March 16th, 2002, 04:12 PM
How should I set this up? CORRECTLY!
I am wanting to start a small in-house hosting company and there are a few but important gaps that need to filled before I actually try and market it as a real business.
This is what I have to work with at the moment.
 Cobalt Raq 4i web server
 Dual P3,RH7.2,Plesk web sever
 Full T1
 Static ip's
This is how I have it set up so far to just make ends meet.
I got my isp to nat map my static ip's to internal class C ip's
188.8.131.52 = 184.108.40.206
Now I registered my domain name, registered nameservers.
So this is how it looks in the scheme of things.
The raq is named ns1.mydomain.com wich has a ip of 220.127.116.11 which gets maped at the router to 18.104.22.168 which = ns1.mydomain.com. Now ns2.mydomain.com is registered to 22.214.171.124 and gets maped to 126.96.36.199 and there is NOTHING assigned to to that ip at the moment. Now I know this isnt right, but it does allow the raq to host 10 sites, mail and all.
So what do I do to set this up properly??
A: Do I set the raq up to handle both ns1 and ns2 and use the extra nic card?
B: Do I get another raq to be a exact mirror ns1 and name it ns2?
C: Do I set up 2 other servers, name them ns1 & ns2 and point said webserver to them?
D: Should I see if my isp will let me add records to thier servers....or something to that effect?
E: ...or am I completly of base and realy more cufused about this than I feel? .....and I am realy confused.
Any explaination or help would be a god-sent right now.
Thank you very much in advance
PS. I left the other server out of this, cause 1 thing at a time.
Last edited by hooj; March 16th, 2002 at 04:19 PM.
March 16th, 2002, 05:01 PM
>> I got my isp to nat map my static ip's to internal class C ip's 188.8.131.52 = 184.108.40.206
Disable NAT in your router. If your router doesn't have 5 ports, expand it with a hub, switch is not needed.
A) One box, despite how powerful it is, can't do it all, or do it efficiently. Since you have 5 static IPs, just build 5 boxes for that. Each box should have two NICs, one assign to static IP and the other assign to 192.168.0.x or whatever.
B) Build 5 boxes, the additional 4 boxes don't have to be the same hardware specs. A p133 with 64mb RAM is more than enough to handle quite a few services. If you can afford T1, there is no excuse you can't afford to build 4 more boxes.
A slave authoritative nameserver is somewhat required, but having ns1 and ns2 both reside on the same box defeat the purpose of having a slave nameserver in the first place.
In addition, keep in mind that ns1 will not always be the one that's queried by other caching nameservers for answer. So there really is no such thing as which nameserver being the master or slave, since they can be queried randomly.
C) Since you have 5 static IPs, you should setup ns1 and ns2 on different box. As far as the naming goes, you can name your master to be anything. Personally I'd name it ns1.
D) Your authoritative namservers will be authoritative for your domain(s), your ISP doesn't. Therefore, you don't have to contact them because they can't do anything to it.
The only situation you need to contact your ISP is if they are authoritataive for your in-addr.arpa (reverse DNS), because 99.999% of the time, ISP will never delegate your assigned static IPs' in-addr.arpa to customers. Some ISP like Speakeasy.net (mine) can change the PTR record (on their end) to point back to my FQDN. They do this only on request and at no charge.
E) Do a search in this forum. If you don't know the search keyword or unable to find your answer, just ask.
March 16th, 2002, 06:54 PM
Thanks free, that pointed me in the directin I needed to go.
I just got back from the bookstore, Picked up O'Riley's DNS and BIND.....looks like that should explain alot.
March 17th, 2002, 06:31 AM
>> Picked up O'Riley's DNS and BIND
That'd be a good start.
>> looks like that should explain alot
Absolutely not. Just so you know, BIND developers don't even have a clue what DNS and security are all about. As a result, you will learn many misconception because BIND developers are DNS + security illiterated.
Then what people do?
djb and the ones who run djbdns
That said, play with BIND for a while, then switch to djbdns without a doubt.
March 17th, 2002, 02:45 PM
If i am understanding this correctly that after I have ns1 and ns2 set up as mentioned. That my webservers will actually have no need for a static IP and they will al be assigned internal ones.
Or.....are the webservers to be setup just like the nameservers?
March 17th, 2002, 06:48 PM
>> my webservers will actually have no need for a static IP
Why not? You still need to set an A record, say www.yourdomain.com and have it pointed to one of your 5 static IPs.
>> are the webservers to be setup just like the nameservers?
As far as web server to be accessible from everywhere in the world, yes, you still need to assign an IP (static/dynamic) to it. Since you will be running authoritative DNS servers yourself and have 5 static IPs to play around with, you will definitely want to give your web site a domain and assign a static IP to that domain.
Just forget about doing everything in one go, you need to setup authoritative DNS first. Just try and create a zone record, and if you have question, post it here.
Sorry, I can't provide a sample of zone record for you as it's searchable in this forum.
March 19th, 2002, 02:16 AM
Heading in the right direction
I have made headway....2 name servers running BIND 9.x. NAT is not turned off yet, but will be on 2 ip's very soon.
I may have a few problems to work out yet.
#1 Will these name servers have a problem operating on or with a NT network. I have the 1 NIC on both of the servers cofigured to the dhcp on reservations.
#2 I am assuming from some things I have read that I should
that this would be true or close to it?
Reason I am asking about #1 is that are local network domain is called "fwc.com". If I am correct that my nameservers are actually making a zone call "mydomain.com" which would be a small delagated part of fwc.com but not fwc.com. fwc.com has no meaning outside of the very small network it's just called that. I know this will be all fine outside of the router....just making sure it going to be fine working on the inside of the network.
And here is a link if by chance someone else runs into the same newbie problem that I am overcoming....it might help.
March 23rd, 2002, 09:49 AM
1) No problem so long as your box running cache-only nameserver has access to the internet.
2) Just don't use your ISP's cache-only nameservers as a forwarder because they can't be trusted and that also defeats the purpose for running your own caching nameserver (you don't save much bandwidth from this).
>> which would be a small delagated part of fwc.com but not fwc.com
You can use fwc.com as your LAN domain as well. This is so-called split horizon and has been discussed several times here.
October 25th, 2002, 11:52 AM
FreeBSD you seem to be an authority around here.
Can I ask you a small question - how do I setup nameservers! I have made headway in learning but am using Windows 2K but my mani problem is visualising the steps.
I have a domain - triangle-solutions.com pointed at another DNS system.
I have three new servers - 6 static IPS I want to create two boxes as DNS servers.
I created the reverse zones - registered the nameservers - but this is where I get stuck and my Domain seller easily.co.uk wont hope even though they registered the name servers for me which have since been dleted from crsnic.net - the reason I think it is reverse lookup - and this a quote from before how do I find out if they have this authority and is this why it is not working - how long does something like this take to switch over? If I have it pointed at anothers DNS already do they have the control so confused?? Any help appreciated.
Triangle Solutions Ltd