Topic: Help -- correct DNS settings for ISP?

[Greg Brooks]

OK, love the product (SME) but hate my own ignorance of DNS.

The situation: I have a primary domain (quadkings.com, used for administrative purposes only) and several virtual domains (blue-mouse.com, saint-theodore.org, etc.) sitting on one SME box.

My DNS provider (easydns.com) has the domains registered and all pointing to 290.15.194.32 (the IP address of the box to the outside world -- inside this building [and ONLY inside this building] the box is 200.200.200.250, which is what got typed in during setup. The gateway to the outside internet is 200.200.200.1)

The three big questions:

* Do I add ftp.quadkings.com, mail.blue-mouse.com, www.saint-theodore.org, etc as hosts, MX records and/or aliases with my DNS provider? My gut says to add mail.blue-mouse.com (or mail.whatever.xxx depending on the domain) as an MX record and a host record, and then add ftp.whatever.xxx and www.whahtever.xxx as aliases. Correct, or am I loopy?

* Do I need to change things within SME for any of these hosts, or will they all resolve correctly using "self" as a setting? (Originally, I wanted this box to also be its own public DNS, but that seems fiendishly complex.)

This is a big ol' issue for me -- if you don't feel like typing, drop me a line via e-mail and I'll happily pay for phone consultation. The problems that I'd like to solve:

* The world needs to be able to find a website at www.whatever.xxx if it's hosted as a virtual domain on my machine.

* Outside users (I have the pop-before-smtp patch in place) need to be able to set mail.whatever.xxx as both their pop and smtp servers for a given domain.

* Other mail servers or listservers need to see the mail coming from mail.whatever.xxx for a given user, NOT from mail.quadkings.com, since some of them reject that as not matching the domain in the sender field.

Thanks,
Greg

[Alexander Ziemann]

Hi Greg,

> typed in during setup. The gateway to the outside internet is
> 200.200.200.1)

Your gateway forwards from outside? You are able to ping all your internal domains from outside? Try www.network-tools.com for that.
 
> * Do I add ftp.quadkings.com, mail.blue-mouse.com,
> www.saint-theodore.org, etc as hosts, MX records and/or
> aliases with my DNS provider? My gut says to add

Normally this is the "wildcard-option"; anything like *.domain.com goes to your IP. Your gutt is wrong.

> mail.blue-mouse.com (or mail.whatever.xxx depending on the
> domain) as an MX record and a host record, and then add
> ftp.whatever.xxx and www.whahtever.xxx as aliases. Correct,
> or am I loopy?

But check for MX; this is too complex to handle. Follow your providers instructions. Some dyndns-provider have backup-mailservice. Some have not. Normally it is wildcard again.

> * Do I need to change things within SME for any of these
> hosts, or will they all resolve correctly using "self" as a

Nothing to add. Got to server-manager. Look into hostnames. They are all there!

> setting? (Originally, I wanted this box to also be its own
> public DNS, but that seems fiendishly complex.)

Never do that. E-Smith is not build for that. And you need extra knowledge also in security-things when housing a public DNS.
 
The Rest of your stuff is repeated...

Have Fun!
Alex

[Dave]

I had nitemares setting up dns for our co. at first, which sounds very similar to our situation.  I found a few things to make it easy, which I'll email to you in a while - swamped right now.  A few q's to start, tho - how much bandwidth do you have, is it static or dynamic, and are you able to get more than one ip?

[Dave]

OK.  1.) Never attemt to run BIND on your e-smith box or in any way attempt to provide external DNS off your e-smith box.  The e-smith distribution is tightly integrated and works well if you don't mess with it by trying to add stuff or manually config.  Also, DNS/BIND/port53 is a huge security hole and a disaster waiting to happen.  We got our entire RedHat 5.1 server killed and I mean DEAD a few years ago - they got in through the DNS daemon.  Let someone else provide your DNS or set up another box to do it.

2.)  I've had great luck using an old Mac for DNS.  It's an old Quadra 650, which would have ended up in the boneyard, except it runs MacDNS great.  Uptime now is about 4 months - I reboot it every 6 months just because... well, it's MacOS...  But extremely simple to config and run, it's a free app, and I'm not aware of anybody ever hacking into a Mac through MacDNS.  We have three IPs - one for e-smith and local network, one for another networked company in the building, and one for MacDNS.  This is our primary DNS server, and we provide for about 12 domains flawlessly.  

3.)  Our backup or secondary DNS is provided through publicdns.org - it's free, though not as reliable as we'd like, but it's secondary/backup.  They have a nice example of a DNS entry which makes it easy to set yours up.  They use BIND and provide for probably 5,000 domains.

4.)  For both MacDNS and publicdns.org's BIND, we did have to take the standard default examples, enter our information, but then add an MX for mail to work properly.  Just like "10 domain.xxx" was all it took.

Good luck.  Works well for us and was simple to set up.