DNS Setup - feora 6

Bret Stern bret_stern at machinemanagement.com
Sat Sep 15 17:05:36 UTC 2007 

> -----Original Message-----
> From: Rick Stevens [mailto:rstevens at internap.com] 
> Sent: Friday, September 14, 2007 10:48 AM
> To: bret_stern at machinemanagement.com; Getting started with 
> Red Hat Linux
> Subject: Re: DNS Setup - feora 6
> 
> On Thu, 2007-09-13 at 19:12 -0700, Bret Stern wrote:
> > I want to setup a DNS server in my office. I have Comcast
> > with 5 static ip no's. I purchased a new domain from
> > Network Solutions specifically so i could get this
> > process under my belt.
> >  
> > I'm reading, but some articles go on....and on...and on.
> >  
> > What services do i need to run, to get this setup? 
> >  
> > Just speak in general terms, and as i get a better understanding
> > of what the %*&#^ i'm doing, i'll ask specific questions.
> >  
> > Should i use a dedicated server?
> 
> You can run the lot on a single server, depending on how much traffic
> you get.  You said you got five static IP addresses.  I'd use two of
> them at first, one for DNS services and one for HTTP services.  If you
> wish to use a single box with a single NIC, then you can use aliases
> on the NIC to give it both IPs.
> 
> Note that what I'm talking about here is really, really 
> baseline.  This
> sort of topic really isn't appropriate for this list.  If you 
> need more
> details, I sure several others will offer to help off-list.
> 
> A really important thing to note is that while you CAN have 
> one machine
> listening on multiple IP addresses, you CAN'T have multiple machines
> listening to a single IP address.  If there's a chance that you might
> need to migrate services of some type to another machine in the future
> due to load, then set up a separate IP for those services NOW so your
> clients don't have to futz with stuff and you don't need to change DNS
> entries.
> 
> Yes, you can use a port forwarder to forward traffic of a 
> specific type
> to a separate machine, unless you use direct server return (DSR), all
> traffic will still have to go through the port forwarder and that can
> bog it down.  Note also that some traffic does not respond 
> well to DSR.
> 
> Assume you got IP addresses 1.2.3.1, 1.2.3.2, 1.2.3.3, 1.2.3.4 and
> 1.2.3.5. I'd use 1.2.3.1 for the DNS service and make that the primary
> IP on the box, essentially "ifconfig eth0 1.2.3.1 netmask 
> ..."  I'd use
> 1.2.3.2 as an alias on that NIC for web traffic ("ifconfig eth0:1
> 1.2.3.2 netmask...").
> 
> If you find your traffic level gets so high that the box 
> can't keep up,
> you set up a second box to handle web services, give it the second IP
> address you had on the primary box (disable that IP on the 
> primary box)
> and thus split the traffic.
> 
> Next, you need to set up bind (named) on the server to serve your zone
> and those of your customers.  Once you're certain you have that
> functioning correctly, you should inform the whois service at Network
> Solutions that your DNS server will be the primary DNS for the zones
> involved.  Essentially, when someone registers a domain the primary
> DNS server for the zone will be your machine at 1.2.3.1.  I'd 
> recommend
> you get the O'Reilly book, "DNS and BIND".  It's excellent.
> 
> Next, you have to configure Apache to serve the various domains.  You
> can use HTTP's hostheader mechanism (what Apache calls 
> "virtual hosts")
> to have multiple domains assigned to a single IP (using the above,
> 1.2.3.2).  For an example, we have well over 8,000 domains on a single
> IP.  Granted the IP is the virtual IP for a cluster of 
> servers to handle
> load balancing and redundancy (we handle millions of hits per 
> second)--
> but we are a major ISP, after all.  :-)
> 
> Providing mail services can be a really nasty situation and isn't one
> for the faint of heart.  Don't even offer mail services to 
> your clients
> unless you REALLY know what you're doing (email issues easily generate
> 80% of client complaints).  If you decide to do that, then you can run
> it on one of the machines you already have set up.  You may 
> want to burn
> another of your IP addresses for mail operations...again 
> because you may
> wish to split it off to another machine.
> 
> ----------------------------------------------------------------------
> - Rick Stevens, Principal Engineer             rstevens at internap.com -
> - CDN Systems, Internap, Inc.                http://www.internap.com -
> -                                                                    -
> -    They say when you play a Microsoft CD backwards, you'll hear    -
> -   Satanic messages, but if you play it forwards, it will install   -
> -           Windows...which means Satan is in your system.           -
> ----------------------------------------------------------------------
> 

Thanks and congrats on the new arrangement Rick, hope the
merger means more time off....

I'm not offering any services to anyone except myself (no customers).

I'm good with running http, ftp, and mail, i just want to
setup the dns service with bind on my property (my machines)
so i get a better understanding of the service. 
For example, i already have split ftp and web over
several machines using my hard ip #'s.

list schmist


Bret Stern

More information about the Redhat-install-list mailing list