Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Verify a simple DNS question please

Status
Not open for further replies.
Cstorms

Cstorms

IS-IT--Management
Sep 29, 2006
556
US
Hello there, I am in the middle of a home lab setup and I know that my ISP blocks certain ports (outgoing 25 and 80), I was curious if this is the right theory for hosting my own dns server for my domain.

-Buy Domain Name: Check
-Setup DNS server with appropriate zones and A records: check
-Setup websites in IIS each with designated IP and appropriate ports and security settings:check
-Verify A records internally with supplied names using client pointing to dns server: check

So this is where I am at, I have an account with GoDaddy and I wanted to check to see if I could do name resolution over an SSL connection since I know I have 443 available to me. To test this I used OWA on my new Exchange 07 box and it worked fine by using my IP.

I used their total DNS control to setup an A record that points to my IP and used my router to forward traffic to that site and it was great..

*Finally the question*
I want to know if instead of using this method, if I could use my dns server to answer queries, I assumed I could, so I created a NS reference and pointed it to my IP with my dns server in the DMZ and all port 53 traffic pointed to it. Is this the right way to do this? Do I need to have my dns server be listed as a NS... If not, please fill me in. I am having a bit of a quarrel with SSL on the other website to test this approach.

Could I somehow forward traffic to my IP and it will just magically do name resolution at my dns server? (haha i wish)

Sorry for the length.. Any tips welcome

 
Sort by date Sort by votes
I think the real question you should be asking yourself is WHY in the heck would you want to host your own DNS server? Unless you have some pressing business need to do so, you should not be hosting your own DNS or authoratative name server.
 
Upvote 0 Downvote
there is no need.. i wanted to set one up for the sake of doing it.. instead of having godaddy hold all my zone data the point was to have my own dns server point to three different sites of my own site1.domain.com site2.domain.com etc...
 
Upvote 0 Downvote
Hello,

I do not think that your ISP blocks outbound port 80 or you would not be able to see this site.

I think if you put a record for your name server in godaddy it should work.

If your ISP is blocking inbound port 80 and 25, you do not have to run these services on standard ports.



Gb0mb

........99.9% User Error........
 
Upvote 0 Downvote
You are much better off security wise and headache wise to just keep your DNS as a hosted solution. Our hosted solution through Rackspace allows us to create unlimited domain and sub-domain records under the one account. As we register new domains, we simply provide the Rackspace DNS servers as authoratative name server fot the domain and it all works quite well.

We have DNS servers but they only serve internally, not over the internet.

good luck,
 
Upvote 0 Downvote
I think he is setting up a home test bed and he is just trying to get experience working with dns, bind, ext.



Gb0mb

........99.9% User Error........
 
Upvote 0 Downvote
DNS is UDP. I don't think SSL would jibe well. And I don't know of any sDNS services.

You can use DNSstuff to see if your server is authoritative for your domain.

You can also use nslookup to force a server,
>nslookup <enter>
>server you.r.ip.add
>yahoo.com
>exit

but in order to use your host for DNS queries, you'd have to have root hints set up, which then makes your server more like a caching DNS server. Which isnt' bad, but in practice it only creates tons of extra traffic to the root servers.

Your server should be listed as NS for SOA on your domain. Basically, your server says "I'm DOMAIN, go ahead ask me"

It sounds like you want to set up a DNS server to query against that you are controlling, not neccesarily giving name to address resolutions for YOUR-DOMAIN.com. Your server should be able to do caching, but you'll only end up slowing down your name resolutions (by mere ms, but still)

Robert Liebsch
Systems Psychologist,
Network Sociologist,
Security Pathologist,
User Therapist.
 
Upvote 0 Downvote
I ended up making a secondary zone and made the server authoritative and took away recursive lookups as to avoid cache poisoning, put 2 seperate names for NS on godaddy, used same ip. Use A records on my dns to point to different names but same IP's and used SSL host headers (a pain in the butt since you can do it via IIS gui).. It works just like I wanted. Thanks for all tips.. If anyone wants the info on how to use host headers with SSL sites let me know, I have the link on my other machine.

Also I used dnsstuff to get this all to work, I agree its a very good free service.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
9K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
9K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
10K
tbright
tbright
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
9K
Richard Carter
Richard Carter
rvirene
  • Locked
  • Question
MS DNS / Powershell Script Question
Replies
2
Views
9K
rvirene
rvirene

Part and Inventory Search

Sponsor

Back
Top