Security Basics mailing list archives

Re: a dns/named help?

From: Tomasz Nidecki <tonid () hakin9 org>
Date: Thu, 17 Nov 2005 15:07:47 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

Tuesday, November 15, 2005, 6:42:29 PM, pimp mastermind wrote:

My ISP told me that its not a problem to Host my domain on my privete
PC at home. The think i must do before i starded is to install a DNS
server which mean i must install Bind(named). I did it but i never
done it before so i dont know what exactly i need to do to get the
thinks work.


No, you don't have to. And it's better you don't, if you don't know
much about BIND. It's hell to configure, I remember the first time I
did it. It's also hell to understand for a beginner. If you definitely
have to set up your own DNS server to publish information, I would
suggest djbdns, its tinydns program:

http://cr.yp.to/djbdns/run-server.html

This shows you the basics of how to publish the names using tinydns.

http://www.lifewithdjbdns.com/#Simple setup

Have a look at section 6.1.2

You don't need the dnscache component for this at all. All you need is
tinydns, and to run it best use daemontools as described.

djbdns is much more error-tolerant in DNS data. BIND isn't. djbdns is
also much more secure.

So i've got static IP address at home lets say : 193.68.23.45 - static
ip at home.
my domain name is something.org which IP is - 85.196.174.37
and the company that makes my domain name has 2 nameservers that are
1. 85.196.174.222
2. 85.196.174.223
What i must do now? Any examples or something by anyone?


Instead of setting up your own DNS, you may use a free DNS service. An
example of such is: http://freedns.sgh.waw.pl/index.php?language=en. I
use it for a couple of domains and runs fine. However, I don't know
how it runs with the English interface, since I use the Polish one 8].

First you must create a new user. Then you must create a zone. Name
the zone something.org and make it primary. Do not import from
anywhere. Then use the modification interface to change the content.

Keep the numeric parameters at default levels. That's OK.

The only record really required is the Address (A) record. Set it up
the following way:

something.org.   193.68.23.45   [default TTL]

Don't forget the period at the end of something.org!!! This is why
BIND is not too fault tolerant, djbdns does not require this, but this
free service is based on BIND.

If you want to have a WWW address, you can add:

www.something.org.    193.68.23.45    [default TTL]

and any other subdomains you might want. Some would suggest you use
alias [CNAME] records for this, but that is not a good idea, as every
alias lookup demands two lookups from a DNS, which makes more
overhead. Better have Address [A] records for everything.

Now you might also want to add an MX record:

0      something.org.        [default TTL]

Again, don't forget the period at the end. This will make mail
delivery possible to your home machine. Without it, it would also be
possible, but some servers might cause problems if you don't have an
MX record.

Leave the Name Server (NS) records as they are, but I believe the
second one might be automatically entered without the period at the
end, if so, add the period! Other stuff you don't need either. You can
create zone configuration then.

Now that you have those DNS records, you MUST supply your domain
registrar [your ISP?] for example.org with the nameserver addresses.
Give them addresses: fns1.sgh.waw.pl and fns2.sgh.waw.pl.

This is all you need. Now, if someone asks for example.org, their DNS
cache will direct them to the root servers, which will then direct
them to the example.org registrar, who will then direct them to your
name servers [fnsX.sgh.waw.pl], which will then direct them to your
machine at your IP 193.68.23.45.

Hope it makes things clear?

So again what you need to do is:
1. set up an account on this free service,
2. create a zone
3. enter Address records for that zone
4. enter the MX record for that zone
5. check if everything is OK, then save the zone
6. wait for confirmation mail from freedns.sgh.waw.pl
   [around an hour]
7. inform your registrar [probably via their configuration interface
   for your domain name] about your new DNS servers.

For all this you do NOT need your ISP at all. You won't be using their
nameservers, they're not the ones owning your domain, etc. Your ISP
will not even have to be notified. If you have a fixed, external IP
address, this is the best way to go if you're a rookie.

Cheers,

- --
Tomasz Nidecki, Sekr. Redakcji / Managing Editor
hakin9 magazine            http://www.hakin9.org
mailto:tonid () hakin9 org      jid:tonid () tonid net

Do you know what "hacker" means?
http://www.catb.org/~esr/faqs/hacker-howto.html

Czy wiesz, co znaczy slowo "haker"?
http://www.jtz.org.pl/Inne/hacker-howto-pl.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUAQ3yOs0R7PdagQ735AQHXLAP9HbXjOGnRCbTsdx98y922RATEfCMxv976
vmqXqryM2WANcG8A6ohOWRxwt4RV1ez06Z5EijTdJdN43PqCXTSGGeLj6gPkm6b9
eXghWBLU10yMw+Le+jAobQRRb5KTKjpeK64aEbSMmKOnaxPN4zF29aMSViYQ7yv5
yyygTEkixfc=
=c1/z
-----END PGP SIGNATURE-----

Current thread:

a dns/named help? pimp mastermind (Nov 15)
- RE: a dns/named help? David Gillett (Nov 16)
- Re: a dns/named help? Blaine Lefler (Nov 16)
- Re: a dns/named help? tony (Nov 16)
  - RE: a dns/named help? John Lightfoot (Nov 17)
- Re: a dns/named help? Tomasz Nidecki (Nov 17)
- Re: a dns/named help? Jonathan Loh (Nov 21)