How can I launch a private Internet DNS server?

classic Classic list List threaded Threaded
29 messages Options
12
Reply | Threaded
Open this post in threaded view
|

How can I launch a private Internet DNS server?

Bind-Users forum mailing list
Hello,
I have a question about launching a DNS server with CentOS for hosting a web server. Excuse me, if my question is so basic and funny. I need expert advice about it.
I registered a domain name for my web site and in the panel of it, I can enter my DNS server IP addresses. I want to launch a CentOS DNS server that my Web site using it and users can visit my website from the Internet. These two servers (DNS and Web server) are in a local network and connected to the Internet with a Gateway. Each server has an internal and a public IP address.
I want to enter my DNS server IP address in my website panel and after it, users can visit my website from the Internet. I'm thankful if anyone show me a tutorial to launch my DNS server for this goal.
All tutorials that I found on the internet are about internal DNS servers, but I want to launch a DNS server for hosting my website.
Is Internet DNS server just possible for providers?

Thank you.



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: [External] How can I launch a private Internet DNS server?

Kevin A. McGrail


On 10/15/2020 12:36 PM, Jason Long via bind-users wrote:
I have a question about launching a DNS server with CentOS for hosting a web server. Excuse me, if my question is so basic and funny. I need expert advice about it.
I registered a domain name for my web site and in the panel of it, I can enter my DNS server IP addresses. I want to launch a CentOS DNS server that my Web site using it and users can visit my website from the Internet. These two servers (DNS and Web server) are in a local network and connected to the Internet with a Gateway. Each server has an internal and a public IP address.
I want to enter my DNS server IP address in my website panel and after it, users can visit my website from the Internet. I'm thankful if anyone show me a tutorial to launch my DNS server for this goal.
All tutorials that I found on the internet are about internal DNS servers, but I want to launch a DNS server for hosting my website.
Is Internet DNS server just possible for providers?

Do you have a hosting service with a static IP that doesn't block ports 53 for TCP and UDP?  That's a hard and fast requirement to even consider this route.

Regards,
KAM


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

alcol alcol
In reply to this post by Bind-Users forum mailing list
A DNS server can exist if you follow NIC instractions.
Mainly have you a leased line ever on? primary DNS can't be down or NIC could down your domain.
Then you have to install and configure it. Better a fedora core , and CHROOT, DNS is one of the services more targeted to enter inside a system.




From: bind-users <[hidden email]> on behalf of Jason Long via bind-users <[hidden email]>
Sent: Thursday, October 15, 2020 6:36 PM
To: [hidden email] <[hidden email]>
Subject: How can I launch a private Internet DNS server?
 
Hello,
I have a question about launching a DNS server with CentOS for hosting a web server. Excuse me, if my question is so basic and funny. I need expert advice about it.
I registered a domain name for my web site and in the panel of it, I can enter my DNS server IP addresses. I want to launch a CentOS DNS server that my Web site using it and users can visit my website from the Internet. These two servers (DNS and Web server) are in a local network and connected to the Internet with a Gateway. Each server has an internal and a public IP address.
I want to enter my DNS server IP address in my website panel and after it, users can visit my website from the Internet. I'm thankful if anyone show me a tutorial to launch my DNS server for this goal.
All tutorials that I found on the internet are about internal DNS servers, but I want to launch a DNS server for hosting my website.
Is Internet DNS server just possible for providers?

Thank you.



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Michael De Roover
In reply to this post by Bind-Users forum mailing list
Assuming that this is running off a home network, yes you could
technically do it. Probably the registrar's name servers will be more
reliable however. I'll also assume that your public IP is static.
Otherwise it may only be suitable for the website, with a Dynamic DNS
service that can regularly update the records as your IP changes. This
means that you'll have to use someone else's DNS servers to host your
records.

You can run BIND locally and make it an authoritative name server. Your
router can port forward traffic to port 53/udp to your local IP that
your DNS server is on. There are various tutorials online for making
authoritative DNS servers, such as this one:
https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04
.

At the registrar you'll need to select "custom name server" or
something along those lines. Then you have to insert NS records there
that point to the nameserver addresses for your domain(s). Check your
registrar's documentation for instructions on how to add NS records.

On Thu, 2020-10-15 at 16:36 +0000, Jason Long via bind-users wrote:

> Hello,
> I have a question about launching a DNS server with CentOS for
> hosting a web server. Excuse me, if my question is so basic and
> funny. I need expert advice about it.
> I registered a domain name for my web site and in the panel of it, I
> can enter my DNS server IP addresses. I want to launch a CentOS DNS
> server that my Web site using it and users can visit my website from
> the Internet. These two servers (DNS and Web server) are in a local
> network and connected to the Internet with a Gateway. Each server has
> an internal and a public IP address.
> I want to enter my DNS server IP address in my website panel and
> after it, users can visit my website from the Internet. I'm thankful
> if anyone show me a tutorial to launch my DNS server for this goal.
> All tutorials that I found on the internet are about internal DNS
> servers, but I want to launch a DNS server for hosting my website.
> Is Internet DNS server just possible for providers?
>
> Thank you.
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
--
Michael De Roover <[hidden email]>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Bind-Users forum mailing list
Yes, I have two static IP addresses. One is for DNS server and one is for my website.
Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Can you show me another tutorial with one server and same goal?
The Internet DNS server for my goal is "Authoritative DNS" ? 



On Thu, Oct 15, 2020 at 8:15 PM, Michael De Roover
Assuming that this is running off a home network, yes you could
technically do it. Probably the registrar's name servers will be more
reliable however. I'll also assume that your public IP is static.
Otherwise it may only be suitable for the website, with a Dynamic DNS
service that can regularly update the records as your IP changes. This
means that you'll have to use someone else's DNS servers to host your
records.

You can run BIND locally and make it an authoritative name server. Your
router can port forward traffic to port 53/udp to your local IP that
your DNS server is on. There are various tutorials online for making
authoritative DNS servers, such as this one:
https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04
.

At the registrar you'll need to select "custom name server" or
something along those lines. Then you have to insert NS records there
that point to the nameserver addresses for your domain(s). Check your
registrar's documentation for instructions on how to add NS records.

On Thu, 2020-10-15 at 16:36 +0000, Jason Long via bind-users wrote:

> Hello,
> I have a question about launching a DNS server with CentOS for
> hosting a web server. Excuse me, if my question is so basic and
> funny. I need expert advice about it.
> I registered a domain name for my web site and in the panel of it, I
> can enter my DNS server IP addresses. I want to launch a CentOS DNS
> server that my Web site using it and users can visit my website from
> the Internet. These two servers (DNS and Web server) are in a local
> network and connected to the Internet with a Gateway. Each server has
> an internal and a public IP address.
> I want to enter my DNS server IP address in my website panel and
> after it, users can visit my website from the Internet. I'm thankful
> if anyone show me a tutorial to launch my DNS server for this goal.
> All tutorials that I found on the internet are about internal DNS
> servers, but I want to launch a DNS server for hosting my website.
> Is Internet DNS server just possible for providers?
>
> Thank you.
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
--
Michael De Roover <[hidden email]
>


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Stephane Bortzmeyer
In reply to this post by Michael De Roover
On Thu, Oct 15, 2020 at 06:45:01PM +0200,
 Michael De Roover <[hidden email]> wrote
 a message of 65 lines which said:

> Your router can port forward traffic to port 53/udp to your local IP
> that your DNS server is on.

He said that the DNS server has a public IP address so port forwarding
is probably not necessary.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Stephane Bortzmeyer
In reply to this post by Bind-Users forum mailing list
On Thu, Oct 15, 2020 at 04:36:58PM +0000,
 Jason Long via bind-users <[hidden email]> wrote
 a message of 1594 lines which said:

> in the panel of it, I can enter my DNS server IP addresses.

I assume you refer to the panel of your domain name registrar. If so,
it would be useful to know which is the label near the field where you
enter the IP address. It may be to give an IP address to the
www.yourdomainname, not to indicate your DNS server.

> I want to launch a CentOS DNS server that my Web site using it and
> users can visit my website from the Internet.

I have a meta-question: do you absolutely want to host the DNS
yourself (it is certainly possible but it is more work) or do you just
want to have "a Web site that people can visit"? If you don't have a
specific reason to host the DNS server(s) yourself, consider using a
DNS hoster (most domain name registrars can be DNS hosters).

"For the fun" or "to learn DNS" are perfectly valid reasons.

> All tutorials that I found on the internet are about internal DNS
> servers, but I want to launch a DNS server for hosting my website.

There is no real difference between an internal DNS server and a
publically reachable one. Same DNS, same software.

> Is Internet DNS server just possible for providers?

Certainly not. You can host a publically-reachable DNS server
yourself. It is not rocket science but it requires some basic
knowledge about the TCP/IP family of protocols and about how things
fit together.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Stephane Bortzmeyer
In reply to this post by Bind-Users forum mailing list
On Thu, Oct 15, 2020 at 04:57:16PM +0000,
 Jason Long via bind-users <[hidden email]> wrote
 a message of 173 lines which said:

> I have two static IP addresses. One is for DNS server and one is for
> my website.

Note that you can put the two servers on the same machine, using the
same IP address, since the two protocols use different ports (53 for
DNS and 443 for HTTP).

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Michael De Roover
In reply to this post by Bind-Users forum mailing list
Are these static IP's local or public? If local, you can instruct your
router to port forward to these. If these are public, I guess these
machines make a direct connection to the internet with a public IP on
their interface then? In that case you can omit any port forwarding.

The secondary DNS server is for redundancy. You can omit any
instructions regarding it when following the tutorial if you intend to
only make one. The server type would indeed be authoritative - the
other type would be recursive which is generally what ISP's have for
their customers, but I would avoid that because they can be used for
DNS amplification attacks (the authoriative ones can too but it's less
of an issue with those).

On Thu, 2020-10-15 at 16:57 +0000, Jason Long wrote:
> Yes, I have two static IP addresses. One is for DNS server and one is
> for my website.
> Excuse me, I just have one server for DNS and that tutorial is about
> secondary DNS server too. Can you show me another tutorial with one
> server and same goal?
> The Internet DNS server for my goal is "Authoritative DNS" ?
--
Michael De Roover <[hidden email]>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

alcol alcol
In reply to this post by Bind-Users forum mailing list
can't be done a tutorial for your specific case
follow the section for primary DNS and discard secondary section

aren't needed two IP one for web and one for DNS , if you want all can be done with 1 IP

be sure you have 80 443 53tcp 53udp open from internet to your server.




From: bind-users <[hidden email]> on behalf of Jason Long via bind-users <[hidden email]>
Sent: Thursday, October 15, 2020 6:57 PM
To: [hidden email] <[hidden email]>; Michael De Roover <[hidden email]>; [hidden email] <[hidden email]>
Subject: Re: How can I launch a private Internet DNS server?
 
Yes, I have two static IP addresses. One is for DNS server and one is for my website.
Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Can you show me another tutorial with one server and same goal?
The Internet DNS server for my goal is "Authoritative DNS" ? 



On Thu, Oct 15, 2020 at 8:15 PM, Michael De Roover
Assuming that this is running off a home network, yes you could
technically do it. Probably the registrar's name servers will be more
reliable however. I'll also assume that your public IP is static.
Otherwise it may only be suitable for the website, with a Dynamic DNS
service that can regularly update the records as your IP changes. This
means that you'll have to use someone else's DNS servers to host your
records.

You can run BIND locally and make it an authoritative name server. Your
router can port forward traffic to port 53/udp to your local IP that
your DNS server is on. There are various tutorials online for making
authoritative DNS servers, such as this one:
https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04
.

At the registrar you'll need to select "custom name server" or
something along those lines. Then you have to insert NS records there
that point to the nameserver addresses for your domain(s). Check your
registrar's documentation for instructions on how to add NS records.

On Thu, 2020-10-15 at 16:36 +0000, Jason Long via bind-users wrote:
> Hello,
> I have a question about launching a DNS server with CentOS for
> hosting a web server. Excuse me, if my question is so basic and
> funny. I need expert advice about it.
> I registered a domain name for my web site and in the panel of it, I
> can enter my DNS server IP addresses. I want to launch a CentOS DNS
> server that my Web site using it and users can visit my website from
> the Internet. These two servers (DNS and Web server) are in a local
> network and connected to the Internet with a Gateway. Each server has
> an internal and a public IP address.
> I want to enter my DNS server IP address in my website panel and
> after it, users can visit my website from the Internet. I'm thankful
> if anyone show me a tutorial to launch my DNS server for this goal.
> All tutorials that I found on the internet are about internal DNS
> servers, but I want to launch a DNS server for hosting my website.
> Is Internet DNS server just possible for providers?
>
> Thank you.
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Michael De Roover <[hidden email]
>


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: [External] Re: How can I launch a private Internet DNS server?

Kevin A. McGrail
In reply to this post by Bind-Users forum mailing list
On 10/15/2020 12:57 PM, Jason Long via bind-users wrote:
Yes, I have two static IP addresses. One is for DNS server and one is for my website.
Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Can you show me another tutorial with one server and same goal?
The Internet DNS server for my goal is "Authoritative DNS" ?

Recommend you setup a linux box with BIND or something installed behind a firewall.

Port forward port 53 for protocols TCP AND UDP to your internal IP address.

Set up bind to respond to queries for the internal IP address (it likely only responds to localhost by default)

Limit it so it doesn't do recursion for the internet queries

Setup a zone on the box for a domain.

Point your domain registrar to the IP address of your DNS box.

Voila, you now have an authoritative name server.

Regards,
KAM


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: [External] Re: How can I launch a private Internet DNS server?

Kevin A. McGrail
In reply to this post by Stephane Bortzmeyer
On 10/15/2020 1:00 PM, Stephane Bortzmeyer wrote:
> He said that the DNS server has a public IP address so port forwarding
> is probably not necessary.

Firewalls are cheap and the level of effort to run a bastion host are
significant.

I'd recommend port forwarding as a necessary task.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Fred Morris
In reply to this post by Bind-Users forum mailing list
If this is question has a simple answer, you're confounding it by not
asking a simple, concise question.

On Thu, 15 Oct 2020, Jason Long via bind-users wrote:
> [...]
> I
> need expert advice about it.

If you need expert advice that's accurate and guaranteed to work, hire a
professional. ;-)

> I registered a domain name for my web site
> and in the panel of it, I can enter my DNS server IP addresses. I want
> to launch a CentOS DNS server that my Web site using it and users can
> visit my website from the Internet.
> [...]

1) The simple answer is that you don't need to run your own DNS server,
    you're done. Once you enter the address and server name correctly in
    your DNS registrar's control panel, that's how people will use the DNS
    to find the address of your that (web or whatever) server.

2) If you want to run your own DNS nameservers, you will need to buy a
    book, read the (BIND) Administrator's Reference Manual, and/or some
    RFCs to set them up properly. In terms of your registrar, you would
    enter the names of your DNS servers and addresses as A/AAAA records,
    and set up NS records referencing the names of those DNS servers.

So which is it:

* Hi I'm Jason and I want to create a DNS record so that the world can
   find my web server. How do I do that? (answer #1)

* Hi I'm Jason and I want to run my own nameservers for a bunch of
   irrelevant reasons such as CentOS, web servers and stuff. How do I do
   that? (answer #2)

--

Fred Morris

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Bind-Users forum mailing list
In reply to this post by Stephane Bortzmeyer
Yes.
In the panel of domain name registrar I can enter something like "NS1.example.net" and an IP address.
I want to host the host t DNS server myself.






On Thursday, October 15, 2020, 08:36:35 PM GMT+3:30, Stephane Bortzmeyer <[hidden email]> wrote:





On Thu, Oct 15, 2020 at 04:36:58PM +0000,
Jason Long via bind-users <[hidden email]> wrote
a message of 1594 lines which said:

> in the panel of it, I can enter my DNS server IP addresses.

I assume you refer to the panel of your domain name registrar. If so,
it would be useful to know which is the label near the field where you
enter the IP address. It may be to give an IP address to the
www.yourdomainname, not to indicate your DNS server.

> I want to launch a CentOS DNS server that my Web site using it and
> users can visit my website from the Internet.

I have a meta-question: do you absolutely want to host the DNS
yourself (it is certainly possible but it is more work) or do you just
want to have "a Web site that people can visit"? If you don't have a
specific reason to host the DNS server(s) yourself, consider using a
DNS hoster (most domain name registrars can be DNS hosters).

"For the fun" or "to learn DNS" are perfectly valid reasons.

> All tutorials that I found on the internet are about internal DNS
> servers, but I want to launch a DNS server for hosting my website.

There is no real difference between an internal DNS server and a
publically reachable one. Same DNS, same software.


> Is Internet DNS server just possible for providers?


Certainly not. You can host a publically-reachable DNS server
yourself. It is not rocket science but it requires some basic
knowledge about the TCP/IP family of protocols and about how things
fit together.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Bind-Users forum mailing list
In reply to this post by Michael De Roover
My static IP addresses are public.






On Thursday, October 15, 2020, 08:42:42 PM GMT+3:30, Michael De Roover <[hidden email]> wrote:





Are these static IP's local or public? If local, you can instruct your
router to port forward to these. If these are public, I guess these
machines make a direct connection to the internet with a public IP on
their interface then? In that case you can omit any port forwarding.

The secondary DNS server is for redundancy. You can omit any
instructions regarding it when following the tutorial if you intend to
only make one. The server type would indeed be authoritative - the
other type would be recursive which is generally what ISP's have for
their customers, but I would avoid that because they can be used for
DNS amplification attacks (the authoriative ones can too but it's less
of an issue with those).

On Thu, 2020-10-15 at 16:57 +0000, Jason Long wrote:
> Yes, I have two static IP addresses. One is for DNS server and one is
> for my website.
> Excuse me, I just have one server for DNS and that tutorial is about
> secondary DNS server too. Can you show me another tutorial with one
> server and same goal?
> The Internet DNS server for my goal is "Authoritative DNS" ?
--
Michael De Roover <[hidden email]>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Bind-Users forum mailing list
In reply to this post by alcol alcol
Thanks, but for some security reasons I don't like to host my DNS and Apache server on one server.






On Thursday, October 15, 2020, 08:53:30 PM GMT+3:30, alcol alcol <[hidden email]> wrote:







can't be done a tutorial for your specific case

follow the section for primary DNS and discard secondary section




aren't needed two IP one for web and one for DNS , if you want all can be done with 1 IP




be sure you have 80 443 53tcp 53udp open from internet to your server.












________________________________
From: bind-users <[hidden email]> on behalf of Jason Long via bind-users <[hidden email]>
Sent: Thursday, October 15, 2020 6:57 PM
To: [hidden email] <[hidden email]>; Michael De Roover <[hidden email]>; [hidden email] <[hidden email]>
Subject: Re: How can I launch a private Internet DNS server?
 


Yes, I have two static IP addresses. One is for DNS server and one is for my website.
Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Can you show me another tutorial with one server and same goal?

The Internet DNS server for my goal is "Authoritative DNS" ? 






>  
>  
> On Thu, Oct 15, 2020 at 8:15 PM, Michael De Roover
>
> <[hidden email]> wrote:
>
>
>  Assuming that this is running off a home network, yes you could
> technically do it. Probably the registrar's name servers will be more
> reliable however. I'll also assume that your public IP is static.
> Otherwise it may only be suitable for the website, with a Dynamic DNS
> service that can regularly update the records as your IP changes. This
> means that you'll have to use someone else's DNS servers to host your
> records.
>
> You can run BIND locally and make it an authoritative name server. Your
> router can port forward traffic to port 53/udp to your local IP that
> your DNS server is on. There are various tutorials online for making
> authoritative DNS servers, such as this one:
> https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04
> .
>
> At the registrar you'll need to select "custom name server" or
> something along those lines. Then you have to insert NS records there
> that point to the nameserver addresses for your domain(s). Check your
> registrar's documentation for instructions on how to add NS records.
>
>
> On Thu, 2020-10-15 at 16:36 +0000, Jason Long via bind-users wrote:
>> Hello,
>> I have a question about launching a DNS server with CentOS for
>> hosting a web server. Excuse me, if my question is so basic and
>> funny. I need expert advice about it.
>> I registered a domain name for my web site and in the panel of it, I
>> can enter my DNS server IP addresses. I want to launch a CentOS DNS
>> server that my Web site using it and users can visit my website from
>> the Internet. These two servers (DNS and Web server) are in a local
>> network and connected to the Internet with a Gateway. Each server has
>> an internal and a public IP address.
>> I want to enter my DNS server IP address in my website panel and
>> after it, users can visit my website from the Internet. I'm thankful
>> if anyone show me a tutorial to launch my DNS server for this goal.
>> All tutorials that I found on the internet are about internal DNS
>> servers, but I want to launch a DNS server for hosting my website.
>> Is Internet DNS server just possible for providers?
>>
>> Thank you.
>>
>>
>> _______________________________________________
>> Please visit  https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at  https://www.isc.org/contact/ for more
>> information.
>>
>>
>> bind-users mailing list
>> [hidden email]
>>  https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Michael De Roover <[hidden email]
>>
>
>
>
>




_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I launch a private Internet DNS server?

Stephane Bortzmeyer
In reply to this post by Fred Morris
On Thu, Oct 15, 2020 at 11:16:05AM -0700,
 Fred Morris <[hidden email]> wrote
 a message of 50 lines which said:

> 2) If you want to run your own DNS nameservers, you will need to buy a
>    book, read the (BIND) Administrator's Reference Manual, and/or some
>    RFCs

Very bad advice. RFCs are not for the faint of heart and the RFC on
DNS (RFC 1034 and 1035) are among the most difficult. And they were
never kept up-to-date so there are a lot of obsolete things in it.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: [External] Re: How can I launch a private Internet DNS server?

Stephane Bortzmeyer
In reply to this post by Kevin A. McGrail
On Thu, Oct 15, 2020 at 02:03:52PM -0400,
 Kevin A. McGrail <[hidden email]> wrote
 a message of 8 lines which said:

> Firewalls are cheap and the level of effort to run a bastion host are
> significant.

Firewalls are useful when you want to protect unamanaged printers and
Windows boxes (or Web servers with a lot of crappy PHP) but a BIND
server on a reasonably managed Unix box do not need them.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: [External] Re: How can I launch a private Internet DNS server?

Kevin A. McGrail
In reply to this post by Bind-Users forum mailing list
On 10/15/2020 2:50 PM, Jason Long via bind-users wrote:
> Yes.
> In the panel of domain name registrar I can enter something like "NS1.example.net" and an IP address.
> I want to host the host t DNS server myself.

Oh yes, you will also need a domain name register that let's you
register the nameserver glue record.

For example, ns.pccc.com is authoritative for pccc.com which creates a
catch-22.  The solution is a nameserver glue record which your registrar
has to handle.

Regards,KAM

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: [External] Re: How can I launch a private Internet DNS server?

Michael De Roover
In reply to this post by Stephane Bortzmeyer
I would run a firewall even for BIND alone on a box in case the box
gets compromised through BIND. Allowing remote access and DNS, then
dropping everything else as the general firewall policy should be
pretty straightforward. But with the IP on this particular BIND box
being public, it's really like any other server on the internet. Port
forwarding or NAT in that case would be unnecessary.

On Thu, 2020-10-15 at 21:01 +0200, Stephane Bortzmeyer wrote:

> On Thu, Oct 15, 2020 at 02:03:52PM -0400,
>  Kevin A. McGrail <[hidden email]> wrote
>  a message of 8 lines which said:
>
> > Firewalls are cheap and the level of effort to run a bastion host
> > are
> > significant.
>
> Firewalls are useful when you want to protect unamanaged printers and
> Windows boxes (or Web servers with a lot of crappy PHP) but a BIND
> server on a reasonably managed Unix box do not need them.
>
--
Michael De Roover <[hidden email]>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
12