how to host my own DNS for websites?

G

Guest

I have some domain names (example mycompany.com) which I would like to host
them on my server. I think the best way to do this is to create my own DNS(s)
and put those DNS(s) on those domain names. Am I correct? What would be the
best solution on assigning my public IPs to DNS(s)?

Here is my hardware/software configuration:
I’m running SBS 2003 Premium without ISA but I have a hardware
firewall/router between internet and server. The firewall has my public IP
which is directing the traffics to my server which has a private IP.

I tried to host my own DNS(s) but no success with my SBS box. Do you think
the problem is the version of software that I am using or maybe I have to
assign my public ip right on my external NIC? Maybe I should not use SBS? My
limited knowledge is limiting me so I don’t really know where the problem is
and how I can fix it. Or maybe I have to get different version of Microsoft
Server?

Please advice me.

Thanks,

Mike
 
P

Paul

Hi,

Just my c cents, but you shouldn't really host your own dns on a single
connection. If it ever goes down you will loose all name resolution for
your domain and bad things happen to your site and mail. You really need a
minimum of 2 servers on 2 different conections to host dns reliably. There
are many providers that will do this for you for as little as a few pounds a
year, so is it worth the bother?

On the other hand if you do want to go ahead what you have got should get
you going. You'll probably need to setup a minimum of 2 dns servers for the
registries to register names. This either means two servers on different
IP's or 2 IP's pointing to a single server (which is bad!). You'll probably
need to register these IP's/DNS servers as name servers with your domain
registrar before you can get glue in the roots for them (assuming it's
..coms, .nets, etc). Various different registries have different policies, so
it'll depend on what TLD's you have.

To get a reliable service, if you are concerned with that, I would not try
to host this part of your website yourself.
 
G

Guest

Paul,

Thanks for your time.

I totaly agree regarding not hosting my own dns(s) but I don't know where to
start. On my other posts I heard about zoneedit.com but still I am not sure
how to start. On the other hand since I am not big hosting company and since
I boot my server from time to time, I really like the idea having my DNSes to
be hosted outside. Since I have my company's domain registered with
register.com, can I have register.com to configure that name as my DNS server
by adding DNS1 and DNS2 to it? I actually called them 2 weeks ago and asked
them to point DNS1 & DNS2 .mydomain.com to my server's public IP address and
that didn't work! Now after 2 weeks still when I ping my other domains which
are pointing to my DNS1 and DNS2 as their Domain Servers I don't get any ip
resolved !!!

As I explained I need to host my own webpages and email in-house but I have
problem on driving the traffic to my server. I really like to expand my
server by hosting more and more domain names and if I can have my own DNS1
and DNS2 then my life would be alot easier than pointing each domain manually
to my ip!!! Please advice

Thanks,

Mike
 
P

Paul

I like www.microtech.co.gg, but I'm biased :)

Some companies won't simply point your domains to 2 supplied IP's. An if
you have not registered them as name servers with register.com then the
names will not have 'glue' at the roots either.

Did you forward port 53, both udp and tcp on your router back to your
server? Another thing to be careful of, some routers only forward from the
outside in, not from the inside, so you have to be careful. You may think
it is not working from inside your network when in fact it is resolving for
outside clients ok.
 
P

Paul

BTW - If you want to post the ips or your dns servers and the name of a
domain you think you have configered on it, I'll test them for you.
 
G

Guest

dns1.elegantwebservices.com
64.81.37.108

Paul said:
BTW - If you want to post the ips or your dns servers and the name of a
domain you think you have configered on it, I'll test them for you.
Click to expand...
 
G

Guest

I have everything about port 53 opened on my firewall but still when i check
i see port 53 is closed.
 
P

Paul Smith

OK, dns1.elegantwebservices.com resolves from glue which is good. They
obviously added your name as a name server.

There seems to be no port 53 running on your ip, so 1 of three things is
probably happening.

your dns server is not running on the private IP you thought it was. Try
enabling to listen on all interfaces and check your router forwarding
Your router is not forwarding port 53 to your server (udp and tcp) or it has
firewalled it
Your ISP has blocked port 53. Somtimes ISP's block incomming service ports,
though it's more comming on 25 and 80.
 
G

Guest

your dns server is not running on the private IP you thought it was. Try
enabling to listen on all interfaces
Click to expand...
I think it is enabled since it's running. I have created forwards for every
domain that I wish to host on this server. How can I check this?

and check your router forwarding
Your router is not forwarding port 53 to your server (udp and tcp) or
Click to expand...
I can see port 53 UDP and TCP enabled just how SMTP and HTTP are enabled.
it has
firewalled it
Your ISP has blocked port 53. Somtimes ISP's block incomming service ports,
though it's more comming on 25 and 80.
Click to expand...
I am not sure about this. I am running ADSL

can we communicate via email? ([email protected])

Thanks,

Mike
 
P

Paul Smith

Sometimes ISP's block incoming services on ADSL lines. It's certainly not
open from here.

try

nslookup yourdomainname.com 192.168.0.1

assuming your internal dns server is 192.168.0.1

This should try to query your internal server. If this works, either your
forwarding is broken or your port is blocked. I take it that you have a
gateway on the server, i.e. can you surf the net without using a proxy
server? You need to make sure the server can reply to incomming queries.
Are you able to set the tcp ip properties of the server to the dns server
itself and continue to surf?
 
J

Jeff Westhead [MSFT]

You could also just try following the steps in the article. It should take
about 5 minutes to confirm either way. You can't break anything by
implementing this setting.
 
G

Guest

I did these but no luck.

I actually noticed port 53 is not saying it is BLOCKED and is saying CLOSED.

DNS 53 CLOSED This port has responded to our probes. This means that you are
not running any application on this port, but it is still possible for
someone to crash your computer through known TCP/IP stack vulnerabilities.

So it is not my firewall.
I also called my ISP and they confirmed all ports are open.
 
J

Jeff Cochran

I have some domain names (example mycompany.com) which I would like to host
them on my server. I think the best way to do this is to create my own DNS(s)
and put those DNS(s) on those domain names. Am I correct? What would be the
best solution on assigning my public IPs to DNS(s)?

Here is my hardware/software configuration:
I’m running SBS 2003 Premium without ISA but I have a hardware
firewall/router between internet and server. The firewall has my public IP
which is directing the traffics to my server which has a private IP.

I tried to host my own DNS(s) but no success with my SBS box. Do you think
the problem is the version of software that I am using or maybe I have to
assign my public ip right on my external NIC? Maybe I should not use SBS? My
limited knowledge is limiting me so I don’t really know where the problem is
and how I can fix it. Or maybe I have to get different version of Microsoft
Server?
Click to expand...

SBS works fine. If you have ISA running, you need to configure it to
allow DNS. Might check the SBS group for specifics since there are
some peculiarities to SBS. Beyond that:

DNS Basics for IIS Administrators:
http://www.iisanswers.com/articles/dns_for_iis.htm

Domain Name System (DNS) Center Knowledge Base Articles:
http://www.microsoft.com/windows2000/technologies/communications/dns/dnskbs.asp

Might help to know the version of SBS.

Jeff
 
A

Ace Fekay [MVP]

In
Jeff Cochran said:
SBS works fine. If you have ISA running, you need to configure it to
allow DNS. Might check the SBS group for specifics since there are
some peculiarities to SBS. Beyond that:

DNS Basics for IIS Administrators:
http://www.iisanswers.com/articles/dns_for_iis.htm

Domain Name System (DNS) Center Knowledge Base Articles:
http://www.microsoft.com/windows2000/technologies/communications/dns/dnskbs.asp

Might help to know the version of SBS.

Jeff
Click to expand...

I was just thinking the same thing, Jeff. If ISA is running, a rule needs to
be created and applied to allow DNS traffic inbound and outbound. Hence why
I believe it's currently showing up as 'closed' in the tests.

Maybe this may help, but not sure about the subtle differences with SBS:

Running a DNS Server on an ISA Server:
http://www.isaserver.org/articles/Running_a_DNS_Server_on_the_ISA_Server.html

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
G

Guest

I fixed the issue,

The problem was the DNS Interfaces

I went to DNS properties and added my external NIC ip to the Interfaces tab
and now port 53 is listenning to the incoming requests :) All my sites are
working now.
 
A

Ace Fekay [MVP]

In
Mike R. said:
I fixed the issue,

The problem was the DNS Interfaces

I went to DNS properties and added my external NIC ip to the
Interfaces tab and now port 53 is listenning to the incoming requests
:) All my sites are working now.
Click to expand...

Ah yes, I *assumed* it was listening on the external interface. I should
have asked... :)

Ace
 
G

Guest

Ace,

Quick question:

Under Forward Lookup Zones where should Host (A) name point to?
To Local NIC IP or External NIC IP or Public IP or Router IP?

Currently it's pointing to my Public IP and I don't know if that's the way
of forwarding it.

Can you please adivce me?

Thanks,

Mike
 
A

Ace Fekay [MVP]

In
Mike R. said:
Ace,

Quick question:

Under Forward Lookup Zones where should Host (A) name point to?
To Local NIC IP or External NIC IP or Public IP or Router IP?

Currently it's pointing to my Public IP and I don't know if that's
the way of forwarding it.

Can you please adivce me?

Thanks,

Mike
Click to expand...


Thats another good question. If you point to the external NIC, then the
internal folks cannot get to it, since that's the purpose of what you're
doing. This is a true example of needing a separate DNS to host your
external records for running an internal webserver for public use, since the
internal folks need to get to it too.

Ace
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Dlink router / DNS - Windows 2000 DNS problems 2
why doesn't this DNS server on windows 2008 work? 5
Redirecting a DNS request 3
Internal host with external FQDN 1
own a DNS server 7
external DNS settings 2
Need DNS to point use external NS for singe website 5
Internet DNS, pinging www vs. " ", & Secondary DNS showing own local IP vs WAN 6

Top