[CentOS] Re: DNS Server

Mon Jun 26 19:35:32 UTC 2006

On Mon, 26 Jun 2006, Paul wrote:

> On Mon, June 26, 2006 7:47 am, Johnny Hughes wrote:
>> On Mon, 2006-06-26 at 07:38 -0400, Thomas E Dukes wrote:
>>>
>>>> -----Original Message-----
>>>> From: centos-bounces at centos.org
>>>> [mailto:centos-bounces at centos.org] On Behalf Of Johnny Hughes
>>>> Sent: Monday, June 26, 2006 7:19 AM
>>>> To: CentOS ML
>>>> Subject: RE: [CentOS] Re: DNS Server
>>>>
>>>> On Sun, 2006-06-25 at 20:32 -0400, Thomas E Dukes wrote:
>>>> <snip>
>>>>
>>>>>
>>>>> So even if a service such as zoneedit, say they can do
>>>> reverse DNS, it
>>>>> won't work?
>>>>>
>>>>> I really don't understand how it can work in one direction
>>>> and not the
>>>>> reverse.  If they can keep up with my IP address and match it to my
>>>>> domainanme, seems they could do the reverse.
>>>>>
>>>>
>>>> OK ... rather than you staying confused on this issue, I will
>>>> try to explain it in basic terms.
>>>>
>>>> DNS converts names to IPs (forward lookups) and IPs to names
>>>> (reverse lookups).
>>>>
>>>> A forward lookup is when you have a name (www.abcxyz.com) and
>>>> need a number.  This this case, there is a domain owner and
>>>> that domain has it's own DNS Zone.  The owner of that Zone
>>>> can put whatever IP addresses
>>>> (numbers) with names that they want in that zone.
>>>>
>>>> In the case of a forward lookup, there is no predefined zone
>>>> at all ...
>>>> you can have as many names as you want, and since people pay
>>>> for it (the name), it stands to reason that will keep it
>>>> updated properly.
>>>>
>>>> A reverse lookup is different.  The standard for reverse
>>>> lookups break them down in "Class C" blocks (that is, the
>>>> first 3 groups of numbers are the network number, the last
>>>> group is the host number).  If you have an ip address of:
>>>>
>>>> 192.87.99.234
>>>>
>>>> The network number is 192.87.99.0, the subnet mask is
>>>> 255.255.255.0, the host number is 234, and the reverse lookup
>>>> domain is:
>>>>
>>>> 99.87.192.in-addr.arpa
>>>>
>>>> All 254 host addresses in that zone are normally assigned
>>>> from the owner of that zone from one machine.  If someone
>>>> buys the whole class C network, they get to control the zone,
>>>> otherwise it is normally controlled by the ISP that owns all the IPs.
>>>>
>>>> It is possible, but not usually done, to break up the reverse
>>>> into smaller ranges.
>>>>
>>>> Tom Diehl has already mentioned RFC 2317:
>>>>
>>>> http://www.faqs.org/rfcs/rfc2317.html
>>>>
>>>> Using the techniques there, an ISP _CAN_ transfer control of
>>>> some reverse lookup domains.  They will normally not do it
>>>> unless you have a fairly large network, however.
>>>>
>>>> I hope this helps you understand that forward zones are
>>>> designed to easily break them down into 1 or 2 names ... but
>>>> reverse zones are predefined and not designed for less than 1
>>>> class C network blocks.
>>>
>>> Hello Johnny,
>>>
>>> I guess that makes sense.  It seems it would create too much work for
>>> the
>>> ISP to handle the reverse lookup for a single IP.  If they dole them out
>>> that way, they should either do it or delegate them.
>>>
>>> All this is to operate a mail server without bounces.  Is this why it
>>> recommedned to use your ISP's mail server as smarthost?  Does this mean
>>> I
>>> would be using the ISP's mail server for outgoing mail?  Or is it just
>>> 'stamped' with the ISP's name to prevent bounces?
>>>
>>> Thanks,
>>>
>>> Eddie
>>
>> Most ISPs block outbound port 25 traffic now ... only allowing mail
>> server operation (or even normal sending of e-mail via a client) to be
>> done out of their mail servers.
>>
>> I had, for many years, run a mail server on my linux box at home.
>> Spammers (and viruses) have ruined that option for us. I now have a
>> domain that I use for e-mail at a hosting provider, as too many servers
>> now block dynamic ranges and cable/dsl ranges to combat spam.
>>
>> I have since just setup an NX desktop and use that to get to my mail at
>> my home desktop when I am not there ... which seems to work OK.
>
> There are a select few ISP's still home-server friendly, one being
> Speakeasy.net.

+1 for Speakeasy. They also have a very active abuse desk.

Regards,

Tom