Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: blake on March 18, 2004, 10:13:07 AM
-
Hi,
I'm a newb w/ e-smith, and am trying to ascertain whether I'm brain dead, or e-smith GPL won't/doesn't provide a "live" DNS.
I have several domains I want to host locally, and I'd like to host the DNS here. I appreciate that the possibility exists to host w/ professional service providers who offer this - zoneedit, mydomain, widge, and so forth, and have used these services in the past.
For this situation however I'd like to have everything internally.
I have the Esmith box located in a DMZ, [behind an IpCop 1.3] acting in "server only" configuration, single NIC, with UDP and TCP forwards on the firewall for 53 to the E-smith.
In my initial config I used the "Publish globally" option to direct internal traffic to the internal IP, and to provide external traffic with the live IP.
Further reading [RTFM-ing] suggests [though is not very clear on...] that to use Esmith as a live DNS you need to interact w/, and pay, Mitel Networks.
This system is being put in place for a charity, and they're very cost-conscious. Because they work with people with physical disabilities, and maintain health records, etc, they're also not in a position to "have other networks connect"
[As an aside, I realise that this implies a double standard; connecting the the internet, and not wanting to allow other networks to connect is mutually exclusive, but anyway....]
My second approach was to set the DNS to use "external" rather than "local" in the config, and point the external to the live IP. The theory behind this was that a request for DNS info from anywhere would be directed to the live IP, and the firewall would then forward the request to the appropriate box. Internal systems [local users] would use a seperate DNS on their network segment.
I have registered the name server, and nslookup from outside against the DNS gives me the correct live IP - > but if I ping the name I don't get a successful lookup.
So - can Esmith, using the web interface, accomplish this? If not, are there command line options? Plugins/mods?
Any help/advice appreciated.
-
Although I would love to see DNS administration available from inside the SME web interface (just like webmin), however, this is not as easy.
See this howto to make DNS available om SME:
http://www.e-mith.org/docs/howto/contrib/dual_dns.html
Leonardo
-
sorry, a typo in the link. here it is again:
http://www.e-smith.org/docs/howto/contrib/dual_dns.html
-
Hey Leonardo,
Thanks for the link - I found that earlier today, but wasn't sure that it was applicable, given that the system I'm working on is "server only" and the example states its for "server and gateway" [from memory anyway...]
Any idea if it makes a difference? Also, I have a single NIC; do I need to install a second NIC, or.. um... what?
LOL; I'm so lost!
Again, thanks - I'll reread the howto.
Cheers,
Blake.
-
I don't think it will make any difference. I had a similar situation in the past and it worked. The important thing is that your server will be able to process connections to port 53 (UDP & TCP). Since you have forwarded this port from your firewall, this should work with you.
-
Excellent news - I'll give it a try now.
You've been a great help; thanks!
-
Don't want to sound doubtful, but are you confident that this works for a single NIC situation??
When I run the iptables -L | grep domain.com I get nothing... also when I try "pidof named" I get 5, not the 10 mentioned, processes.
Maybe I should just dig out another NIC, install it, reinstall E-Smith, and re-run this process? I've tried it on two boxes now, with no joy on either....
-
That last post was me again... :-)
Just a FYI: this is what I get when I run a dig against the domain on the esmith:
<<>> DiG 9.2.1 <<>> www.domain.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23097
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.domain.com. IN A
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 18 23:18:44 2004
;; MSG SIZE rcvd: 32
[root@mail root]#
Obviously, I didn't set up domain.com... I've changed that to protect the innocent...
-
Well, for the record, I have now build a 2 NIC server-gateway system and followed the howto.
It could be I'm braindead, but the fact that I found a couple of things in the readme that were slightly off, I'm inclined to think that, for once, I'm not.
It just doesn't work; I've installed from fresh with 2 NICs as a gateway, done everything as directed in the howto and now it appears the DNS server is dead - also, and probably related, the TTY output of "INIT: ID "Nx" Respawning too fast. Disabled for 5 minutes".
Again, anyone who can shed some light on this - it'll be greatly appreciated. In the meantime ,it's pushing 2am here so I'm going to go sleep... or beat my head against a wall. Whichever comes first....
-
Hi all,
As far as i understand SME structure
there is caching only djbdns with tinydns runs on SME.
There is no bind running :=)
So you should do something different for 6.0 series SME servers.
I should prepare my server as primary DNS server and i will go with djbdns.
I will record my all actions and hopefully make a howto for audience.
Take care.