Gordon Rowell wrote:
> The better option, IMO is:
> - Put the original named.conf back to handle DNS caching and the local
> network. Leave it listening to localhost and the internal network only
> - Create a second named.conf for the external zones only
> - Make this one listen-on the external interface only
>
> People talking to port 53 on the external interface get external DNS only.
>
>
> People talking to localhost and the internal interface get internal DNS
> and cached external DNS.
I Still want to learn how to load 2 different named.conf. Any hints would be appreciated.
Gordon has been asking for a write up on creating a Public DNS server. This is what I did
to make my e-smith machine a public web server for my domain. (Please feel free to email
any corrections you may find in this back to me -- rseller@netzero.net).
====================================
==Instructions on how to set up DNS to Host a Public Website.
====================================
Before you start:
To transfer your website to your machine you need to have 2 DNS servers. Your
e-smith machine can be one of them, but you will need a second. This can be
done by a second e-smith machine on a different static IP number. You can also
do this by paying a fee and using a public DNS or having a friend machine be your
secondary DNS server.
Assumptions:
These instructions assume you have a 2 static IP number (111.222.0.3, 111.222.0.4)
The E-smith machine is a gateway with two Net cards. The Internal IP is 192.168.0.1.
The new domain you are hosting is: mycompany.com
=====================================================
==Turning your E-smith machine into a public DNS server:
=====================================================
1) create a directory /etc/e-smith/templates-custome/etc/named.conf (recommended command: mkdir).
mkdir /etc/e-smith/templates-custom
mkdir /etc/e-smith/templates-custom/etc
mkdir /etc/e-smith/templates-custom/etc/named.conf
2) copy default templates to the custom directories from /etc/e-smith/templates/etc/named.conf/*
cp /etc/e-smith/templates/etc/named.conf/* /etc/e-smith/templates-custom/etc/named.conf/.
3) Edit template-begin file for the named.conf templates. (recommended editor: pico)
pico /etc/e-smith/templates-custom/etc/named.conf/template-begin
4) Update the "listen on" line (around line 36) to include the external Ip number:
From: listen-on \{ 127.0.0.1; { $LocalIP }; \};
To: listen-on \{ 127.0.0.1; { $LocalIP }; { $ExternalIP }; \};
5) Add a zone record for mycompany.com
Insert the following records after the "local host PTR records"
#-----------------------------------------
# mycompany.com domain
#-----------------------------------------
zone "mycompany.com" \{
type master;
file "mycompany.host";
\};
6) create/edit the file: /var/named/mycompany.host (pico /var/named/mycompany.host)
Add the following lines:
@ IN SOA mycompany.com admin.mycompany.com. (
2000092201 ; Serial
8H ; Refresh
2H ; Retry
7D ; Expire
1D ) ; Minimum
IN NS ns1
IN NS ns2
IN MX 10 mail
mycompany.com. IN A 111.222.0.3
ns1 IN A 111.222.0.3
ns2 IN A 111.222.0.5
mail IN A 111.222.0.3
www IN A 111.222.0.3
ftp IN A 111.222.0.3
int-mail IN A 192.168.0.1
7) Regenerate the named.conf file from the custom templates:
/sbin/e-smith/expand-template /etc/named.conf
Reload the DNS server with the new values
ndc reload
****************** Your DNS server should be up and running without needing a Reboot ***************
9) Test your dns server
nslookup
www.mycompany.com 111.222.0.3
====================================
==Register your DNS on the Internet:
====================================
1) Go to the site where you registered your domain. I went to
www.networksolutions.com select create a new host. (Host = DNS server)
enter your static IP number: 111.222.0.3
enter the name for the ip number: ns1.mycompany.com (don't worry if your isp has a different name mapped to this address)
2) Registered the second e-smith machine (if you have 2)
IP: 111.222.0.5
name: ns2.mycompany.com (remember this can be any name you want within your domain).
3) Go through the form to "change ISP" to move your domain to your e-smith server.
Primary Name Server IP : 111.222.0.3
Primary Name Server Name: ns1.mycompany.com
Secondary Name Server IP : 111.222.0.5
Secondary Name Server Name: ns2.mycompany.com
====================================
==Notes about email
====================================
E-smith uses qmail to do all its email. You can select from the web bases manager to
make the email boxes public or private to the outside world. The sending mail feature
is set to private (to avoid spammers abusing your machine). It controls this by allowing
send request in on the inside IP number and rejects them from the outside IP number.
This is what generated the famous error "553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)".
I help avoid this by setting up the address int-mail.mycompany.com (this is short for internal-mail) which
points it to the internal IP number on the e-smith machine. Since 192.168 ip numbers are publicly routed, this
address can only be used inside the same building as the e-smith machine. Therefore I have all my workers
set their mail clients to use int-mail.mycompany.com as its incoming and outgoing mail server. This
make sure they access the mail from the inside/private side.
21 Replies
5935 Views