Very Computer

Hi,
  I need some help in figuring out if what I have is correct.  I am on
a cable modem at home.  My ISP has a host record for my ip address
lets say 1-2-3-4.client.ispname.com (for ip 1.2.3.4).  I bought
a domain name (lets say example.com) and pointed my nameserver
name to my ip address (1.2.3.4).  So ns.example.com is pointing to
1.2.3.4.

I have dnscache accepting on an internal ip (192.168.1.1) and tinydns
on my external interface (1.2.3.4).  I am able to reach the internet
just fine from my network at home.  When I do a nslookup or ping
a on 1.2.3.4 (from a windows machine), my isps host name
is resolved (outside my network).  Is there a way so that when I do a
reverse lookup on my ip address, my dns server name is resolved (from
outside my network).  Also, If I have an alias lets say
ftp.example.com, mail.example.com, should I be able to reach it by
pinging it, or doing nslookup from outside the network?  Inside my
network, all of these things that I mention work just fine (reverse
lookup will yield the correct name, aliases return response, etc).
What ways can I verify that my dns is actually working from the
outside.   My ultimate goal to have my own mailserver for example.com.
 I also added an mx to the data file for the mail
server.  Any help would be greatly appreciated.

Sanjiv Patel

  It appears that you have gotten quite far in setting up DNS.  If I
understand
right, you have two copies of named running on your boundary machine, one
to field DNS requests from outside your private network, and one to handle
internal requests.  So far, so good.
  Most ISPs will not give you the rights to supply the reverse-lookup
information
for your system, even if you are supplying the forward translation.  The
reason is
that the reverse lookup data spans a large number of customers, of which you
are
only one.
  To check on how you are perceived by the outside world for either forward
or
reverse lookups, you can use nslookup (at least in current leases of Linux).
My
recommendation is to simulate what a "random" user would do if it wanted to
look
up your domain.
  1. Contact a root server [you can find their addresses in named.ca] and
ask it
to resolve the name.  It probably will not do this directly, but will
redirect you to
the "primary" authoritative source.  nslookup has a server command that
allows you
to specify which server you want to talk to.
  2. Contact that server, and repeat the request.  The reply will be the
authoritative
information on your domain.
  3.  If you want to find out which *other* servers might leap into the gap
if the
primary server is down, try   whois.   It will return to you the definitive
information
about which name-servers are acting for your domain.

Quote:> Hi,
>   I need some help in figuring out if what I have is correct.  I am on
> a cable modem at home.  My ISP has a host record for my ip address
> let’s say 1-2-3-4.client.ispname.com (for ip 1.2.3.4).  I bought
> a domain name (let’s say example.com) and pointed my nameserver
> name to my ip address (1.2.3.4).  So ns.example.com is pointing to
> 1.2.3.4.

> I have dnscache accepting on an internal ip (192.168.1.1) and tinydns
> on my external interface (1.2.3.4).  I am able to reach the internet
> just fine from my network at home.  When I do a nslookup or ping
> –a on 1.2.3.4 (from a windows machine), my isp’s host name
> is resolved (outside my network).  Is there a way so that when I do a
> reverse lookup on my ip address, my dns server name is resolved (from
> outside my network).  Also, If I have an alias let’s say
> ftp.example.com, mail.example.com, should I be able to reach it by
> pinging it, or doing nslookup from outside the network?  Inside my
> network, all of these things that I mention work just fine (reverse
> lookup will yield the correct name, aliases return response, etc).
> What ways can I verify that my dns is actually working from the
> outside.   My ultimate goal to have my own mailserver for example.com.
>  I also added an mx to the “data” file for the mail
> server.  Any help would be greatly appreciated.

> Sanjiv Patel

Quote:>   It appears that you have gotten quite far in setting up DNS.  If I
> understand
> right, you have two copies of named running on your boundary machine,

  Nope, he's eschewed bloat, inefficiency, instability, and insecurity,
and used djbdns, just like he said in the subject.   ; )

steve

This didn't seem to be a security or redhat question so I left them off
the reply.

You have to get your ISP to either modify the reverse DNS entry to match
what you want or to delegate it to you. Some ISPs do this; others don't.

P.S. It is a good idea not to supply bogus information in requests for
help. Sometimes it is useful to see what your DNS server is actually
returning and we can't if we have bogus information. Public DNS data is
public and there isn't much point hiding it from people you want to help
you.

Hi,
  My ISP has a host record for my ip address
12-235-36-74.client.attbi.com (for ip 12.235.36.74). I bought a domain
name (pate1.com) and pointed my nameserver name to my ip address
12.235.36.74).  So ns.pate1.com is pointing to 12.235.36.74.  Do a
reverse lookup for my ip and you'll see what I mean.  I am expecting
ns.pate1.com however I get 12-235-36-74.client.attbi.com.  Is there a
way to override their host record with mine?  Are there any other ways
around this so that I can host my own mailserver?

Sanjiv Patel

Only if they let you. You need to talk to them about this. Some places
do it and others don't want the hassel. For example, I use Speakeasy
for some stuff and their policy is that they won't delegate the reverse
IP address to you, but will change their PTR record to match your domain
name instead of their default.

The reason you can't do it on your own, is that nobody (in general - you
can make people under your control do it) is going to ask your name server
for the PTR record corresponding to your IP address unless your ISP tells
them to.