DNS Setup - feora 6

Fri Sep 14 17:48:11 UTC 2007

On Thu, 2007-09-13 at 19:12 -0700, Bret Stern wrote:
> I want to setup a DNS server in my office. I have Comcast
> with 5 static ip no's. I purchased a new domain from
> Network Solutions specifically so i could get this
> process under my belt.
>  
> I'm reading, but some articles go on....and on...and on.
>  
> What services do i need to run, to get this setup? 
>  
> Just speak in general terms, and as i get a better understanding
> of what the %*&#^ i'm doing, i'll ask specific questions.
>  
> Should i use a dedicated server?

You can run the lot on a single server, depending on how much traffic
you get.  You said you got five static IP addresses.  I'd use two of
them at first, one for DNS services and one for HTTP services.  If you
wish to use a single box with a single NIC, then you can use aliases
on the NIC to give it both IPs.

Note that what I'm talking about here is really, really baseline.  This
sort of topic really isn't appropriate for this list.  If you need more
details, I sure several others will offer to help off-list.

A really important thing to note is that while you CAN have one machine
listening on multiple IP addresses, you CAN'T have multiple machines
listening to a single IP address.  If there's a chance that you might
need to migrate services of some type to another machine in the future
due to load, then set up a separate IP for those services NOW so your
clients don't have to futz with stuff and you don't need to change DNS
entries.

Yes, you can use a port forwarder to forward traffic of a specific type
to a separate machine, unless you use direct server return (DSR), all
traffic will still have to go through the port forwarder and that can
bog it down.  Note also that some traffic does not respond well to DSR.

Assume you got IP addresses 1.2.3.1, 1.2.3.2, 1.2.3.3, 1.2.3.4 and
1.2.3.5. I'd use 1.2.3.1 for the DNS service and make that the primary
IP on the box, essentially "ifconfig eth0 1.2.3.1 netmask ..."  I'd use
1.2.3.2 as an alias on that NIC for web traffic ("ifconfig eth0:1
1.2.3.2 netmask...").

If you find your traffic level gets so high that the box can't keep up,
you set up a second box to handle web services, give it the second IP
address you had on the primary box (disable that IP on the primary box)
and thus split the traffic.

Next, you need to set up bind (named) on the server to serve your zone
and those of your customers.  Once you're certain you have that
functioning correctly, you should inform the whois service at Network
Solutions that your DNS server will be the primary DNS for the zones
involved.  Essentially, when someone registers a domain the primary
DNS server for the zone will be your machine at 1.2.3.1.  I'd recommend
you get the O'Reilly book, "DNS and BIND".  It's excellent.

Next, you have to configure Apache to serve the various domains.  You
can use HTTP's hostheader mechanism (what Apache calls "virtual hosts")
to have multiple domains assigned to a single IP (using the above,
1.2.3.2).  For an example, we have well over 8,000 domains on a single
IP.  Granted the IP is the virtual IP for a cluster of servers to handle
load balancing and redundancy (we handle millions of hits per second)--
but we are a major ISP, after all.  :-)

Providing mail services can be a really nasty situation and isn't one
for the faint of heart.  Don't even offer mail services to your clients
unless you REALLY know what you're doing (email issues easily generate
80% of client complaints).  If you decide to do that, then you can run
it on one of the machines you already have set up.  You may want to burn
another of your IP addresses for mail operations...again because you may
wish to split it off to another machine.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens at internap.com -
- CDN Systems, Internap, Inc.                http://www.internap.com -
-                                                                    -
-    They say when you play a Microsoft CD backwards, you'll hear    -
-   Satanic messages, but if you play it forwards, it will install   -
-           Windows...which means Satan is in your system.           -
----------------------------------------------------------------------