Networking Questions

Author	All Replies
ElViejoPoeta join:2001-01-10 Miami, FL	Networking Questions I have a Linksys router,BEFW11S4 Ver.4. Is there a cheap router/switch that allows me to give different routing rules to different ports? For instance, let's say I want the router to act as a simple switch/hub for a range of ports say 1-8 and to have it do NAT on 9-16? Even better would be a router that would allow me to assign a public IP address to port 1, and then port 2-8 be NAT-derived private IP addresses of the first IP address and port 9-16 be NAT-derived private IP addresses of a second public IP? Hopefully, this makes some kind of sense. Additionally, I have heard that a few of you run your own domain servers. I configured bind during the weekend. I have it set up with a private IP of 192.168.1.15 and I then have the other computers on the lan query this server for DNS by putting its IP in each of the /etc/resolv.conf files.So far so good. Two questions: 1) I have purchased a number of domain names. What do I do to have my bind server be used as a fully qualified domain name server such as: ns1.mypatheticdomain.com What fields do I have to modify with the domain registrar to have it point ns1.mypatheticdomain.com to the domain name server I set up during the weekend? Once I figure this out, what is the best way to do virtual web hosting with apache? Should I just point the domain name to my public IP address with the dns resolution being done by the registrar as I have been doing up to now? The reason I ask is that I assume they have the domain servers somewhere with diesel backup generators and that kind of thing? Are there any benefits to having bind and apache in the same box for a number of virtual domains? 2) I thought I read in an RFC somewhere that to do DNS properly, you need to have a primary and secondary DNS server. How do you do this if you only have one server? Thanks... -- See where my mind is: »www.porcel.net
ElViejoPoeta join:2001-01-10 Miami, FL	to forum · permalink · 2004-03-31 13:11:13 · (locked)
graysonf Premium,MVM join:1999-07-16 Fort Lauderdale, FL	Well, for starters, it all depends on what you mean by "cheap." There routers that will do multi-NAT type stuff in one unit. But they aren't cheap. Another way to do this is with multiple cheap routers hanging off a switch or hub that has your multiple public IPs visible on it. Or you can also do it with an *nix type operating system that will route between multiple interfaces. For your name server question. You have to first register a host with your domain registrar linking the name ns1.mypatheticdomain.com to a public IP you have. Next, you have to tell your router to accept incoming port 53 UDP traffic on this public IP and forward it to the machine running the name server. Next, you have to list ns1.mypatheticdomain.com as being an authoritative name server for the mypatheticdomain.com. Finally, you need a proper zone file for the mypatheticdomain.com running on the name server. There probably isn't any real good reason for running your own DNS for your domains other than doing it yourself and wanting to learn it and have direct control over it. You can get this service for free elsewhere or pay a few dollars per year for it too. Some people do both. It doesn't really matter where the name server is, so long as it works. If it's on the same machine as the web server and either the box is broken or otherwise unreachable, then it won't matter which portion is broken, it just won't work. Most registrars require you to have two name servers for a domain. Some will let you slide with only one. And others aren't picky how they define what "two" means. So, if your's isn't picky, you can do something like this and get away with it: ns1.mypatheticdomain.com 123.123.123.123 ns2.mypatheticdomain.com 123.123.123.123 Two hosts defined as name servers, both on the same IP, but only one copy of BIND running answering requests that come in to both ns1 and ns2. If your registrar is pick and won't let you do this, then get free DNS service at a place like »www.zoneedit.com. You can use their DNS servers as well as your own or just use all of theirs.
	to forum · permalink · 2004-03-31 13:49:05 · (locked)
ElViejoPoeta join:2001-01-10 Miami, FL	said by graysonf: Another way to do this is with multiple cheap routers hanging off a switch or hub that has your multiple public IPs visible on it. I think this is the route I might follow. quote: Or you can also do it with an *nix type operating system that will route between multiple interfaces. WEll, this I know how to do, but I already have too many white boxes in the apartment and I am trying to re-gain a bit of space. I have a NASRAQ with a MIPS chip that I could use for this purpose. I need to search for a modern distribution that will run on it. quote: You have to first register a host with your domain registrar linking the name ns1.mypatheticdomain.com to a public IP you have. Next, you have to tell your router to accept incoming port 53 UDP traffic on this public IP and forward it to the machine running the name server. Yeap, this appears to work well. I created two pointers for my IP address. ns1.mydomain.com ns2.mydomain.com Interestingly, dig only finds them when I use DSLi's name servers, not when I use my own.Yet it has no problems with any other domain server. Maybe this is where the authoritative registraton part comes in or maybe a domain name server cannot reference itself? quote: Next, you have to list ns1.mypatheticdomain.com as being an authoritative name server for the mypatheticdomain.com. Finally, you need a proper zone file for the mypatheticdomain.com running on the name server. Am I right in assuming that my zone file is properly set since I can send and receive email on this domain? joebloe@mydomain.com can send and receive. Both IMAP and iPOP are working great. Even though this is primarily a learning exercise, I'd still like to know how I go about listing the ns1.mypatheticdomin.com as an authoritative domain. Thanks for helping and sharing your knowledge. There is a great feeling of independence when you begin to do these things on your own.By the way, I just ordered the O'Reilly book on bind. That should come handy. -- See where my mind is: »www.porcel.net
ElViejoPoeta join:2001-01-10 Miami, FL	to forum · permalink · 2004-04-01 09:56:50 · (locked)
graysonf Premium,MVM join:1999-07-16 Fort Lauderdale, FL	One of the BSDs, NetBSD, has outstanding processor support compared to all others. Something sounds fishy with your name server if it can't find your records and another server can. You might not be loading the root zone and/or have forwarding enabled or might not be allowing recursion/query? You should be able to do a simple lookup of the A record for ns1 and ns2 using any name server that you can access and do lookups on. A look at your named.conf would help. You may or may not be right about your zone being set up correctly. You say you can send and receive mail fine. That's a good start, but it might work fine to/from the local machine and still be broken from out on the internet at large. You didn't say how extensively you tested that though. Somewhere up at your registrar for your domain, there is a management section that will allow you to define/add/change the name servers that are authoritative for the domain. Most registrars have separate screens to list the servers, enter the servers, or add more servers (beyond the two required). You'll just have to look around to see how your registrar does this. Making changes to those screens might look like they are instantaneous, but they really aren't. Most registrars transmit changes only once a day up to the root servers, so be patient.
	to forum · permalink · 2004-04-01 10:18:48 · (locked)
darkcom Premium join:2002-12-04 Miami, FL	reply to ElViejoPoeta humm... about the switch, seems like you need a Layer 3 switch to do what you want to do. How about a Riverstone RS3000 with 256Mb, 32 port 10/100Base TX ? They allow you to assign VLAN's on whichever ports you choose as well as assign IP's, enable NAT on those ports and even create access-lists and create port-forwarding rules. Problem is: 1) they are not cheap. 2) I have heard of issues related to NAT on high-traffic networks [get a support contract]. You may want to look into it though, at least a product similar to this one. As far as the DNS question, I would suggest you let someone else manage it unless you want to do it because you want to learn how it works or you plan on having the equipment co-located with a Service Provider - in order to minimize outages. _darkcom -- "Are you the police?... No ma'am, we're sysadmins"
darkcom Premium join:2002-12-04 Miami, FL	to forum · permalink · 2004-04-04 23:22:25 · (locked)

The Site > Old Forums > DSLi > Networking Questions