Allright Mntsnow, now's the time you school some of us "UnknowledgeableinthewaysofDNS".

We'll start like this . . .

- Have Domain Name
- Have Static IP

. . . what else do you need to know. (Related to this thread of course)

Pros and cons of running a DNS server would be nice also.

Ahhh... Let me do a quick search and see if someone else has already written something and if not I will start :)

For the typical home website purposes, I would say this:

Pros:

-You can both control and be the authoritative DNS server for your domain name (namespace).

-You dont have to depend on someone else to change pointers when you create/modify a web page.

Cons:

-You have to maintain your zones.

-You will get all the query traffic when a recursive dns query for your namespace is made.


All it takes is a little planning. But, for internet servers, you have to have a registered DNS server to be the SOA of your domain before you can setup a name server (for the internet)

Start with your registrar, specify an already existing nameserver to point your namespace to your IP address. After the dns is up and running and propagates, you can configure your server up as a DNS server, authoritive for your namespace, then change your registrars record to point to your nameserver as the SOA for your namespace. At this point you will have complete control of your namespace.

Thanks BBA for sharing and here is a easy start :)

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315982&sd=tech

So if I roll over and do this on my server now, it's not going to bring down the internet or anything?

I'm guessing I'll have to e-mail BellSouth to tell them to change all the records to point to dns.my_domain_name.com and then it'll propagate? Is there a step missing, it just seems too easy.

Well have you setup your DNS zones in the DNS mmc? Make sure you have allowed DNS traffic thru your firewall

I'm doing it right now.

So far I have . . .

- Created a Standard primary Forward Lookup Zone
- Created the www alias under the Forward Lookup Zone

Do I need to go down the list or just those two things for DNS?

Okay, now I've . . .

- Created a Standard primary Forward Lookup Zone
- Created a Host file (www) w/ my IP address
- Created an Alias (ftp) w/ www.comptechsolu.com or should it have been ftp.comptechsolu.com?
- Created a Mail Exchanger file w/ mail.comptechsolu.com

Dont do Alias for FTP Create an actual A record for ftp.comptechsolu.com as that is better that alias'

I assume you have your own email server setup as well?

Not yet. I'd like to have a Webmail interface as well as POP or SMTP, whichever I can do easiest.

How many users do you need to support? How many domains? Does your email server need to also be a DNS or Webserver?

Sounds like a little confusion on types of records. Maybe this will clear things up a little:

Zones:

-A Forward lookup zone is used to assign IP addresses to host names/aliases: IE: You send a query for www.youname.com, the forward lookup zone returns the IP address to go to.

-A Reverse Zone is used to assign a host name to an IP. So, you have a query for 24.135.2.10 that happpens to be your IP, the reverse zone sends back www.yourname.com.

Note: A good practice is to create a reverse lookup zone before the forward lookup zone. This is because the reverse lookup zone will dynamically update its records whenever a record in the forward lookup zone is updated/changed/created if it already exists so it saves administrative effort in record keeping. (Of course this is only if you care about reverse lookups)


Record Types

- HOST ( A ): An 'A' record represents a device or host on the network. 'A' names resolve from a host name to an IP address. IE: yourcomputer.yourname.com resolved to 10.1.1.5

- Pointer ( PTR ): A 'PTR' record is used to find the DNS name that corresponds to an IP address It is found only in hte reverse lookup zone. IE: 10.1.1.5 resolved to yourcomputer.yourname.com

-Start of Authority ( SOA ): An 'SOA' resource record is the first record in ANY zone file. It identifies the PRIMARY DNS name for the zone. The 'SOA' identifies the e-mail address of the administrator of the zone. The 'SOA' specifies the information required for replication of the zone/records (such as the record serial number/refresh interval/retry interval/expiration values for the zone) IE: microsoft.com resolves to NS1.microsoft.com

-Service Record ( SRV ): An 'SRV' record indicates a network service a host offers, and it resolves from a service name to a host name and port. IE: _TCP._LDAP.microsoft.com resolves to DC01.microsoft.com

-Name Server ( NS ): A 'NS' record identifies DNS servers for each zone. 'NS' records exist in all forward and reverse lookup zones.
Whenever a DNS server needs to send a query to a delegated domain, it refers to the 'NS' record for the DNS servers in the target zone. It resolves from a domain name to a host name.

-Mail Exchanger ( MX ): An MX resource record indicates the presence of a Simple Mail Transfer Protocol (SMTP) e-mail server. It resolved to a host name.

-Alias ( CNAME ): A 'CNAME' record is a host name that refers to a different host name. It will resolve a host name to another host name. IE: www.microsoft.com resolves to webserver12.microsoft.com

So...that in mind...any questions? :lol:


(Hope your as confused as the rest of us are now)

To answer Mntsnow's questions. I wanna have about 25 mailboxes. Yes, the DNS, Mail, and Web are all on the same server.

I'm taking some digi-pics of my 4Sale goods, so I'll check back later to really dig in.

i don't have 2 cents to add to this thread yet but i am sure getting 5 cents out of this thread.:D

just starting to get into this webserver stuff.

so all of this is interesting reading for me.

Well for very little money I can suggest Mailenable professional for your email that will have a webmail interface to it and can handle multiple domains and is unlimited in users.

They have a trial version that you can use and then only have to buy the unlock code to continue using it past the trial period.

If you can get away without needing Webmail they do have a free product that can handle the amount of users you want to do

So at what point does this thing start to work?

I need a checklist to compare what I've done to see what else I need to do.

I would suggest testing your DNS servers config at http://us.mirror.menandmice.com/cgi-bin/DoDig see if your server gives the correct infomation

Then if everything is correct and working as it should then go to your domain registrar and update the domain record and list your dns server(s) as the authoritive DNS server(s)

Thnx, I'll give that a try now. I'm AWP for some SCSI drives from stant093. Nothing fancy, but it'll give me a place to put some webage beside some IDE ATA-33 drives.

I'll probably be doing a reinstall and document what I do for my learning purposes. I also might be able to do a "walkthrough" to help some other less-then-patient-not-so-educated-in-the-arts-of-networking.

Okay, what is the correct info? It's giving the info from BellSouth, I'm guessing that's not correct.
When I ran "dcpromo", it setup a DNS for me. It has a private IP, do I need to change that to my actual Static IP seen by the WAN?

I tried changing it to my Static IP and it won't let me. It says "Access Denied". I'm using an admin account (not THE admin), do I need to stop some services? I tried just DNS Server but that didn't help. I'm gonna try Server and Client to see if it lets me.

I had to reboot after I added the 'username' to DnsAdmin and a few other admins. I change the 'Host' file in DNS, but it still shows the info from BellSouth at the link provided.

ok... In YOUR DNS server you will need to create the records with the PUBLIC IP that people will uses to access your site. Within YOUR Domain you will have both a Private IP (that was auto-created)for your Domain server as well as a Public IP that you will need to create. You have to manually create your public Ip records because none of your network interfaces on your servers are assigned public ip's. (if that makes sense for you)

After I get all those records setup, isn't the link you posted still going to show BellSouth's server info?
I guess I'm just gonna create all my records and then e-mail BellSouth and have them switch me. If it's down a couple of days, no big deal. It'll just make me work harder at getting it setup. :)

I've got . . .

-Host w/ my Static IP (My router forwards the appropriate ports to the private IP of the server)
- Alias w/ www and pcname.domainname.com
- Alias w/ ftp and pcname.domainname.com
- Mail Exchanger w/ pcname.domainname.com

Is this enough to e-mail BellSouth and tell 'em to switch 'em?

That should work

Your PUBLIC Static IP = Your Router Which will then forward ports to the different server(s) as needed

www.yourdomain.com = Your Public Static IP
mail.yourdomain.com = Your Public Static IP
FTP.yourdomain.com = Your Public Static IP
MX = mail.yourdomain.com

workstation1 = private ip
workstation2 private ip
workstation3 private ip

Coolio. As soon as I get some SCSI drives, I'll be getting the server setup nice and neat and e-mailing BellSouth and ditching my hosting service and changing my records.

:)

Can I use the same server for Primary and Secondary DNS?

Can I use dns.domainname.com and dns.domainname.com twice?

I had NO idea, but there's a link to "Domain Manager" through my webhosting cp. Duh!

EvilRick - The forums area of the site has so far failed to e-mail me confirmation details.

:)

Bob

I manually activated you. Your the second person to have that issue. I think this is new and hopefully not because of what I have done so far w/ my server. :o

Truthfully you need two DNS servers to be RFC compliant. You might look into one of the DNS companys to provide secondary DNS for you.

You might look at http://www.worldwidedns.net/home.asp to do secondary dns as it would be very cheap

Since I'm goind to be setting up two servers anyway, could I setup two DNS from the same IP? I'm guessing not since they'll be at the same IP.

And if I go w/ something like what you've linked to, I'm only one Zone, right? Or does that mean Forward and Reverse and that counts as two?

I do believe you would be a single zone since you would only be doing a single domain but you might email mail them via their secure web email link and get a confermation on that.

And NO you can not have both DNS servers issued the same IP.

You might also look into some of the so called Public DNS services as for one or two records some of them will do it for free from what I'm told or very cheaply. Just run a search for terms such as DNS Service

I might have to go w/ that one in the other thread about setting up your own web server. I think there's a couple links, one might have been free for <5 zones.

You dont need two name servers, but you could use ns1.domainname.com and ns2.domainname.com and create ns records for one or both names. Point one ns name to the server itself, the other somewhere else, if you even create it. It is supposed to be pointed to a second nameserver for redundancy...but I never worried about not having a second on a home webserver/network.

To somewhere else? Does it matter where? A 192.168.1.x IP address maybe?

Well BBA that is against RFC standards. but I quess that since there isnt going to be a cop busting down your door you can get away with it ;)

Standards? We don't need no stinkin' standards.

I just want to get it to work. :)

Look at www.zoneedit.com, they give you full control over your DNS records and its free for up to 5 zones.

SJ, that's the one I was thinking of.

It's http://www.zonedit.com though, only one "e". :)

I used the Zonedit.com yesterday and it's already propogated. :)

I wasn't really prepared though, now I have no e-mail. :o I didn't setup a mail server on Zonedit.com and so now I have none. I just figure it would leave it alone. Anyway, I added my temp mail server so now I'll have to wait again for propogation. :(

I'm getting an error sometimes when posting in the fourm, but I think I just need to install ASPMail.

So far, so good though.

LOL Yeah DNS can propogate pretty quickly some times :D Zoneedit progates pretty fast due to them using low TTL values and they do that as most of their users use dynamic IP's which are changing all the time....Increases the amount of DNS traffic but makes for a more seemless updates to DNS records for their users.

What Forum software you go with?

Still using Snitz.

I'm having a Hell of a time w/ MailEnable though. I get it setup just fine, I can't get Reverse DNS to work though. So, I can't send to half the ISP's in the world. :rolleyes:
I set a PTR record up for my IP, but that didn't seem to work. Zonedit.com says if you just setup your domain, it'll automatically do the Reverse DNS. I'm getting PO'd.

The Reverse DNS is probably getting set by your ISP. Since you have a Dynamic IP it is most likely listed in many blacklists as most "real and honest" email servers are on Static IP's that are assigned to a idividual company and thus there is a way to hold them accountable for "spam" traffic to an extent.

Snitz is what I started out with :)

I have a Static IP. I just go off the phone w/ BellSouth's Web Hosting side, they said it would be handled by the ISP side. :rolleyes:

I told him I'd be calling back to cancel my Web Hosting when I was done on the phone w/ the ISP side. :D

Turns out, the ISP side doesn't handle it either. I just went to Zonedit.com and setup PTR records for my domain name. I also setup records for "mail" and "www", do I need to do all three, or does just the PTR for my domain work? I did all three w/ the last three octets of my IP and ".in-addr.arpa"

Either way, I did all three and hopefully soon I'll be able to send e-mail.

I found out you can only have 1 PTR record. I just removed them all for now. I talked w/ BellSouth again, the person I talked to didn't even know what Reverse DNS was and didn't think I really needed it. ??? Anyway, I took the time to let him/her know that I needed Reverse DNS in order to send mail. I then get told that it's against my Acceptable Use Policy to have a Web/Mail Server. I then pointed out that I got a letter in the mail stating the fact the Static IP's were now available and that the purpose of them was to enable people to run their own Web/Mail Server from home. I still have the letter (now I know why I kept it) and told the person I would be more than glad to send them a photocopy. The person then states they can't help me anyway because THEIR servers are down! Good grief.

For now, I can receive e-mail, just can't send any.

Anybody have any other tips/tricks for having a Mail Server and how to resolve Reverse DNS?

Your ISP who owns the IP's is who setups the reverse DNS for your static IP. Fortunately with Qwest since I lease my IP's from them they have a interface where I can log in and personally configure them :).

If you PM me your public IP I will see if I can help you find the right person to speak too to get it configured or if they have a interface so you can.

btw at Zoneedit I personally would setup

domain.com A record
w w w.domain.com A record
mail.domain.com A record
domain.com MX record
domain.com PTR record

Within Mailenable how do you have it setup for your naming? ie domain.com or mail.domain.com? If mail.domain.com then make your PTR record mail.domain.com so it matches up For best results you want both an A record and PTR record for email servers

Here is some FYI type info on how we mark spam as spam mail....

Content analysis details: (35.2 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.3 NO_REAL_NAME From: does not include a real name
4.4 DATE_SPAMWARE_Y2K Date header uses unusual Y2K formatting
4.2 IMPOTENCE BODY: Impotence cure
1.1 BANG_GUARANTEE BODY: Something is emphatically guaranteed
1.1 PENIS_ENLARGE BODY: Information on getting larger penis/breasts
0.6 PENIS_ENLARGE2 BODY: Information on getting larger penis/breasts
1.2 GUARANTEED_STUFF BODY: Guaranteed Stuff
4.3 MONEY_BACK BODY: Money back guarantee
0.6 CLICK_BELOW_CAPS BODY: Asks you to click below (in capital letters)
1.2 BANG_EXERCISE BODY: Talks about exercise with an exclamation!
0.2 HTML_50_60 BODY: Message is 50% to 60% HTML
1.6 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence between 51 and 100
[cf: 100]
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.5 HTML_LINK_CLICK_CAPS BODY: HTML link text says "CLICK"
0.1 HTML_FONT_BIG BODY: HTML has a big font
0.3 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
0.1 HTML_LINK_CLICK_HERE BODY: HTML link text says "click here"
0.7 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset
5.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.8 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.3 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.7 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
1.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
1.6 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

As you can see I have my email server mark email as spam once the value reaches 5.0 (I'm fairly strict :D). and the one I posted was a value of 35.2!

Hope that helps you understand how we watch and try and can the spam.

Originally posted by Mntsnow
If you PM me your public IP I will see if I can help you find the right person to speak too to get it configured or if they have a interface so you can.

YGPM and THNX, I think I forgot in the PM.

Is your SPAM filtering through MailEnable, or other software? If MailEnable, I'm using the Standard version, so I probably can't do all that filtering.

Actually the one I showed is from my linux email server called Spamassassin but with mailEnable you can still block a large portion of the spam by using the RBL lists and such. then if an email is being sent from a server listed on any of the lists you configured it will block the email.

Some more reading for you :D http://www.email-policy.com/Spam-black-lists.htm

Well, I'm throwing my hands up in the air. I can't get BellSouth to create a PTR record so I can send e-mail. I'm going to have to move everything back over to them 'til I get a different host.

This is very irritating.

That just bites....:(

Tell me about it. I e-mailed their support at 9:00am and have only received the auto-responder . . . at 11:15am. Evidently they're still having server problems as well, although e-mails to/from other people seem to be going through in a rather timely manner. I'm getting ready to check the account I e-mailed them from again to see if I have a reply yet.

Looks like I'll be moving to GoDaddy.com's Deluxe w/ASP before too long.

I got mail! Yay! I got mail! Yay! You go sir.

Finally got mail and site is back up. Zonedit.com is fast w/ their propogation. I was dumped by them in like 2 hours. BellSouth took like 8. I think sombody said why Zonedit.com was so fast, but don't remember what it was.

Zonedit is so quick in dns propogation as they run very short TTL's due to them supporting mainly people with Dynamic IP's and thus need to have records that expire quickly so people get the latest and correct dns (dynamic ip) address info :)

Wow, I know I've read that somewhere else . . . thnx again.

You did ...earlier in this thread actually :D as I posted it here http://www.xtremepccentral.com/forums/showthread.php?postid=69265#post69265 and then again here at http://www.xtremepccentral.com/forums/showthread.php?postid=69775#post69775