[CentOS] Re: DNS Server

Mon Jun 26 01:16:28 UTC 2006
Tom Diehl <tdiehl at rogueind.com>

On Sun, 25 Jun 2006, Thomas E Dukes wrote:

>
>
>> -----Original Message-----
>> From: centos-bounces at centos.org
>> [mailto:centos-bounces at centos.org] On Behalf Of Tom Diehl
>> Sent: Sunday, June 25, 2006 6:11 PM
>> To: CentOS mailing list
>> Subject: [CentOS] Re: DNS Server
>>
>> On Sun, 25 Jun 2006, Thomas E Dukes wrote:
>>
>>>
>>>
>>>> -----Original Message-----
>>>> From: centos-bounces at centos.org
>>>> [mailto:centos-bounces at centos.org] On Behalf Of
>>>> centos at bathnetworks.com
>>>> Sent: Sunday, June 25, 2006 3:25 PM
>>>> To: CentOS mailing list
>>>> Subject: Re: [CentOS] DNS Server
>>>>
>>>>> Hello,
>>>>>
>>>>> I have recently switched from having a dynamic IP address
>>>> and using a
>>>>> DNS service like zoneedit and dyndns to having a static
>> IP address.
>>>>>
>>>>> How do I stop having to use these DNS services and use my own?  I
>>>>> tried changing the DNS servers at my registrar but it won't
>>>> accept my server.
>>>>>
>>>>> TIA
>>>>>
>>>> Does your Registrar supply DNS services itself? I ask as
>> mine does,
>>>> but only forward, but my ISP supplies reverse DNS.
>>>>
>>>
>>> My registrar probably does, not sure about my ISP.  I need
>> the reverse
>>> DNS and I think zoneedit may offer it.  I've been using them for
>>> serveral years with little or if any problems.
>>
>> Your reverse dns MUST come from whoever owns the ipaddress.
>> In 99.9 % of the cases that is your ISP. Some (not many) will
>> actually deligate the reverse dns to you but most will at
>> best add ptr's that match whatever is in the forward zone.
>>
>
> So even if a service such as zoneedit, say they can do reverse DNS, it won't
> work?

They can do it ONLY if whoever owns the ip address will delegate it to them.
Even then in most cases the lookup still has to hit their name servers.
Have a look at RFC 2317 for details on what it takes to delegate less than a
/24.

> I really don't understand how it can work in one direction and not the
> reverse.  If they can keep up with my IP address and match it to my
> domainanme, seems they could do the reverse.

Because the reverse lookups belong to the in-addr.arpa domain and you do not
have the authority to answer lookups for that. You have the authority to
determine who is authoritave for domains which you own. That is the difference.

If you really want to know how dns works I would suggest that you get a copy
of the cricket book [1] and read it. DNS is not really hard once you understand
how it works. The problem is that there are a lot of details you need to 
understand before you can properly configure a name server. If you do manage
to set one up I would also suggest that you visit http://dnsstuff.com and run
the tests there to be sure you got it right.

Regards,

Tom

[1] http://books.google.com/books?id=PGwdIJKRxekC&printsec=frontcover&dq=cricket+book&sig=XGAOSMFKwtVMLuDEZ7DUEKMRNsM