Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Daniel Reichenbach on September 11, 2000, 07:48:09 PM
-
Hy,
i just tested e-smith 4.0 and i like, its easy and saves me a lot of time,
compared to setting up our server boxes by hand... but i need to
install a real DNS, not only a cacheing one. Has anyone had
success with this or tried it?
Greetings from Germany,
Daniel
-
Daniel Reichenbach wrote:
> Hy,
>
> i just tested e-smith 4.0 and i like, its easy and saves me a
> lot of time, compared to setting up our server boxes by hand...
Great.
> but i need to install a real DNS, not only a cacheing one. Has
> anyone had success with this or tried it?
Anyone who is competent with DNS and has read the "Customizing
the system" pages on www.e-smith.org should be able to do this.
If you know how to configure DNS, you should have no trouble
negotiating the template mechanism to add the bits you need.
So why doesn't e-smith ship with a "full" DNS server?
- You need at least two servers to serve DNS so you have
a classic "chicken and egg" problem when trying to configure
DNS
- Many clients already have their DNS hosted by their ISP
- Reliable DNS is _not_ trivial to configure
- It is relatively easy to misconfigure DNS so that it can
be compromised
FYI, many sites who are concerned with DNS security run their
DNS primaries behind their firewall, just to make sure.
Gordon
-
Silly me, should i have missed some texts? Ill take a look to find
it...
I know DNS quite well, since i maintain the DNS servers in my companies
server farm, but as i need the DNS for an open source project, im not
in the position to use any commercial support, this wont fit to my
philosophy of separating business and private things.
But anyway, thanks for the quick respone.
Greets,
Daniel
-
Daniel Reichenbach wrote:
> Silly me, should i have missed some texts? Ill take a look to
> find it...
Linked on www.e-smith.org, or:
http://www.e-smith.org/content/custom/
> I know DNS quite well, since i maintain the DNS
> servers in my companies server farm, but as i need the DNS for
> an open source project, im not in the position to use any
> commercial support, this wont fit to my philosophy of
> separating business and private things.
It sounds like you have all the skills you need to add DNS support
to suit your requirements. My message was meant as a general
warning that hosting DNS is not as easy as people think.
It's no harder to do on e-smith than any other *nix box (in fact easier,
with the template mechanism), but you can't set up DNS in isolation
on a single server, which is why it's not a standard feature.
> But anyway, thanks for the quick respone.
Glad to help. Others here might benefit from your findings.
Gordon
-
Gordon Rowell wrote:
> Daniel Reichenbach wrote:
>
> > Silly me, should i have missed some texts? Ill take a
> look to > find it...
>
> Linked on www.e-smith.org, or:
>
> http://www.e-smith.org/content/custom/
>
> > I know DNS quite well, since i maintain the DNS >
> servers in my companies server farm, but as i need the DNS for
> > an open source project, im not in the position to use any
> > commercial support, this wont fit to my philosophy of
> > separating business and private things.
>
> It sounds like you have all the skills you need to add DNS
> support to suit your requirements. My message was meant as a
> general warning that hosting DNS is not as easy as people think.
>
> It's no harder to do on e-smith than any other *nix box (in
> fact easier, with the template mechanism), but you can't set up
> DNS in isolation on a single server, which is why it's not a
> standard feature.
>
> > But anyway, thanks for the quick respone.
>
> Glad to help. Others here might benefit from your findings.
>
> Gordon
>
I have two e-smith servers up and running and have create/modified
the /etc/e-smith/templates-custom files to have the DNS servers
work on both of these machines.
The DNS servers work fine on the private net (192.168.0.???), but people
from the outside can't get any response. Before I switch over my domain
to these 2 new e-smith servers, I want to test the DNS servers.
What can I do, so that e-smith will answer DNS requests from the outside
--my static IP number.
Maybe I should explain more. I have set up both of my esmith servers with
2 NIC cards and as gateway/servers. One card plugs into my DSL line and the
other into my private lan. (My ISP gave me 2 static IP number and both server
plug into my DSL modem).
Thanks for your help.
Robert
-
Robert wrote:
> I have two e-smith servers up and running and have create/modified > the /etc/e-smith/templates-custom files to have the DNS servers
> work on both of these machines.
Sounds great and I'm sure others would be interested in your changes.
> The DNS servers work fine on the private net (192.168.0.???), but
> people from the outside can't get any response. Before I switch
> over my domain to these 2 new e-smith servers, I want to test the
> DNS servers.
> What can I do, so that e-smith will answer DNS requests from the
> outside --my static IP number.
> [...]
You will need to modify named.conf to listen-on the external interface
as well. I would suggest running a split DNS - one listening on the
internal interface and one listening on the external interface.
Gordon
-
Hi guys,
I too am interested in such a setup, namely a DNS server able to propagate my "real" domain details (especially MX record...) to the outside world.
The proposal of having a split named seems fine, but I'm too new to Linux to set it up all by myself... <:)
The other thing is that I have a classless IP address set (16 addresses), and I want to have a working reverse lookup... I've read various texts about it and the usual suggestion is to "ask my ISP to do it on their DNS" which in my case is out of question... But this is a second problem.
If anybody has a slightly more detailed recipe on how to set up a second named for external access I would be very grateful.
N.B., I don't really need an "internal" DNS to be exact... It's just Internet access and mail, no other servers on the inside are present.
So maybe just transform the whole thing into an outside-visible DNS?...
:-)
Stan
-
I had an E-smith user email me and ask how I got E-smith to be a Public DNS.
On October 18, 2000 I posted very detail instructions on how to set it up.
The thing was that it was in a similar, but different thread.
You can jump right to the answer by following this link:
http://forums.contribs.org/index.php?topic=9682.msg36755#msg36755
Good Luck.
Robert
P.S. I was able to get 2 DNS server to run (one public, one private), but I haven't
written up the instruction as I did getting just a public DNS running. If you need
help getting 2 DNS servers running you may email me.