Security Basics mailing list archives
Re: a dns/named help?
From: Tomasz Nidecki <tonid () hakin9 org>
Date: Thu, 17 Nov 2005 15:07:47 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 Tuesday, November 15, 2005, 6:42:29 PM, pimp mastermind wrote:
My ISP told me that its not a problem to Host my domain on my privete PC at home. The think i must do before i starded is to install a DNS server which mean i must install Bind(named). I did it but i never done it before so i dont know what exactly i need to do to get the thinks work.
No, you don't have to. And it's better you don't, if you don't know much about BIND. It's hell to configure, I remember the first time I did it. It's also hell to understand for a beginner. If you definitely have to set up your own DNS server to publish information, I would suggest djbdns, its tinydns program: http://cr.yp.to/djbdns/run-server.html This shows you the basics of how to publish the names using tinydns. http://www.lifewithdjbdns.com/#Simple setup Have a look at section 6.1.2 You don't need the dnscache component for this at all. All you need is tinydns, and to run it best use daemontools as described. djbdns is much more error-tolerant in DNS data. BIND isn't. djbdns is also much more secure.
So i've got static IP address at home lets say : 193.68.23.45 - static ip at home. my domain name is something.org which IP is - 85.196.174.37 and the company that makes my domain name has 2 nameservers that are 1. 85.196.174.222 2. 85.196.174.223 What i must do now? Any examples or something by anyone?
Instead of setting up your own DNS, you may use a free DNS service. An example of such is: http://freedns.sgh.waw.pl/index.php?language=en. I use it for a couple of domains and runs fine. However, I don't know how it runs with the English interface, since I use the Polish one 8]. First you must create a new user. Then you must create a zone. Name the zone something.org and make it primary. Do not import from anywhere. Then use the modification interface to change the content. Keep the numeric parameters at default levels. That's OK. The only record really required is the Address (A) record. Set it up the following way: something.org. 193.68.23.45 [default TTL] Don't forget the period at the end of something.org!!! This is why BIND is not too fault tolerant, djbdns does not require this, but this free service is based on BIND. If you want to have a WWW address, you can add: www.something.org. 193.68.23.45 [default TTL] and any other subdomains you might want. Some would suggest you use alias [CNAME] records for this, but that is not a good idea, as every alias lookup demands two lookups from a DNS, which makes more overhead. Better have Address [A] records for everything. Now you might also want to add an MX record: 0 something.org. [default TTL] Again, don't forget the period at the end. This will make mail delivery possible to your home machine. Without it, it would also be possible, but some servers might cause problems if you don't have an MX record. Leave the Name Server (NS) records as they are, but I believe the second one might be automatically entered without the period at the end, if so, add the period! Other stuff you don't need either. You can create zone configuration then. Now that you have those DNS records, you MUST supply your domain registrar [your ISP?] for example.org with the nameserver addresses. Give them addresses: fns1.sgh.waw.pl and fns2.sgh.waw.pl. This is all you need. Now, if someone asks for example.org, their DNS cache will direct them to the root servers, which will then direct them to the example.org registrar, who will then direct them to your name servers [fnsX.sgh.waw.pl], which will then direct them to your machine at your IP 193.68.23.45. Hope it makes things clear? So again what you need to do is: 1. set up an account on this free service, 2. create a zone 3. enter Address records for that zone 4. enter the MX record for that zone 5. check if everything is OK, then save the zone 6. wait for confirmation mail from freedns.sgh.waw.pl [around an hour] 7. inform your registrar [probably via their configuration interface for your domain name] about your new DNS servers. For all this you do NOT need your ISP at all. You won't be using their nameservers, they're not the ones owning your domain, etc. Your ISP will not even have to be notified. If you have a fixed, external IP address, this is the best way to go if you're a rookie. Cheers, - -- Tomasz Nidecki, Sekr. Redakcji / Managing Editor hakin9 magazine http://www.hakin9.org mailto:tonid () hakin9 org jid:tonid () tonid net Do you know what "hacker" means? http://www.catb.org/~esr/faqs/hacker-howto.html Czy wiesz, co znaczy slowo "haker"? http://www.jtz.org.pl/Inne/hacker-howto-pl.html -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUAQ3yOs0R7PdagQ735AQHXLAP9HbXjOGnRCbTsdx98y922RATEfCMxv976 vmqXqryM2WANcG8A6ohOWRxwt4RV1ez06Z5EijTdJdN43PqCXTSGGeLj6gPkm6b9 eXghWBLU10yMw+Le+jAobQRRb5KTKjpeK64aEbSMmKOnaxPN4zF29aMSViYQ7yv5 yyygTEkixfc= =c1/z -----END PGP SIGNATURE-----
Current thread:
- a dns/named help? pimp mastermind (Nov 15)
- RE: a dns/named help? David Gillett (Nov 16)
- Re: a dns/named help? Blaine Lefler (Nov 16)
- Re: a dns/named help? tony (Nov 16)
- RE: a dns/named help? John Lightfoot (Nov 17)
- Re: a dns/named help? Tomasz Nidecki (Nov 17)
- Re: a dns/named help? Jonathan Loh (Nov 21)