DNS and internet
Steve
You can maybe help me.
I have a domain name ( foo.com ) and my domain provider doesn't allow me
to get some sub domains...
I decided to have my own DNS server
Internally, the server is seems to work fine ( basic configuration made
with Webmin )
Now, how can have my sub-domains available over internet ?
Unfortunately, I have absolutely no idea.
- Should I change the DNS of my domain name provider ? ( pointing out MY
DNS server ?
- is there something else to do ?
Thanks and indvance
Jacob
IP-address with (www.)foo.com this is usally a webserver.
If you need a subdomain you can have a name-based subdomain on the same
server (ip-address) or an ip-based on a different server (Different
IP-Adress)
To ensure that your subdomain can be reached, you need an ip-address with
can be reached 24/365. If you have one you can make an entrance in your
DNS-Server like:
www.foo.com. IN A IP1 ;Original Domain
sub.foo.com. IN A IP2 ;Subdomain
The second IP can be where you want, but it has to be present 24/365!!
If you don't have an IP2, but only a dynamic one (xyz.dyndns.org), you could
try it with an alias like
sub.foo.com. IN cname xyz.dyndns.org ;canonial address for
subdomain
it should work, but I have no idea how stable it is. Important is of course
to get this entrance in a running DNS-Server for your domain.
HTH
Jacob
"Steve" <St...@noreply.fr> schrieb im Newsbeitrag
news:4b00080f$0$24768$426a...@news.free.fr...
Moe Trin
<4b001da5$0$3296$8e6e...@newsreader.ewetel.de>, Jacob wrote:
[Top-posting corrected]
>"Steve" <St...@noreply.fr> schrieb
>> I have a domain name ( foo.com ) and my domain provider doesn't
>> allow me to get some sub domains...
I think what you mean is that the DNS provider won't set up sub-domains
for your domain. You could change providers, but the extra service will
probably cost more.
>> I decided to have my own DNS server
The DNS-HOWTO is rather old, but will get you started. For additional
help with sub-domains (a.k.a. child domains), you probably want to be
reading the 'cricket book' (DNS and BIND) from O'Reilly and Assoc.
DNS and BIND, Fifth Edition May 2006 $49.99 ISBN: 978-0-596-10057-5
or 0-596-10057-4, 648 pages
>> Internally, the server is seems to work fine ( basic configuration
>> made with Webmin )
If it works, I guess it's OK, but I have no confidence in Webmin.
>> Now, how can have my sub-domains available over internet ?
>> Unfortunately, I have absolutely no idea.
>>
>> - Should I change the DNS of my domain name provider ? ( pointing
>> out MY DNS server ?
yes, and the slave or secondary. You probably would get better help
on the Usenet newsgroup 'comp.protocols.tcp-ip.domains'.
>I think you want to do is not so easy. The DNS resolution will point
>at an IP-address with (www.)foo.com this is usally a webserver.
If all you have is a single IP address, this is probably true, but
hardly the way larger domains - those normally associated with
sub-domains - are operated.
>If you need a subdomain you can have a name-based subdomain on the
>same server (ip-address) or an ip-based on a different server
>(Different IP-Adress)
This doesn't make sense even when discussing how the name server is
configured, much less how the sub-domain is set up.
>To ensure that your subdomain can be reached, you need an ip-address
>with can be reached 24/365. If you have one you can make an entrance
>in your DNS-Server like:
>www.foo.com. IN A IP1 ;Original Domain
>sub.foo.com. IN A IP2 ;Subdomain
Except that isn't a subdomain - it's merely a different _host_ in the
parent domain. What you put in your zone files isn't going to do
anything until your registrar has published the IP of the two or
more name servers authoritative for your domain.
>If you don't have an IP2, but only a dynamic one (xyz.dyndns.org),
you shouldn't be trying to pretend to have sub-domains.
>you could try it with an alias like
>sub.foo.com. IN cname xyz.dyndns.org ;canonial address for
>subdomain
>
>it should work, but I have no idea how stable it is.
Your registrar should reject the concept of the same IP address for
both name servers. You do realize that your domain registrar wants
the IP addresses, not the names - how do you expect the world to be
able to find the name servers if all they have is names, and no one
to translate the name or refer to a name server that can do so.
The reason for the IANA requirement of two OR MORE name servers is
redundancy, allowing the names to be resolved when a host, OR THE
LINK TO IT is down temporarily.
Old guy
Steve
I Moe,
Thank you for your reply.
I have a fix IP Address and up to know, I had enough with 5 subdomain
that my NIC provider gave me.
Unfortunately, I need to buy another domain (.fr)that my current provider
doesn't offer -> I changed for another one and this one, doesn't allow me
to do anything. ( in this case, I need to defined 2 differents address
for the web and FTP server. If I want to do this, the provider is
offering me a package much more expensive... that I don't need.
At the moment, I am at test phase....
I follow ( with webmin ) this procedure :
http://www.scribd.com/doc/17731521/Using-Webmin-and-Bind9-to-Setup-DNS-
Server-on-Linux-v13
The result is not so bad... not everything is working fine... at the
moment, but I made a good progress :-)
Effectively, my problem is the second DNS ( the slave), which is not
defined yet. So if I have a crash..... I will see that later on.
Thanks
Steve
Moe Trin
<4b025057$0$18580$426a...@news.free.fr>, Steve wrote:
>Moe Trin wrote:
>> The DNS-HOWTO is rather old, but will get you started. For additional
>> help with sub-domains (a.k.a. child domains), you probably want to be
>> reading the 'cricket book' (DNS and BIND) from O'Reilly and Assoc.
>>
>> DNS and BIND, Fifth Edition May 2006 $49.99 ISBN: 978-0-596-10057-5
>> or 0-596-10057-4, 648 pages
>I have a fix IP Address and up to know, I had enough with 5 subdomain
>that my NIC provider gave me.
>Unfortunately, I need to buy another domain (.fr)that my current
>provider doesn't offer -> I changed for another one and this one,
>doesn't allow me to do anything. ( in this case, I need to defined 2
>differents address for the web and FTP server. If I want to do this,
>the provider is offering me a package much more expensive... that I
>don't need.
Are we talking about the same thing? A sub-domain is a domain within
the parent - such as
county.TLD parent domain
host.county.TLD host within parent domain
host2.county.TLD another host within parent domain
city.county.TLD child domain
host.city.county.TLD host within child domain
host2.city.county.TLD another host within child domain
street.city.country.TLD child domain within child domain
number.street.city.country.TLD host within that (sub-)sub-domain
Just as "country.TLD" could be a CNAME for a host in the parent
domain, you could also have "city.county.TLD" as a host name, but it
would have to be a CNAME within the child, and this can get rather
complicated to set up safely.
Your description here sounds more as if you have two (or more) domains
on the same physical host - which is a completely different problem.
That's just a number of extra zonefiles listed in /etc/named.conf
(although the PTR records can be ``interesting'').
>Effectively, my problem is the second DNS ( the slave), which is not
>defined yet. So if I have a crash..... I will see that later on.
When we first set up DNS in the 1980s, we had master and slave
located in the same room, on the same DMZ subnet, connected to the
world by the same router... which really wasn't as big a problem
as all of our network was reachable through a single T-1 only. If
it went down, you couldn't reach our DNS, but you also could not
reach any of our hosts, so it didn't matter that much (except for
inbound mail which still worked if the sender knew the MX addresses,
but not if they had to look those up first). By about 1988, we
changed things such that we had connections to the world through
several providers around the world, and had an internal set of links
to connect everything. This allowed us to put the master in one
facility, and the (three) slaves in three other facilities and each
had a "different" connection to the world. Each facility was also a
separate sub-domain (location.company.TLD), and each had their own
master/slave DNS servers (hostname.location.company.TLD) that are
authoritative for "their" sub-domain. Admining the individual
sub-domains and the company domain isn't that difficult, but I
certainly would not want to try to set it up without help and a lot
of reading of the 'cricket book'. ;-)
Old guy
Jacob
> county.TLD parent domain
> host.county.TLD host within parent domain
> host2.county.TLD another host within parent domain
> city.county.TLD child domain
> host.city.county.TLD host within child domain
> host2.city.county.TLD another host within child domain
> street.city.country.TLD child domain within child domain
> number.street.city.country.TLD host within that (sub-)sub-domain
Could yo explane in sort the difference between a (different) host in a
domain, a child domain and a sub domain?
My opinion:
You write host2.country.TLD is another host, and city.country.TLD is a child
domain. Was it Sheakespeare who said: What is in a name?
The "system" is the same: parent domain and than hostnames. Where do you see
the diference between host vs. child-domain or a subdomain?
As far as I understand, the second-level-domain (I think they call it so)
can be a host, but could also be a subdomain....
The third-level-domain acts also this way and so on.
In the DNS-entry the Target can be at different providers and different
ranges of ip-addresses.
Only important is, that the DNS-Servers who are responsible for the parent
domain have the entries for the sub-domains and/or hosts in this Domain.
(And these entries CAN be cnames )
What me confuses is, you talk about hosts and childs, in the last line
(sub-)sub-domain. Where do you see the first subdomain?
> Just as "country.TLD" could be a CNAME for a host in the parent
> domain, you could also have "city.county.TLD" as a host name, but it
> would have to be a CNAME within the child, and this can get rather
> complicated to set up safely.
I already wrote cname pointing to a dyndns-name should function, the rules
say so, but I havent the slightest idea how stable it is...
CU
Jacob
Moe Trin
<4b04fb5b$0$3291$8e6e...@newsreader.ewetel.de>, Jacob wrote:
>@ old guy
>> county.TLD parent domain
>> host.county.TLD host within parent domain
>> host2.county.TLD another host within parent domain
>> city.county.TLD child domain
>> host.city.county.TLD host within child domain
>> host2.city.county.TLD another host within child domain
>> street.city.country.TLD child domain within child domain
>> number.street.city.country.TLD host within that (sub-)sub-domain
>Could yo explane in sort the difference between a (different) host in a
>domain, a child domain and a sub domain?
Sub-domains (which are children of the parent or main domain) are
normally an administrative solution. Think of a big domain owned by an
airline - we'll use Pan American because they don't exist any more and
therefore we won't be giving away any secrets. There is the domain
called `panam.com'[1] and it was located in downtown New York City.
There were relatively few hosts at the _domain_ level - perhaps several
mail and web servers. Pan Am had several maintenance bases, one at
Miami, Frankfort, San Francisco, Tokyo and at New York (at the airport,
not downtown). It makes sense to _administer_ these separately
(because the staff are physically located "there" and not "here". So
the domain is sub-divided into 'mia.panam.com', 'fra.panam.com'
'sfo.panam.com', 'tyo.panam.com', 'jfk.panam.com' and perhaps
'corp.panam.com'. You may notice that sub-domains often have names
that are not "obvious" to outsiders but make sense to the users or
employees - here, the 'mia' is the airline code for Miami, and so on.
Because each sub-domain is separately administered locally, there is
little chance that individual hostnames may be coordinated between
sub-domains - there is a good chance that there is a host named 'ftp',
and 'www' at each location - but this is no problem because one is
'ftp.mia.panam.com' while another is 'ftp.fra.panam.com' and so on.
There _could_ be a host with a name of mia.panam.com', but this is a
real pain in the ass to set up (it has to be a CNAME in the Miami
sub-domain, pointing at some other host which is most likely to be in
the Miami sub-domain although that isn't an absolute requirement).
Having a host with the same name as the sub-domain also confuses users,
and should be avoided for that reason.
>You write host2.country.TLD is another host, and city.country.TLD is a
>child domain. Was it Sheakespeare who said: What is in a name?
>The "system" is the same: parent domain and than hostnames. Where do
>you see the diference between host vs. child-domain or a subdomain?
Names - most of the hosts in the top-level are probably meant to be
public, that is, visible to the world. As noted above, this is
probably systems like the mail, web, ftp, and perhaps one or more of
the DNS servers. These are likely to be in a DMZ of some kind. The
"working" systems - those systems used by the employees to get their
jobs done - are not likely to be domain level hosts, but are in some
sub-domain. Thus, the difference between a host at the domain level
(mail.panam.com) and a sub-domain (mia.panam.com) is that the
sub-domain name is normally associated with additional parts beyond
the sub-domain part, such as 'ftp.mia.panam.com'. While there
could be a _host_ with the FQDN of 'mia.panam.com', what purpose do
you think it might serve? About the only useful purpose might be
if there is a host named 'www.mia.panam.com' that is intended to be
used by the public, and someone decided that's to many characters to
type in a URL and "we need a CNAME to save keystrokes". That person
should be shot for stupidity, but that's another matter.
>As far as I understand, the second-level-domain (I think they call it
>so) can be a host, but could also be a subdomain....
It _can_ be, but you can see the confusion it causes. Thus, the name
'mia.panam.com' isn't likely to be used as a host when it ALSO exists
as a sub-domain.
>The third-level-domain acts also this way and so on.
international.mia.panam.com verses domestic.mia.panam.com or maybe
operations.mia.panam.com verses maintenance.mia.panam.com - they
are different sub-sub-domains and each may have many hosts in that
sub-sub-domain such as rosebud.international.mia.panam.com or
sunshine.domestic.mia.panam.com and so on.
>In the DNS-entry the Target can be at different providers and
>different ranges of ip-addresses.
Yes - although that plays hell with PTR records administration.
>Only important is, that the DNS-Servers who are responsible for the
>parent domain have the entries for the sub-domains and/or hosts in
>this Domain. (And these entries CAN be cnames )
Depends on how complicated things are. Do you expect the people in
Frankfort, Miami, or Tokyo to call the DNS admin in New York City
when they add or remove a host? See the "DNS and BIND" book mentioned
up-thread, but it is possible to have none/some/all sub-domains
in zone-files on the domain level name server, but it's more common
for the sub-domains to be on their own name servers, and the domain
level name server merely having glue records for referrals. If you
don't have access to the "DNS and BIND" book, see chapters 2 and 6
in the Linux Network Administrator's Guide, Second edition which is
available from the LDP (http://tldp.org/guides.html) and the "BIND
Operator's Guide" which should be part of the ISC BIND source.
http://www.bind9.net/manuals may be useful.
>What me confuses is, you talk about hosts and childs
hosts are individual computers - childs (children) are sub-domains.
>in the last line (sub-)sub-domain. Where do you see the first subdomain?
To put it in human terms - grand-father, father, son. The 'father' is
the child of the 'grand-father' just as the sub-domain is the child of
the domain. And here, the father has a son, just as the sub-domain
may have a sub-sub-domain (and that son or sub-sub-domain can have
children on it's own). The grand-father may own a hundred computers,
but are you going to confuse a computer with a child??? Silly - the
computers have different names, like "challenger", "rainbow", and
"waterfall" - who would name a child like that? ;-)
>I already wrote cname pointing to a dyndns-name should function, the
>rules say so, but I havent the slightest idea how stable it is...
When you say 'dyndns-name' I'm assuming you mean a hostname service
provided by one of the many DNS service companies - dyndns.org is one,
but there are many others. These service companies cater to home or
tiny organizations, most of which don't understand how to run a DNS
server, and are buying that service. Generally, the domains that
really need sub-domains are large enough to be running their own DNS.
The (intentionally unnamed) company I work for has nearly a hundred
sub-domains located in Europe, Asia, Africa and the Americas. Most of
the people don't even speak the same language (never mind being far
away), so that's why we needed sub-domains. This also allows the same
un-qualified hostname (such as 'ftp' or 'george') to be used in other
sub-domains. (Try coming up with a thousand unique hostnames - it is
NOT easy. Name them for beers, cars, newspapers, sports teams... you
will run out of usable names that are not open to confusion.)
Old guy
[1] There currently is a 'panam.com' and is not related to the name
of the old airline. Pan American World Airways actually went out of
business in 1991, and I'm using the name ONLY as an example.
Jacob
Thanks for your explanation. I think that we both were thinking the same,
but I tried to explane it to Steve extreme easy. I did not explane the
backgrounds but simply (in theory) the possibillity. I agree with almost all
of your thoughts about the work that could come up and the threats it
brings. It is a dangerous thing to work the way I suggested (but possible).
Cu in the next discussion
Jacob
Reynolds McClatchey
> Hi guys,
>
> You can maybe help me.
>
> I have a domain name ( foo.com ) and my domain provider doesn't allow me
> to get some sub domains...
I have a similar problem that maybe Moe
can tell me (us) how to set up DNS. My ISP (ATT) will
not serve PTR records for me unless they provide the DNS
for my domain. So aol.com and comcast.com reject SMTP
for lack of reverse lookup. I have
to use another ISP who does serve PTRs for SMTP.
This is a misguided policy of ATT's and when I questioned
the call center person and explained that I used
my own registrar and administered my own DNS she responded
that they could delegate the DNS for mydomain.com
to my servers.
Does ATT have an easy http way to administer DNS
that they host or is a ticket required for every change?
How would registration work?
I use split brain DNS.
How would I set the public DNS up?
Moe Trin
<4B06AABF.8010301@NO_saf_HARVEST.com>, Reynolds McClatchey wrote:
>I have a similar problem that maybe Moe can tell me (us) how to
>set up DNS. My ISP (ATT) will not serve PTR records for me unless
>they provide the DNS for my domain.
That's a political decision on their part. Not wise, but it's their
decision.
>So aol.com and comcast.com reject SMTP for lack of reverse lookup.
>I have to use another ISP who does serve PTRs for SMTP.
That's an _outgoing_ mail problem - the normal solution proposed is
to smart-host through the providers mail server OR some other service
provider. It can be fixed, but does ATT want to? Only their sales
rep knows for sure.
>This is a misguided policy of ATT's and when I questioned the call
>center person and explained that I used my own registrar and
>administered my own DNS she responded that they could delegate the
>DNS for mydomain.com to my servers.
2317 Classless IN-ADDR.ARPA delegation. H. Eidnes, G. de Groot, P.
Vixie. March 1998. (Format: TXT=17744 bytes) (Also BCP0020)
(Status: BEST CURRENT PRACTICE)
but they're probably are more interested in the fees they need you to
pay for this very complicated task. http://www.ietf.org/rfc/rfc2317.txt
(You do know how the 'in-addr.arpa' domain resolves in the same manner
as any normal domain - by referral. Until RFC2317, delegation was
handled in /24 sized chunks or binary multiples there-of.)
>Does ATT have an easy http way to administer DNS that they host or
>is a ticket required for every change?
I don't know how they admin their setup, but I'd NOT expect them to
be using a web interface unless the web stuff was actually only used
as a "mail to registrar" interface, with the actual zone file changes
being made by cloistered attendants in a "central" location. You
_REALLY_ don't want multiple independent editor sessions mucking with
the zone files at the same time - that's disaster city. For ``small''
setups (meaning those that are admin'ed by a single - or at most very
"few" - person[s] at a single location), they could be using a simple
wrapper script around an editor, and that script handles restarting
the name server and zone transfers and some form of file backups.
This will drastically reduce the chance of errors. The consultant who
helped set up our system years ago created a set of revision control
(RCS - actually SCCS) scripts. The script isn't picky about the
quantity of changes, but it does handle basic typ0/sanity checking and
handles both forward and reverse zone files, as well as NIS 'hosts'
file and zone transfers as needed. The version control allows a (more
or less) graceful back-out in case of errors. (I'm sure you know such
errors may be trivial, but can bring the whole house of cards down
about you with devastating results.) If you muck with the kernel
(compiling your own), I've also seen (but never studied closely) a
scheme using patch files and GNU 'make' to insert changes into the
zone files. "There's More Than One Way To Do It"... or is that
"There's more than _ten_ ways to do it wrong." I dunno ;-)
>I use split brain DNS.
Is it split because of internal/external, or because of the two (or
more) upstreams/address ranges, or both? We're sorta doing something
like that because our reverse zones differ internal/external, and a
number of our internal hostnames don't resolve externally. That's a
complication _relatively_ easily (FSVO) handled by these wrapper
scripts.
>How would I set the public DNS up?
Very carefully. ;-) (I'm assuming you know how to set up a basic
name server - ala the DNS-HOWTO.) If you are referring to combining
the two or more external address ranges into one forward file, that's
trivial. Somewhat more difficult is if you are trying to serve two
reverse zones that are RFC2317 delegated to you (the upstream zone
delegates to you - a one time setup on their part). That _should_
work by simply having two separate zone files for the reverse end of
things, much the same as is done when serving 2.0.192.in-addr.arpa (or
what-ever) and 127.in-addr.arpa from the same name server.
The RFC2317 delegated mechanism is much the same as a sub-domain. The
upstream isn't involved in the _contents_ of the sub-domain, and their
only function is providing the glue records that refer queries to your
server for the actual resolution.
[COMMENT: I'm really the networking guy, not the DNS guy. You may want
to be looking in the 'comp.protocols.dns.bind' (moderated) or
'comp.protocols.tcp-ip.domains'). If you are actually using the ISC
bind program that comes as part of many *nix, they also have a mailing
list that is useful.]
Old guy