OK, I've got some questions I hope somebody else might have some insight into. I'm currently engineering my home network for my next home. I would like to park guilfoos.com on my own server and serve it out over DSL to a) save money, and b) have even greater control. This presents some interesting side effects that removing it from my current hosting provider solves. For example, now I need DNS control so I can create my own subdomains (www.guilfoos.com, mail.guilfoos.com, ftp.guilfoos.com, pbx.guilfoos.com, etc). I also need to provide my own POP3/SMTP/MX services (which is what really has me nervous). Clearly parking all of the PCs behind a NAT box won't really work all that well (which is what I do now). So, given that I want a mail server, a DNS server, a web server, a FTP server, a PBX (private branch exchange - inhome telco network, VoIP, extensions, etc) server, a secure server (internal.guilfoos.com for remote TiVo access, home automation control, etc), and general services (spam filter, web filter, basicly proxy.guilfoos.com), how should I divide these up over machines, which ones should get the 5 static IPs, and which ones should end up behind the NAT router with the desktop machines? Any suggestions? I know I'd like the PBX machine to be on it's own Linux box (for phone system reliability), but other than that I'm at a loss. BTW, once I get this up and running I'd be glad to resell hosting services to fellow BS members on the cheap.
freakin techno nut. i remember when i used to be all read up on that jazz, but alas, ive forgotten quite a bit of it. well, ok, most all of it. good luck with all that though, should be wicked when you get it all set up.
Update! I've got a DNS server running on my LAN, after spending all of today upgrading an old PC to Win2K (and totally botching the bootloader in the process - that wasn't fun). Apache also up and running! What does that mean? I can sit at my desktop and surf to www.guilfoos.lan to view a LAN "homepage" with links of interest to me. gateway.guilfoos.lan points to the router admin page. It's very cool - no more remembering LAN IP's! tivo.guilfoos.lan will eventually point at - gasp! - the TiVo. And it's all only visible to the LAN subnet! (I'll have to see if I can drop the "guilfoos" part and make it just www.lan or gateway.lan.) Now I just need to set up an outside domain to point at the gateway IP, and I should be able to hit the server from the outside world via port forwarding. Virtual hosts in Apache are cool.
iirc, all you need to do send an email to the company where you registered your domain name that says map xxx.whatever.com to 24.44.45.100. it ususally takes a day or two for it bounce to all the dns servers.
Yeah. I was thinking of changing the DNS entry at the registry to be ns1.guilfoos.com and set the IP to my WAN address, so I can create my own subdomains. Added benefit - saves me the hosting costs I'm currently paying for that domain. If I can get my own nameserver running without hickups, I can actually host other domains. The barn we board the horses at wants to build a website, so maybe I can trade hosting for lower board every month. This was so much easier than I thought. I think I'll set up my own mail server tonight - I'll need that before I port guilfoos.com to my own server, or I'll lose my main email source. I'll need to find a secondary DNS server to mirror my DNS zones, tho.
Well, it looks like I'm a little late, but as someone who worked in an ISP's NOC a few years back, and currently designs & deploys business networks for a living, I might be of help. One initial point of confusion. You said you can't park all yr boxes behind a NAT device- While dynamic NAT (many to one translation) wouldn't be appropriate, static NAT (one to one translation) would be highly preferable to sitting your boxes out there, unprotected, with public IP addresses on them. I'm thinking when you say 'NAT device' you're talking about your DSL modem, which your ISP may have lied to you and told you it couldn't handle static NAT, which it almost certainly can. So basically, why don't you set up a nice FreeBSD firewall as your only machine that actually has a public IP, and let it do your firewalling and static NATing, and then put all your boxes behind it with private addresses? And with all those servers/services, you should make room for IDS, especially if you are going to be hosting other people's sites. So have you got split DNS working yet?
I have a LinkSys router/NAT box. I may be able to get away with having one IP - but I've never served thru a webserver data from other machines. I suppose I could proxy-tunnel to the TiVo via SSL or some other secured method (don't want public access to the TiVo!), but I'm not completely convinced I could provide all of the services I want thru one webserver, even with virtual hosting. Yet. Currently I've got ZoneAlarm on the LinkSys box, and Norton AV on the desktop machine. The server box (still behind the NAT) doesn't have AV software, yet. Split? (DNS serving is a new thing to me...) I've got DNS working on the LAN IPs, and the DNS server includes a record for a real domain, but it isn't authoritative yet (I haven't changed the records at the registry). What I am confused about is reverse DNS, which I understand I should have working if I want to have a MX server. I understand what it is, but how the records should look, and what cooperation I need upstream is what confuses me. SBC Yahoo DSL. They are good about supporting servers over DSL, but I don't know if they are _that_ good. Of course, one issue still to be resolved is the dynamic IP issue. I technically don't currently have a static IP, but I also never take down the router. I'm currently monitoring my IP to see if SBC/Yahoo force an expiration to the lease. If so, I'll need to upgrade to static IP service, if not, I may try it this way, and just update the registry entries for the NS record when the IP changes - since it should be very infrequent.
Go Brian! Reverse DNS. Check out the DNS and BIND Cookbook by O'Reilly. It will take you through from the simples to most complex (multi-domain) DNS hosting stuff. Basically, a correctly configured reverse DNS system allows for quick translation between CNAMES and IP addresses. It's what turns a request for www.guilfoos.com into 216.218.254.226. By the way, are you hosting through Hurricane Electric based in Freemont, CA? Cause that's what a whois -h magic www.guilfoos.com says owns that IP block. So, when adding a host to your zone file, you also add a PTR record in the reverse lookup zone. The main zone file will be your guilfoos.com DNS file and the reverse lookup file will be the 216.218.256.0.in-addr.arpa zone file (or whatever your IP schema is.) To add a host to the reverse lookup table, say a mailserver at 227, just add mail IN A 216.218.256.227 to the guilfoos.com zone, and 227 IN PTR mail.guilfoos.com to the reverse lookup zone. That's just for the external (public) IP zone. A lot of that can and probably should be handed off to your upstream provider. Later, as you get more comfortable, you can host the authoritative DNS server yourself and use the ISP's as a slave that will handle most of the queries and unload that bandwidth from your wire. You will need a second set of zone files for your NAT network, eg a www.guilfoos.lan zone and a 1.0.in-addr.arpa reverse zone (if you are using a 192.168.1.xxx private schema). Anyway, get the O'Reilly book. If you are going to be hosting for multiple domains, the $34.00 will be money well spent.
I had read this was a good book. I very well may buy it - online stuff on DNS is a bit sparser than I expected. DNS must not be sexy enough. Yep. And until I'm convinced that a self-hosted setup will work - especially for email (backup MX server!) that domain will stay there. Must have at least one working email at all times! BTW, there is a domain sitting on my home webserver now, and I think the DNS database has propagated the nameserver records now... www.wildwoodstables.net You mean I was supposed to wait? I like jumping into the deep end - ns1.wildwoodstables.net is the authoritative nameserver for wildwoodstables.net - if I set everything up right. dnsreport.com only complained about the SOA Refresh value. I'm currently setting up a slave DNS server offsite. Already did this! Except the reverse zone stuff. Unfortunately, with the exception of setting my DNS server up to allow the slave to mirror the appropriate zone file, I won't have time to play with this tonight. My 120GB hard drive is expected to arrive UPS today, and my DirecTiVo is begging to be upgraded.
What a disaster that TiVo upgrade was. Lost the original 40GB disk. And several hours of my life. Anyway, I think everything is routing correctly. I have one domain pointing at my home server right now (www.wildwoodstables.net), with a few subdomains. RDNS doesn't work yet, but the bitTorrent server does! (NB: still need to edit some code, both perl and html, as the default templates in the package I'm using were for an Alias site and mucho links are broken - torrent.wildwoodstables.net)
I'm doing something similar and am having a few teething problems. I'm using IIS 5.0 rather than Apache and have the site visible by http://<ip address> but not http://<domian name>. I have registered NS1 and NS2 with my domain registrar but must have DNS setup wrong. What records should I have in DNS to just run www and ftp?
You should have an NS record for each authoritative nameserver. They should not be IP addresses. You need an A record for each DNS server you host - ns1.mydomain.tld. I host just ns1 - I use ns0.xname.org as a mirror, so if my DSL goes down I can be back up relatively quickly. Changing the nameserver glue at the registrar takes a day or so, but changing the settings at xname takes a few minutes. So if I lose my DSL and come back up with a new IP, I change my xname settings, change my nameserver glue (since ns1.mydomain.tld is now at a different IP), and then update all my DNS records on ns1.mydomain.tld. It's a reasonable fudge until I upgrade to a static IP. You need an A record for www.mydomain.tld. You need (not really - you could ftp at www.mydomain.tld, but if you are running your own DNS, why not?) an A record for ftp.mydomain.tld. Actually, I would go to DNSReport.com and put in your domain name. The report will tell of of potential problems with your DNS setup. Very helpful.