Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#335971 - 10/08/2010 17:38 DNS question for you all
TigerJimmy
old hand

Registered: 15/02/2002
Posts: 1049
Hi everyone,

I run a personal web/email/DNS server and a few friends have their sites on this machine. The server is 10+ years old and I'm upgrading the hardware. I was wondering what you all think about an idea I have for changing my DNS configuration.

I'm currently running a split-horizon configuration with two views: one for the world with my external IP address, and one for the LAN with the local IP of the server. The network has one static IP address and everything uses NAT to access the internet. I forward the mail, web and DNS ports to the server at the router.

It occurred to me that I wouldn't need to do this. I could use an external DNS service and have A and MX records point to my IP address, and just use a single view internally for local name resolution. Then I can close up the DNS port and not need to worry about keeping bind all up to date for security reasons. Am I missing something here? This ought to work just fine, right? Just have the authoritative DNS service on the internet point MX records to my IP address and everything should continue uninterrupted?

Assuming this seems like a good idea to you, do you have a DNS service you would recommend? I can probably just use the DNS services at the registrar, but these domains are registered at multiple registrars because several of them are for friends who registered their own domain names.

Thanks for your thoughts on this potentially stupid question...

Jim


Edited by TigerJimmy (10/08/2010 17:39)

Top
#335985 - 10/08/2010 19:14 Re: DNS question for you all [Re: TigerJimmy]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Yes, that will work fine.

No recommendations for DNS services, though, unfortunately.
_________________________
Bitt Faulk

Top
#335986 - 10/08/2010 19:15 Re: DNS question for you all [Re: wfaulk]
TigerJimmy
old hand

Registered: 15/02/2002
Posts: 1049
Thanks, Bitt. Just A and MX records pointing to my static IP and I'm golden, right?

Top
#335991 - 10/08/2010 19:43 Re: DNS question for you all [Re: TigerJimmy]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
It shouldn't (need to) be different than what you have now, other than the NS records. If all you currently have are A and MX records, then, yes, that's all you need. You might want to consider adding an SPF record, though.
_________________________
Bitt Faulk

Top
#335992 - 10/08/2010 20:55 Re: DNS question for you all [Re: TigerJimmy]
StigOE
addict

Registered: 27/10/2002
Posts: 568
You may also want to have reverse pointer set up as well, since many domains will block you if you don't have a reverse pointer.

Stig

Top
#335995 - 10/08/2010 21:56 Re: DNS question for you all [Re: StigOE]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
That's completely separate from his domain-name DNS, though, and is controlled by his ISP. Nothing is likely to change there, unless the ISP is delegating those PTR records to Jimmy's DNS as well. I feel like he would have mentioned that, though.
_________________________
Bitt Faulk

Top
#336000 - 11/08/2010 04:53 Re: DNS question for you all [Re: TigerJimmy]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
Originally Posted By: TigerJimmy
It occurred to me that I wouldn't need to do this. I could use an external DNS service and have A and MX records point to my IP address, and just use a single view internally for local name resolution.


This is what I do. My DNS provider (eNom) has A (and CNAME) records that point to my external IP address, where requests are port-forwarded appropriately.

The DNS server on my home network also claims to be authoritative for those domains, and hands out the internal IP addresses. This means that internal clients see the internal IP addresses and external clients see the external address.

My MX records point at GMail.
_________________________
-- roger

Top