[CentOS] Re: DNS Server

Mon Jun 26 12:03:37 UTC 2006
Thomas E Dukes <edukes at alltel.net>

 

> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Paul
> Sent: Monday, June 26, 2006 7:52 AM
> To: CentOS mailing list
> Subject: RE: [CentOS] Re: DNS Server
> 
> On Mon, June 26, 2006 7:47 am, Johnny Hughes wrote:
> > On Mon, 2006-06-26 at 07:38 -0400, Thomas E Dukes wrote:
> >>
> >> > -----Original Message-----
> >> > From: centos-bounces at centos.org
> >> > [mailto:centos-bounces at centos.org] On Behalf Of Johnny Hughes
> >> > Sent: Monday, June 26, 2006 7:19 AM
> >> > To: CentOS ML
> >> > Subject: RE: [CentOS] Re: DNS Server
> >> >
> >> > On Sun, 2006-06-25 at 20:32 -0400, Thomas E Dukes wrote:
> >> > <snip>
> >> >
> >> > >
> >> > > So even if a service such as zoneedit, say they can do
> >> > reverse DNS, it
> >> > > won't work?
> >> > >
> >> > > I really don't understand how it can work in one direction
> >> > and not the
> >> > > reverse.  If they can keep up with my IP address and 
> match it to 
> >> > > my domainanme, seems they could do the reverse.
> >> > >
> >> >
> >> > OK ... rather than you staying confused on this issue, I 
> will try 
> >> > to explain it in basic terms.
> >> >
> >> > DNS converts names to IPs (forward lookups) and IPs to names 
> >> > (reverse lookups).
> >> >
> >> > A forward lookup is when you have a name 
> (www.abcxyz.com) and need 
> >> > a number.  This this case, there is a domain owner and 
> that domain 
> >> > has it's own DNS Zone.  The owner of that Zone can put 
> whatever IP 
> >> > addresses
> >> > (numbers) with names that they want in that zone.
> >> >
> >> > In the case of a forward lookup, there is no predefined 
> zone at all 
> >> > ...
> >> > you can have as many names as you want, and since people 
> pay for it 
> >> > (the name), it stands to reason that will keep it 
> updated properly.
> >> >
> >> > A reverse lookup is different.  The standard for reverse lookups 
> >> > break them down in "Class C" blocks (that is, the first 
> 3 groups of 
> >> > numbers are the network number, the last group is the 
> host number).  
> >> > If you have an ip address of:
> >> >
> >> > 192.87.99.234
> >> >
> >> > The network number is 192.87.99.0, the subnet mask is 
> >> > 255.255.255.0, the host number is 234, and the reverse lookup 
> >> > domain is:
> >> >
> >> > 99.87.192.in-addr.arpa
> >> >
> >> > All 254 host addresses in that zone are normally 
> assigned from the 
> >> > owner of that zone from one machine.  If someone buys the whole 
> >> > class C network, they get to control the zone, otherwise it is 
> >> > normally controlled by the ISP that owns all the IPs.
> >> >
> >> > It is possible, but not usually done, to break up the 
> reverse into 
> >> > smaller ranges.
> >> >
> >> > Tom Diehl has already mentioned RFC 2317:
> >> >
> >> > http://www.faqs.org/rfcs/rfc2317.html
> >> >
> >> > Using the techniques there, an ISP _CAN_ transfer 
> control of some 
> >> > reverse lookup domains.  They will normally not do it unless you 
> >> > have a fairly large network, however.
> >> >
> >> > I hope this helps you understand that forward zones are 
> designed to 
> >> > easily break them down into 1 or 2 names ... but reverse 
> zones are 
> >> > predefined and not designed for less than 1 class C 
> network blocks.
> >>
> >> Hello Johnny,
> >>
> >> I guess that makes sense.  It seems it would create too 
> much work for 
> >> the ISP to handle the reverse lookup for a single IP.  If 
> they dole 
> >> them out that way, they should either do it or delegate them.
> >>
> >> All this is to operate a mail server without bounces.  Is 
> this why it 
> >> recommedned to use your ISP's mail server as smarthost?  Does this 
> >> mean I would be using the ISP's mail server for outgoing 
> mail?  Or is 
> >> it just 'stamped' with the ISP's name to prevent bounces?
> >>
> >> Thanks,
> >>
> >> Eddie
> >
> > Most ISPs block outbound port 25 traffic now ... only allowing mail 
> > server operation (or even normal sending of e-mail via a 
> client) to be 
> > done out of their mail servers.
> >
> > I had, for many years, run a mail server on my linux box at home.
> > Spammers (and viruses) have ruined that option for us. I now have a 
> > domain that I use for e-mail at a hosting provider, as too many 
> > servers now block dynamic ranges and cable/dsl ranges to 
> combat spam.
> >
> > I have since just setup an NX desktop and use that to get 
> to my mail 
> > at my home desktop when I am not there ... which seems to work OK.
> 
> There are a select few ISP's still home-server friendly, one 
> being Speakeasy.net.

Hi Paul,

My ISP, Alltel, doesn't block ports.  I have been using their service for
about 6 years.  Started with a dynamic IP and just switched to a Bussiness
Class DSL with a static IP.  So far they have been easy to deal with.  Its
just hard to find the right person to speak with.

Thanks!!