Re: [External] Re: How can I launch a private Internet DNS server?

Thank you for your valuable feedback. It is much appreciated. On Fri, 20 Nov 2020 at 19:37, Reindl Harald wrote: > > Am 08.11.20 um 14:44 schrieb Timothe Litt: > > > I'm amazed that this thread has persisted for so long on this list of > knowledgeable people > > > me too, i would understand

Re: [External] Re: How can I launch a private Internet DNS server?

Am 08.11.20 um 14:44 schrieb Timothe Litt: I'm amazed that this thread has persisted for so long on this list of knowledgeable people me too, i would understand that on the spamassassin list but not here and what i *really* don't understand is jumping into the thread with "I just wanted

Re: [External] Re: How can I launch a private Internet DNS server?

On 07-Nov-20 14:06, Tom J. Marcoen wrote: > Having at least two name servers is not a requirement by the RFC > standards but which TLD allows for only one NS server to be given when > hou register a domain? > > On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail > wrote: > >

Re: How can I launch a private Internet DNS server?

first: there *is* a requirement of a secondary nameserver https://www.iana.org/help/nameserver-requirements Am 07.11.20 um 14:21 schrieb alcol alcol: you can't run a sec. srv. from your own. You need some action from ADMIN-C or TECH-C yeah, someone needs to tell the registry the nameservers

Re: How can I launch a private Internet DNS server?

Am 05.11.20 um 20:04 schrieb Michael De Roover: On Thu, 2020-11-05 at 11:27 -0600, Chuck Aurora wrote: On 2020-11-05 07:36, Bob Harold wrote: You appear to have confused 'secondary' authoritative servers with a second 'resolver'. Authoritative servers - listed in the NS records - are used

Re: [External] Re: How can I launch a private Internet DNS server?

Am 07.11.20 um 15:36 schrieb Kevin A. McGrail: On 11/7/2020 9:04 AM, Reindl Harald wrote: first: there *is* a requirement of a secondary nameserver https://www.iana.org/help/nameserver-requirements Does that requirement apply to the use-case? Based on the first sentence, "These are the

Re: [External] Re: How can I launch a private Internet DNS server?

Having at least two name servers is not a requirement by the RFC standards but which TLD allows for only one NS server to be given when hou register a domain? On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail wrote: > On 11/7/2020 10:15 AM, Reindl Harald wrote: > > >

Re: [External] Re: How can I launch a private Internet DNS server?

On 11/7/2020 10:15 AM, Reindl Harald wrote: > > https://tools.ietf.org/html/rfc1537 > Common DNS Data File Configuration Errors > > 6. Missing secondary servers > > > It is required that there be a least 2 nameservers > > for a domain. > > - > > that above is common

Re: [External] Re: How can I launch a private Internet DNS server?

On 11/7/2020 9:04 AM, Reindl Harald wrote: > first: there *is* a requirement of a secondary nameserver > https://www.iana.org/help/nameserver-requirements Does that requirement apply to the use-case? Based on the first sentence, "These are the technicals tests we perform for delegation changes in

Re: How can I launch a private Internet DNS server?

, 2020 2:03 PM To: bind-users@lists.isc.org Subject: Re: How can I launch a private Internet DNS server? > Do a web search for "secondary dns provider" and "backup dns provider" > I just wanted to comment that there is no "requirement" to run a secondary DNS s

Re: How can I launch a private Internet DNS server?

> Do a web search for "secondary dns provider" and "backup dns provider" > I just wanted to comment that there is no "requirement" to run a secondary DNS server.  It's certainly best practice and should be considered.  However, the goal of having two DNS servers is to promote redundancy if DNS

Re: How can I launch a private Internet DNS server?

On 06-Nov-20 08:50, Reindl Harald wrote: > > > Am 06.11.20 um 13:25 schrieb Tom J. Marcoen: >> First of all, sorry that I cannot reply within the thread, I was not >> yet a member of the mailing list when those emails were sent. >> >>> On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users

Re: How can I launch a private Internet DNS server?

Am 06.11.20 um 13:25 schrieb Tom J. Marcoen: First of all, sorry that I cannot reply within the thread, I was not yet a member of the mailing list when those emails were sent. On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote: Excuse me, I just have one server for DNS and

Re: How can I launch a private Internet DNS server?

First of all, sorry that I cannot reply within the thread, I was not yet a member of the mailing list when those emails were sent. > On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote: > > > > Excuse me, I just have one server for DNS and that tutorial is about > > secondary > >

Re: How can I launch a private Internet DNS server?

On Thu, 2020-11-05 at 11:27 -0600, Chuck Aurora wrote: > On 2020-11-05 07:36, Bob Harold wrote: > > You appear to have confused 'secondary' authoritative servers with > > a > > second 'resolver'. > > Authoritative servers - listed in the NS records - are used by > > other > > DNS servers, not by

Re: How can I launch a private Internet DNS server?

On 2020-11-05 07:36, Bob Harold wrote: On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover wrote: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave

Re: How can I launch a private Internet DNS server?

Am 05.11.20 um 12:59 schrieb Michael De Roover: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is

Re: How can I launch a private Internet DNS server?

On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover wrote: > On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: > > A good secondary offloads your server > > noticeably, and > > keeps the domain alive in case of temporary failures. > > AFAIK, authoritative slave servers are only used when

Re: How can I launch a private Internet DNS server?

On Thu 05/Nov/2020 12:59:37 +0100 Michael De Roover wrote: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master

Re: How can I launch a private Internet DNS server?

On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: > A good secondary offloads your server > noticeably, and > keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is confirmed to be down. Lookups take significantly

Re: How can I launch a private Internet DNS server?

On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote: Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Just skip the chapter about the secondary. You're better off buying secondary DNS services externally. A good secondary

Re: How can I launch a private Internet DNS server?

On Thu 15/Oct/2020 20:59:32 +0200 Stephane Bortzmeyer wrote: On Thu, Oct 15, 2020 at 11:16:05AM -0700, Fred Morris wrote a message of 50 lines which said: 2) If you want to run your own DNS nameservers, you will need to buy a book, read the (BIND) Administrator's Reference Manual,

Re: How can I launch a private Internet DNS server?

Am 16.10.20 um 11:34 schrieb Michael De Roover: Interesting article, thanks for sharing this! I'm slightly confused about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel

Re: How can I launch a private Internet DNS server?

With regard to using chroot, hasn't named/BIND long had the "-u" (user) and "-t" (directory) options to accomplish the same thing more easily? On Fri, 16 Oct 2020 12:47:35 -0500 Chuck Aurora wrote: > /me catching up on earlier parts of this thread, > > On 2020-10-15 11:42, alcol alcol wrote:

Re: How can I launch a private Internet DNS server?

/me catching up on earlier parts of this thread, On 2020-10-15 11:42, alcol alcol wrote: A DNS server can exist if you follow NIC instractions. Mainly have you a leased line ever on? primary DNS can't be down or NIC could down your domain. Then you have to install and configure it. Better a

Re: How can I launch a private Internet DNS server?

On 2020-10-16 06:05, Sami Ait Ali Oulahcen via bind-users wrote: I've been looking for a way to implement this on nft or through firewalld, but couldn't find anything comprehensive. So if it does get updated, please let us know :) It won't be by me, for more than one reason (I am no longer at

Re: How can I launch a private Internet DNS server?

On 2020-10-16 04:34, Michael De Roover wrote: Interesting article, thanks for sharing this! I'm slightly confused YW! about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel

Re: How can I launch a private Internet DNS server?

I've been looking for a way to implement this on nft or through firewalld, but couldn't find anything comprehensive. So if it does get updated, please let us know :) On 10/16/20 10:34 AM, Michael De Roover wrote: Interesting article, thanks for sharing this! I'm slightly confused about some

Re: How can I launch a private Internet DNS server?

Interesting article, thanks for sharing this! I'm slightly confused about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel make a heuristic based on what's in the iptables rule

Re: [External] Re: How can I launch a private Internet DNS server?

On 2020-10-15 14:38, sth...@nethelp.no wrote: I would run a firewall even for BIND alone on a box in case the box gets compromised through BIND. Allowing remote access and DNS, then dropping everything else as the general firewall policy should be pretty straightforward. But with the IP on this

Re: [External] Re: How can I launch a private Internet DNS server?

Simply stateless. Something along the lines of this (iptables): # SSH may be internal only or moved to a different port iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT # Enable DNS on both TCP and UDP iptables -A INPUT -m tcp -p tcp --dport 53 -j ACCEPT iptables -A INPUT -m udp -p udp

Re: [External] Re: How can I launch a private Internet DNS server?

> I would run a firewall even for BIND alone on a box in case the box > gets compromised through BIND. Allowing remote access and DNS, then > dropping everything else as the general firewall policy should be > pretty straightforward. But with the IP on this particular BIND box > being public, it's

Re: [External] Re: How can I launch a private Internet DNS server?

I would run a firewall even for BIND alone on a box in case the box gets compromised through BIND. Allowing remote access and DNS, then dropping everything else as the general firewall policy should be pretty straightforward. But with the IP on this particular BIND box being public, it's really

Re: [External] Re: How can I launch a private Internet DNS server?

On 10/15/2020 2:50 PM, Jason Long via bind-users wrote: > Yes. > In the panel of domain name registrar I can enter something like > "NS1.example.net" and an IP address. > I want to host the host t DNS server myself. Oh yes, you will also need a domain name register that let's you register the

Re: [External] Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 02:03:52PM -0400, Kevin A. McGrail wrote a message of 8 lines which said: > Firewalls are cheap and the level of effort to run a bastion host are > significant. Firewalls are useful when you want to protect unamanaged printers and Windows boxes (or Web servers with a

Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 11:16:05AM -0700, Fred Morris wrote a message of 50 lines which said: > 2) If you want to run your own DNS nameservers, you will need to buy a >book, read the (BIND) Administrator's Reference Manual, and/or some >RFCs Very bad advice. RFCs are not for the

Re: How can I launch a private Internet DNS server?

, October 15, 2020 6:57 PM To: i...@nixmagic.com ; Michael De Roover ; bind-users@lists.isc.org Subject: Re: How can I launch a private Internet DNS server?   Yes, I have two static IP addresses. One is for DNS server and one is for my website. Excuse me, I just have one server for DNS

Re: How can I launch a private Internet DNS server?

My static IP addresses are public. On Thursday, October 15, 2020, 08:42:42 PM GMT+3:30, Michael De Roover wrote: Are these static IP's local or public? If local, you can instruct your router to port forward to these. If these are public, I guess these machines make a direct

Re: How can I launch a private Internet DNS server?

Yes. In the panel of domain name registrar I can enter something like "NS1.example.net" and an IP address. I want to host the host t DNS server myself. On Thursday, October 15, 2020, 08:36:35 PM GMT+3:30, Stephane Bortzmeyer wrote: On Thu, Oct 15, 2020 at 04:36:58PM +, Jason

Re: How can I launch a private Internet DNS server?

If this is question has a simple answer, you're confounding it by not asking a simple, concise question. On Thu, 15 Oct 2020, Jason Long via bind-users wrote: [...] I need expert advice about it. If you need expert advice that's accurate and guaranteed to work, hire a professional. ;-) I

Re: [External] Re: How can I launch a private Internet DNS server?

On 10/15/2020 1:00 PM, Stephane Bortzmeyer wrote: > He said that the DNS server has a public IP address so port forwarding > is probably not necessary. Firewalls are cheap and the level of effort to run a bastion host are significant. I'd recommend port forwarding as a necessary task.

Re: [External] Re: How can I launch a private Internet DNS server?

On 10/15/2020 12:57 PM, Jason Long via bind-users wrote: > Yes, I have two static IP addresses. One is for DNS server and one is > for my website. > Excuse me, I just have one server for DNS and that tutorial is about > secondary DNS server too. Can you show me another tutorial with one > server

Re: How can I launch a private Internet DNS server?

. From: bind-users on behalf of Jason Long via bind-users Sent: Thursday, October 15, 2020 6:57 PM To: i...@nixmagic.com ; Michael De Roover ; bind-users@lists.isc.org Subject: Re: How can I launch a private Internet DNS server? Yes, I have two static IP addresses. One is for DNS

Re: How can I launch a private Internet DNS server?

Are these static IP's local or public? If local, you can instruct your router to port forward to these. If these are public, I guess these machines make a direct connection to the internet with a public IP on their interface then? In that case you can omit any port forwarding. The secondary DNS

Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 04:57:16PM +, Jason Long via bind-users wrote a message of 173 lines which said: > I have two static IP addresses. One is for DNS server and one is for > my website. Note that you can put the two servers on the same machine, using the same IP address, since the

Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 04:36:58PM +, Jason Long via bind-users wrote a message of 1594 lines which said: > in the panel of it, I can enter my DNS server IP addresses. I assume you refer to the panel of your domain name registrar. If so, it would be useful to know which is the label near

Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 06:45:01PM +0200, Michael De Roover wrote a message of 65 lines which said: > Your router can port forward traffic to port 53/udp to your local IP > that your DNS server is on. He said that the DNS server has a public IP address so port forwarding is probably not

Re: How can I launch a private Internet DNS server?

Yes, I have two static IP addresses. One is for DNS server and one is for my website.Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Can you show me another tutorial with one server and same goal?The Internet DNS server for my goal is

Re: How can I launch a private Internet DNS server?

Assuming that this is running off a home network, yes you could technically do it. Probably the registrar's name servers will be more reliable however. I'll also assume that your public IP is static. Otherwise it may only be suitable for the website, with a Dynamic DNS service that can regularly

Re: How can I launch a private Internet DNS server?

. From: bind-users on behalf of Jason Long via bind-users Sent: Thursday, October 15, 2020 6:36 PM To: bind-users@lists.isc.org Subject: How can I launch a private Internet DNS server? Hello, I have a question about launching a DNS server with CentOS

Re: [External] How can I launch a private Internet DNS server?

On 10/15/2020 12:36 PM, Jason Long via bind-users wrote: > I have a question about launching a DNS server with CentOS for hosting > a web server. Excuse me, if my question is so basic and funny. I need > expert advice about it. > I registered a domain name for my web site and in the panel of it,

How can I launch a private Internet DNS server?

Hello,I have a question about launching a DNS server with CentOS for hosting a web server. Excuse me, if my question is so basic and funny. I need expert advice about it.I registered a domain name for my web site and in the panel of it, I can enter my DNS server IP addresses. I want to launch a