The Domain Name Server is the Achilles heel of the Web. The important thing is that it's managed responsibly


(Mark Edworthy) #1

I am setting up a couple of Qemu / KVM VM sessions and would like to set-up reverse DNS zones.
I would like a option in Nethservers web interface to allow for creation of Master / Primary and Slave / Secondary DNS zones. Also I would like to be able add in-addr.arpa addresses.

As an example of what I am attempting, please view the following pages:

https://www.freebsd.org/doc/handbook/network-dns.html


(Alessio Fattorini) #2

That sounds a bit overkill for NethServer, could you explain some use cases? What do you think @filippo_carletti?


(Roberto Sitzia) #3

I think that in small midsize organizations the need to have a full featured DNS server (authoritative) was unnecessary, even in other platforms this is happening.

At the other side, in specific cases (but I think in bigger organizations or at least in a more articulated scenario) the administrator should have the chance to install a full featured DNS server module/package as well as the chance to easily configure what he needs through the GUI.

IMHO I think that NethServer fits better where there is no need of a full featured DNS server.


(Bogdan Costin) #4

@sitz I tend to disagree with you…
For example i do need a full DNS server (authoritative) as for example I host everything my own.
Also there are several cases that I know that need this. So the choice should remain to the Administrator/Manager if he will use full feature DNS or not.

It is better to have full DNS into NS instead of having to relay on other server to do just DNS (increeses the complexity of your infrastructure and number of boxes)

Best regards
Bogdan


(Roberto Sitzia) #5

No problem @Ctek :smile:

Probably you work in different cases than mine.


(Bogdan Costin) #6

Hi Roberto, :smile:
I think that what Alessio sayed is ok, and as you have also suggested, each of us has different uses for NS.
This is what i like about this comunity! Everyone contributes with his ideas and it does not need to be the same :smile: but it is good

What i can say is that I like the ideea of Full DNS because in my case i need it . Below are two scenaryos where you need/do not need full DNS.

  • Hosting everything yourself will require full DNS server (external DNS, where you are your self hosting your domain and have to do reverse dns, with txt and sfp records)

  • a small server without internet visibility does not (internal mail server, or collaborative server or AD server)

If you can add more examples/cases please do.

Best regards
Bogdan


(Michele Bortolotto) #7

just install bind9 and set it up … i can’t really see where is the problem…just a bunch of shell digits


(Roberto Sitzia) #8

Hi Bogdan @Ctek

My cases are generally one of these two:

  • a small existent LAN from min 3 to max 20 clients without a server where clients use email directly from their providers so I put NethServer to manage email inside the company (italian law expect commercial organizations save emails for 10 years) to improve email management and security of data backup.
  • same as above but with an old server (generically Linux server, Microsoft SBS 2003 or other) that need to be replaced with a new one

In both cases I ask to customer’s ISP to make these changes:

  1. publish an A record such as mail.company.tld to NethServer static public IP A.B.C.D
  2. change MX record with mail.company.tld
  3. deactivate any kind of cache, antivirus or antispam filter to avoid third party interferences
  4. where requested/needed set a txt/spf record

You may think:“OK you can host yourself everything” it’s right but I’m not an ISP and I don’t want to be it.


(Bogdan Costin) #9

Hi Roberto, thanx for your coments this is going somwhere now :smile:

@AbsyntH, Michele i know what you say, but this will deafeat the scope of NS :smile: we can do a CLI session for all the services of NS :wink: that will make the web interface not needed anymore :smiley:

So it seems that now we have 3 scenarios…

1 Self hosted self provided DNS/ Email / etc where you will require just an IP and a TLD registration and do the rest yourself
2 Middle box that will act as a gateway/ proxy and retrieval of external emails but will not serve as email server (just a relay)
3 Only internal usage of the services with no exposure to real world of the internal servcices, and act a as a gateway/proxy for local LAN.

I propose that we expand each scenario and see where this leads (what has to be provisioned for each case etc ).


(Artem Fedai) #10

U doesn’t have to fullfill your server by BIND , coz it is huge + isc-dhcpd. DNSMASQ it is the best ligthweight dhcp-dns server , use manual to config it! U are not a provider so U doesn’t have to setup BIND on NS and to Glue U domain to NS IP, but if u need it, setup POWER DNS or BIND manually and Use U brain !


(Michele Bortolotto) #11

(Alessio Fattorini) #12

Love this community description, a friendly discuss help us to know each other and improve our NethServer every single day :wink:


(Mark Edworthy) #13

@alefattorini, Thanks, I think I will try and keep using obscure quotes as thread description in all my future posts. Other bizarre titles I have used includes:
‘We all live every day in virtual environments, defined by our ideas’
‘Just because I am paranoid, doesn’t mean they aren’t hacking my servers’
‘After all, just one virus on a computer is one too many’
‘A straight path never leads anywhere except to the objective’

The more people contribute, the stronger Nethserver becomes (isn’t that the true ethos behind the idea of the open source movement?).


(Alessio Fattorini) #14

I like your subjects, really funny maybe too long! You’re the official NethServer Philosopher! Just kidding :smile: