on the net.
> 
> 8-  Named.conf will list 2 nameservers. since two have to be listed in the
> zone files....so one should be auth and one slave... Not sure if it will
> work. Both nameservers will serve my server exclusively for my two or three
> sites. (yes, I know, redundancy...but if my server is down, it does not
> really matter does it? However, if a freebie or third party dns is down it
> sure will matter, so I am gonna try it all on the same server)
> 
You need to clarify tis a little as it doesn't quite make sense. What 2 name
servers will you place in the zone file, if you don't have 2 name servers?

Will you put 2 ips on the server and use these as the "2" name servers?
> 8a-  Named.conf will also have a 'reverse zone' listed for each website
> also.

On the assumption that you do not have the ip range delegated to you but are
merely a customer of a provider that will give you a few IP addresses, this
may not be required. Many providers will add the ptr on your behalf. If you
plan on hosting those ptrs I suggest you investigate classless delegation so
you are aware of the mechanics of the process.

In either case only 1 PTR per IP. Often people confuse how this works. A ptr
is for the ip address in question and is devoid of any "context" that you
may be looking it up for. Eg:

say I host www.example.com and www.example.net on a server with the IP
address : 192.168.1.2

To look this up I use: "dig 2.1.168.192.in-addr.arpa."
The DNS server does not know that you may be interested in one forward zone
or another, merely that a ptr is being sought for that address.

I would suggest a bland catchall hostname such as
"hostedserver.example.com". If you do everything right with setting up your
mail server you shouldn't have issues with mail delivery (the most common
reason people want ptrs in instances like this).

Of course if you host the web servers on different IP addresses you can most
certainly have a PTR for each.
> 
> 9-  zone files will list the proper stuff for each site.
> 
> 10-  rndc. File not used in this set up, single webserver by itself.
> 
> 11-  No other files are needed for this setup.
> 
> 12-  Recursive will only be used for the localhost and I guess the domains.
> But will iterative work? The books all say it is safer to use iterative, but
> recursive is supposed to be needed for mail resolution and stuff..... 3
> books, 3 different answers. Dan says recursive=yes and I believe him.
> 
> Number 8 poses the issue that is not listed anywhere. Although I can see
> named.conf having many auth/master nameservers and many slaves, I find
> nothing about having two for the same domain. Although it sounds hokey to
> do, it is only because the zone files demand two. My one thought is to just
> list the same one twice in the zone file as it probably makes no difference
> and solves the whole issue. Any thoughts.

This seems too complicated. Really having 2 name servers should be
achievable. If you absolutely have to pretend to be 2 name servers just have
2 ip addresses on the server and serve all zones for each of those public
addresses. Listing the zone twice doesn't make sense unless you want to have
different views that serve different content.
> 
> Anything I missed that would be needed? Anything totally bogus with the
> logic for this (besides the dual nameservers on the same server..I think it
> can be done)?
> 
> Remember, this is a standalone webserver, hosting a few domains for www,
> mail, ftp stuff. No networking, clients or other things like that..just one
> server alone in the universe serving its own pages and as its own
> nameserver.
> 
> Did I get this logic correct? I am gonna place this thing in the datacenter
> tomorrow. This is my first attempt to do this. I know it can work even if I
> screw it up, but it will work badly.
> 
> I know I wrote before on this and I think I am close to a proper solution,
> it is the logic above that I need to know about and not the stuff inside the
> files, is it right? Is there some other file that needs to be added into
> this logic to properly resolve and serve websites (other than apache files)?
> 
> 
> 
> Thanks for the help, and thank you for taking your time.
> 
> Bob
> 
> 
> 

-- 
Kal Feher




More information about the bind-users mailing list