DNS project... maybe... - Questions

This is a discussion on DNS project... maybe... - Questions ; Hello to all... I find myself with several PC's in my LAN@home and I found the need to be able to create a DNS server under Linux... For sake of security, I will not post my real addresses... Here's what ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: DNS project... maybe...

  1. DNS project... maybe...

    Hello to all...

    I find myself with several PC's in my LAN@home and I found the need to be able
    to create a DNS server under Linux...

    For sake of security, I will not post my real addresses...

    Here's what I have:

    I have foo.dyndns.org pointing to my ADSL at home... Anything I place to
    the LEFT of foo resolves to my live IP. Example: mail.foo.dyndns.org
    resolves to the same IP as foo.dyndns.org.

    With that said, is it possible to set up some kins of 'internal' DNS to
    resolve for the names to the LEFT of foo.dyndns.org AFTER it reaches my
    IP? Keep in mind that I have dyndns.org as a service to resolv from the
    outside.

    Also, please keep in mind that I'm using the 192.168.*.* private adresses
    behind my firewall.

    If so, please point me in the right direction to read, learn and possibly
    see examples on how to accomplish this.

    Bottom line: I'd like to be able to send email from the cloud to my house
    using something like: myaccount@mail.foo.dyndns.org. I'd also like to be
    able to resolve for www.foo.dyndns.org and irc.foo.dyndns.org.

    Thanks in advance! :-)

    DNSgeek

  2. Re: DNS project... maybe...

    DNSgeek wrote:

    > Hello to all...
    >
    > I find myself with several PC's in my LAN@home and I found the need to be
    > able to create a DNS server under Linux...
    >
    > For sake of security, I will not post my real addresses...
    >
    > Here's what I have:
    >
    > I have foo.dyndns.org pointing to my ADSL at home... Anything I place to
    > the LEFT of foo resolves to my live IP. Example: mail.foo.dyndns.org
    > resolves to the same IP as foo.dyndns.org.
    >
    > With that said, is it possible to set up some kins of 'internal' DNS to
    > resolve for the names to the LEFT of foo.dyndns.org AFTER it reaches my
    > IP? Keep in mind that I have dyndns.org as a service to resolv from the
    > outside.
    >
    > Also, please keep in mind that I'm using the 192.168.*.* private adresses
    > behind my firewall.
    >
    > If so, please point me in the right direction to read, learn and possibly
    > see examples on how to accomplish this.
    >
    > Bottom line: I'd like to be able to send email from the cloud to my house
    > using something like: myaccount@mail.foo.dyndns.org. I'd also like to be
    > able to resolve for www.foo.dyndns.org and irc.foo.dyndns.org.
    >
    > Thanks in advance! :-)
    >
    > DNSgeek


    To set up a mial server you dont need to install a DNS server, that is
    already done for you by dyndns,org
    Technically you need a mx record but it will work without it.
    You can set up a DNS server to be used by your local network only (caching
    dns) but to set up a public DNS server in order to have people on the
    internet resolve names using your server you will need two (different)
    public IP's (1 each) for 2 DNS servers , a primary and a secondary.
    You will have to set them up on the WAN side of your local network, not
    behind the router or whatever cuz they need to be directly accesible.
    At least thats the way it weas explained to me, I wanted to do the same
    thing.
    If you set up your own mail server, I recommend Postfix and BE SURE to
    set it up so unauthorized people cant relay mail or your ISP will eventually
    shut you down totally, for good probably. Also, enbale reverse lookups so
    incomming mail has to verify the IP against the Helo strong. doing so will
    eliminate almost ALL of your spam. ie HELO none will be rejected, hello
    yahoo.com will be accepted IF (and only if) the incomming mail server IP
    matches back to yahoo.com. If the major ISPs would do this 99% of the spam
    out there would be blocked, why? because spammers never want you to know
    who they are or where the mail actually originates from so they lie in the
    HELO contact.
    Thats my 2 cents worth
    Eric

  3. Re: DNS project... maybe...

    Eric,

    Thank you so much for the info... I have learned that
    /etc/mail/mailertable is where I can tell my internal mail server to
    distribute the emails inside my private LAN... However, we're losing
    track of what I'm after...

    I'm after being able to resolve for www.foo.dyndns.org, or
    ftp.foo.dyndns.org, or irc.foo.dyndns.org... notice the www, ftp, irc...

    If I were to attempt to connect to either of these machines from the
    outside (from work, for example) into my LAN... I know that
    foo.dyndns.org resolves... and lastly, I want my internal LAN to resolve
    for the 'ftp', 'www', 'irc', etc...

    That's where I can't resolve... maybe the fact that I am using private
    IP's internally.... but I know that logically it shouldn't matter...

    I don't need to tell the world of DNS that I have private IP's... all I
    need is for any request to the left of 'foo.dyndns.org' be resolved
    internally with some kind of local, authoritative zone DNS server.

    Once again, thanks for the help! :-)

    DNSgeek

    On Tue, 04 Nov 2003 01:39:39 -0500, Eric wrote:

    > To set up a mial server you dont need to install a DNS server, that is
    > already done for you by dyndns,org
    > Technically you need a mx record but it will work without it. You can
    > set up a DNS server to be used by your local network only (caching dns)
    > but to set up a public DNS server in order to have people on the
    > internet resolve names using your server you will need two (different)
    > public IP's (1 each) for 2 DNS servers , a primary and a secondary. You
    > will have to set them up on the WAN side of your local network, not
    > behind the router or whatever cuz they need to be directly accesible. At
    > least thats the way it weas explained to me, I wanted to do the same
    > thing.
    > If you set up your own mail server, I recommend Postfix and BE SURE to
    > set it up so unauthorized people cant relay mail or your ISP will
    > eventually shut you down totally, for good probably. Also, enbale
    > reverse lookups so incomming mail has to verify the IP against the Helo
    > strong. doing so will eliminate almost ALL of your spam. ie HELO none
    > will be rejected, hello yahoo.com will be accepted IF (and only if) the
    > incomming mail server IP matches back to yahoo.com. If the major ISPs
    > would do this 99% of the spam out there would be blocked, why? because
    > spammers never want you to know who they are or where the mail actually
    > originates from so they lie in the HELO contact. Thats my 2 cents worth
    > Eric


  4. Re: DNS project... maybe...

    Well, different services are on different ports.
    For example, if someone conects to you via ssh
    then the can simply use your root domain address.
    You will need to open the port 22 on your firewall/router
    and forward port 22 accesses to the machine running
    the ssh server and then the incomming ssh access will go
    to the right place.
    The real problem you have is that dyndns.org only
    provides rudimentary dns services for you. You can
    work around it as i have said above, but probably you
    should get away from dyndns and register your own
    domain name and then hire dns services, all that is
    fairly cheap and will give you what you want directly.
    Its what i did, i have my own domain: nameRemoved.com
    and the dns i use provides records for www,nameRemoved.com
    (my site is non-commercial and i use it to share
    pictures with my family and friends who are scattered
    all over creation) and an mx record for my mailserver.
    With those in place i can control my mail (ie no spam,
    ask me how:-), ok, I'll tell you the secret: in postfix
    require that for all incomming mail deliveries that the
    incomning IP, when reverse lookup'd matches against the
    stated source in the HELO statement, reject all that
    dont match),ssh to my machine from anywhere i happen to
    be, get my mail via the web etc. its very nice,
    But it does require me to stay on top of security updates
    and watch for hack attacks. Its a never ending process of
    seeing whats new, what the latest security threats are how
    to prevent them, and continous study on how to tweak my various
    configurations to provide the best security i can.
    Buy books, and READ READ READ. And here is the number 1 tip!
    Dont use Windows for any of this (and of course you wont seeing
    this is a linux usenet group), its just a gigantic unstopable
    security hole.

    Eric

  5. Re: DNS project... maybe...

    Eric,

    Thanks for the help! I realize now after RTFM'ing the DNS & Bind 4th
    Edition and the Cookbook that there's NO way around what I was trying to
    do UNLESS I have multiple 'live' IP's on the Net... so, with that said,
    I have resourced myself into splitting my services through my firewall to
    some of the 22 machines I have here at home.

    For now I have all my mail forwarded from my domain provider and I am
    filtering it here with a mail server, allowing ports 25 and 110
    accordingly... Unfortunately I cannot use my mail server as a RELAY from
    the outside, but I can pop may from anywhere so I can live with that! :-)

    Maybe, if/when I can afford it, I'll obtain a small block of 6 IP's and
    play with 'real' DNS and zones in the future...

    DNSgeek

    On Wed, 05 Nov 2003 00:28:21 -0500, Eric wrote:

    > Well, different services are on different ports. For example, if someone
    > conects to you via ssh then the can simply use your root domain address.
    > You will need to open the port 22 on your firewall/router and forward
    > port 22 accesses to the machine running the ssh server and then the
    > incomming ssh access will go to the right place. The real problem you
    > have is that dyndns.org only provides rudimentary dns services for you.
    > You can work around it as i have said above, but probably you should get
    > away from dyndns and register your own domain name and then hire dns
    > services, all that is fairly cheap and will give you what you want
    > directly. Its what i did, i have my own domain: nameRemoved.com and the
    > dns i use provides records for www,nameRemoved.com (my site is
    > non-commercial and i use it to share pictures with my family and friends
    > who are scattered all over creation) and an mx record for my mailserver.
    > With those in place i can control my mail (ie no spam, ask me how:-),
    > ok, I'll tell you the secret: in postfix require that for all incomming
    > mail deliveries that the incomning IP, when reverse lookup'd matches
    > against the stated source in the HELO statement, reject all that dont
    > match),ssh to my machine from anywhere i happen to be, get my mail via
    > the web etc. its very nice, But it does require me to stay on top of
    > security updates and watch for hack attacks. Its a never ending process
    > of seeing whats new, what the latest security threats are how to prevent
    > them, and continous study on how to tweak my various configurations to
    > provide the best security i can. Buy books, and READ READ READ. And here
    > is the number 1 tip! Dont use Windows for any of this (and of course you
    > wont seeing this is a linux usenet group), its just a gigantic
    > unstopable security hole.
    >
    > Eric


+ Reply to Thread