none
DNS Server Setup and Issues RRS feed

  • Question

  • Hello All,

    I apologize if this is a repeat, I have scoured google and checked the "related links" that the system offered when I titled my problem and I have yet to find an answer. Short background, I come from a MySQL/GUI development mind set and recently I have been trying to learn and teach myself to work as our server admin as well, due to a project we are starting. The problem? I have setup an internal DNS server for our offices, not for any external use (i.e. home, public, etc.), ideally I have a forward zone called systems that I am using to forward our computers to various internal and external sites run and owned by us, example would be our support guys go to supportdesk.systems and they are rerouted to a machine on our internal 192.168.0.0/16 network. The issue occurs when trying to visit a .com, .net, .org, etc. site, the user gets an error because the server cannot be found. I know that we have a com.dns forward zone and while I am ok with deleting it, I was wondering if there was a way to pull that information from a public server. If not then we'll just 86 that and get the .com requests forwarded outside the network. Regardless of how we do it, I really would like to know more about how public and private DNS providers keep their servers up to date.

    Thank you,

    Jon

    Saturday, August 2, 2014 9:26 PM

Answers

  • the most common ways to fix name resolution for pulic websites:

    a) having a forwarder configured. this will forward all traffic thte server cannot resolve usinghis own zones to an external dns server (like the one from your isp)

    b) use the root hints. this will cause the dns server to resolve each domain by itself using recursion. (ie for mail.domain.com, it would ask the root zone for details on 'com', the 'com' server about 'domain' etc.)

    Both have network connectivity requirements: TCP and UDP 53 towards the external dns servers used.
    Also in both ways, the dns cache is used to optimize performance.

    In general, keeping dns up-to-date is only needed for the zones you own (you are the authority). information on other zones (domains) is to be fetched from the respective authorities.

    Having 'a copy of all records' is only possible by a zone tranfer (used for secondary zones), which has to be allowed by the authority (so it is not ;) ).

    I would recommend you read a bit on dns forwarders, recursion and the different types of zones.

    http://en.wikipedia.org/wiki/Domain_Name_System


    MCP/MCSA/MCTS/MCITP


    • Edited by SenneVL Monday, August 4, 2014 9:16 AM
    • Marked as answer by Alex LvModerator Tuesday, August 26, 2014 7:06 AM
    Monday, August 4, 2014 9:10 AM