Edward Dekkers edward@tripled.iinet.net.au wrote:
Hey there guys,
for years I've run fetchmail to grab mail from my isp in multidrop mode.
Now, my area is finally ADSL enabled. The ISP I'm going with gives out free static IP addresses. I've also bought a domain name which is currently parked.
I'm pretty sure I can get the sendmail part sorted, but DNS has me confused. At the domain name site, I can put in two name server fields.
Originally I thought I could just run DNS here on my Linux box. But apparently from what I understand of the reading I'm doing I'd need two servers to do this.
Other readings I'm doing are telling me to use my ISP's DNS servers and have them set up the records for me.
I've been doing *EXACTLY* this for quite a few years. Dan's advice will get you started on DNS but you should probably take things slowly. Get your DNS set up and check that you can "find yourself" from outside your own network (e.g., go to someplace that provides public internet access and make sure you can connect). Make sure your ISP allows you to run your own servers. Many ISPs do not or require that you purchase a business account in order to do so.
As another poster has pointed out, you are supposed to have more than one DNS pointing to your network. The internet police will not swoop down on you if you don't but your network disappears whenever your name server is down. A quick reboot isn't usually a problem but you probably ought to have some sort of backup available in case you have a hardware failure that has your DNS down for a lengthy period of time. As an example, my DNS box is also the primary server for my home network so I set all of the drives up with Linux software RAID and then confirmed that the box still functions if I remove a ribbon cable from any disk. In addition, I have an old PIII/733 that I typically use for testing that I can swap in if I have to.
Once you have your network "live" you can start messing with sendmail. Make sure you disable relaying from outside your network. Getting a basic configuration working isn't hard and it's really nice to be able to control your own e-mail. The only problem I've run into is my ISP still claims my IP address on a reverse look-up so there are a very few places (spamhaus in particular) who won't accept e-mail from my domain.
Cheers, Dave
Edward Dekkers edward@tripled.iinet.net.au wrote:
Hey there guys,
for years I've run fetchmail to grab mail from my isp in multidrop mode.
Now, my area is finally ADSL enabled. The ISP I'm going with gives out free static IP addresses. I've also bought a domain name which is currently parked.
I'm pretty sure I can get the sendmail part sorted, but DNS has me confused. At the domain name site, I can put in two name server fields.
Originally I thought I could just run DNS here on my Linux box. But apparently from what I understand of the reading I'm doing I'd need two servers to do this.
Other readings I'm doing are telling me to use my ISP's DNS servers and have them set up the records for me.
I've been doing *EXACTLY* this for quite a few years. Dan's advice will get you started on DNS but you should probably take things slowly. Get your DNS set up and check that you can "find yourself" from outside your own network (e.g., go to someplace that provides public internet access and make sure you can connect). Make sure your ISP allows you to run your own servers. Many ISPs do not or require that you purchase a business account in order to do so.
As another poster has pointed out, you are supposed to have more than one DNS pointing to your network. The internet police will not swoop down on you if you don't but your network disappears whenever your name server is down. A quick reboot isn't usually a problem but you probably ought to have some sort of backup available in case you have a hardware failure that has your DNS down for a lengthy period of time. As an example, my DNS box is also the primary server for my home network so I set all of the drives up with Linux software RAID and then confirmed that the box still functions if I remove a ribbon cable from any disk. In addition, I have an old PIII/733 that I typically use for testing that I can swap in if I have to.
Once you have your network "live" you can start messing with sendmail. Make sure you disable relaying from outside your network. Getting a basic configuration working isn't hard and it's really nice to be able to control your own e-mail. The only problem I've run into is my ISP still claims my IP address on a reverse look-up so there are a very few places (spamhaus in particular) who won't accept e-mail from my domain.
Hi
I'm in the middle of a similar exercise - I found the DNS how-to extremely helpful. You might want to give it a shot. I bought the o'reilly books too, but the how-to really does cover stuff very quickly. I had always thought dns was a minefield, but once you look at it logically for your network it all makes sense fairly quickly. I guess I'm a month into it now from my first stab at it. It's well worth the effort I do have to say.
Best of luck
Bry
Ah yes I forgot to provide links to those most helpful pieces of information. http://tldp.org/HOWTO/DNS-HOWTO-5.html http://www.linux.org/docs/ldp/howto/DNS-HOWTO.html http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch18_:_Confi...
On 11/3/06, Bryan Hepworth bryan@redfedora.co.uk wrote:
Edward Dekkers edward@tripled.iinet.net.au wrote:
Hey there guys,
for years I've run fetchmail to grab mail from my isp in multidrop mode.
Now, my area is finally ADSL enabled. The ISP I'm going with gives out free static IP addresses. I've also bought a domain name which is currently parked.
I'm pretty sure I can get the sendmail part sorted, but DNS has me confused. At the domain name site, I can put in two name server fields.
Originally I thought I could just run DNS here on my Linux box. But apparently from what I understand of the reading I'm doing I'd need two servers to do this.
Other readings I'm doing are telling me to use my ISP's DNS servers and have them set up the records for me.
I've been doing *EXACTLY* this for quite a few years. Dan's advice will get you started on DNS but you should probably take things slowly. Get your DNS set up and check that you can "find yourself" from outside your own network (e.g., go to someplace that provides public internet access and make sure you can connect). Make sure your ISP allows you to run your own servers. Many ISPs do not or require that you purchase a business account in order to do so.
As another poster has pointed out, you are supposed to have more than one DNS pointing to your network. The internet police will not swoop down on you if you don't but your network disappears whenever your name server is down. A quick reboot isn't usually a problem but you probably ought to have some sort of backup available in case you have a hardware failure that has your DNS down for a lengthy period of time. As an example, my DNS box is also the primary server for my home network so I set all of the drives up with Linux software RAID and then confirmed that the box still functions if I remove a ribbon cable from any disk. In addition, I have an old PIII/733 that I typically use for testing that I can swap in if I have to.
Once you have your network "live" you can start messing with sendmail. Make sure you disable relaying from outside your network. Getting a basic configuration working isn't hard and it's really nice to be able to control your own e-mail. The only problem I've run into is my ISP still claims my IP address on a reverse look-up so there are a very few places (spamhaus in particular) who won't accept e-mail from my domain.
Hi
I'm in the middle of a similar exercise - I found the DNS how-to extremely helpful. You might want to give it a shot. I bought the o'reilly books too, but the how-to really does cover stuff very quickly. I had always thought dns was a minefield, but once you look at it logically for your network it all makes sense fairly quickly. I guess I'm a month into it now from my first stab at it. It's well worth the effort I do have to say.
Best of luck
Bry
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Hi
I'm in the middle of a similar exercise - I found the DNS how-to extremely helpful. You might want to give it a shot. I bought the o'reilly books too, but the how-to really does cover stuff very quickly. I had always thought dns was a minefield, but once you look at it logically for your network it all makes sense fairly quickly. I guess I'm a month into it now from my first stab at it. It's well worth the effort I do have to say.
Best of luck
Bry
I think you'll find that trying to run OUTGOING mail from your server will be a continuous exercise in frustration. The IP address you get will be in a netblock of known DSL addresses, and will probably have an rDNS entry that also identifies it as a DSL line. Many spam blacklists (RBLs) automatically block DSL netblocks and rDNS entries because of the simple fact that a huge percentage of spam originates at these addresses. Here's what happens if your SMTP server is configured to deliver mail directly:
1) You send an email from a client on your internal network 2) It goes to your SMTP server 3) Your SMTP server determines where to send the email and connects to the destination SMTP server. 4) The receiving server looks up your IP address in one or more blacklists. Your netblock appears on these blacklists, so a positive response is returned. 5) The receiving server rejects (bounces) the mail
While you will be able to RECEIVE email just fine (after you get the DNS set up correctly), you will probably have to continue using your ISP's SMTP server for outgoing mail. You can accomplish this one of two ways:
1) Configure each internal email client to use the ISP SMTP server directly 2) Configure the internal email clients to use your SMTP server, and then configure your SMTP server to forward all mail through your ISP's server (called "smarthost").
Also, consider that properly configuring an email server is a non-trivial exercise, and improper configuration can lead to an open relay (where anybody can send mail through your server), which will get your address on blacklists (if it's not there already). Not only that, many blacklists are voracious and spiteful, and will blacklist an entire netblock based on a single open relay violation. Not only will your address be blacklisted, but everybody else in the same netblock.
Poorly configured open relays are a major source of SPAM. Please do not attempt this until after you have learned MUCH more about SMTP and DNS.
On Fri, Nov 03, 2006 at 11:51:28 -0600, Jim Garrison jhg@jhmg.net wrote:
I think you'll find that trying to run OUTGOING mail from your server will be a continuous exercise in frustration. The IP address you get will be in a netblock of known DSL addresses, and will probably have an rDNS entry that also identifies it as a DSL line. Many spam blacklists (RBLs) automatically block DSL netblocks and rDNS entries because of the simple fact that a huge percentage of spam originates at these addresses. Here's what happens if your SMTP server is configured to deliver mail directly:
He was going to get static IP addresses. Those don't typically get black listed in blocks the same way dynamic ones do. Also they may let him set up PTR records that list hist hostname rather than a name that looks like a random DSL hostname. (For example Speakeasy will do this for you.)
I would agree with Dave, take it very slow, DNS can be VERY frustrating. Here is a link to another Public DNS Service. http://www.granitecanyon.com/ I used to use them a while back, they have some online tools to help you, I think they even provide primary DNS as well as secondary DNS.
As far as bind goes there are many tutorials out there for setting up hosting, you could just look at the bind portion of those to get an idea and then tailor them to your specific needs, also the Public DNS services might also provide you with some information. You could also set it up through the Public DNS and then just point your domain to their servers, and then you just have to make sure that your mail server resolves properly, ie it knows that it is mail.blah.com. One last spot would be your ASDL provider, but they might want $$$.
Dan
On 11/3/06, David G. Miller dave@davenjudy.org wrote:
Edward Dekkers edward@tripled.iinet.net.au wrote:
Hey there guys,
for years I've run fetchmail to grab mail from my isp in multidrop mode.
Now, my area is finally ADSL enabled. The ISP I'm going with gives out free static IP addresses. I've also bought a domain name which is currently parked.
I'm pretty sure I can get the sendmail part sorted, but DNS has me confused. At the domain name site, I can put in two name server fields.
Originally I thought I could just run DNS here on my Linux box. But apparently from what I understand of the reading I'm doing I'd need two servers to do this.
Other readings I'm doing are telling me to use my ISP's DNS servers and have them set up the records for me.
I've been doing *EXACTLY* this for quite a few years. Dan's advice will get you started on DNS but you should probably take things slowly. Get your DNS set up and check that you can "find yourself" from outside your own network (e.g., go to someplace that provides public internet access and make sure you can connect). Make sure your ISP allows you to run your own servers. Many ISPs do not or require that you purchase a business account in order to do so.
As another poster has pointed out, you are supposed to have more than one DNS pointing to your network. The internet police will not swoop down on you if you don't but your network disappears whenever your name server is down. A quick reboot isn't usually a problem but you probably ought to have some sort of backup available in case you have a hardware failure that has your DNS down for a lengthy period of time. As an example, my DNS box is also the primary server for my home network so I set all of the drives up with Linux software RAID and then confirmed that the box still functions if I remove a ribbon cable from any disk. In addition, I have an old PIII/733 that I typically use for testing that I can swap in if I have to.
Once you have your network "live" you can start messing with sendmail. Make sure you disable relaying from outside your network. Getting a basic configuration working isn't hard and it's really nice to be able to control your own e-mail. The only problem I've run into is my ISP still claims my IP address on a reverse look-up so there are a very few places (spamhaus in particular) who won't accept e-mail from my domain.
Cheers, Dave
-- Politics, n. Strife of interests masquerading as a contest of principles. -- Ambrose Bierce
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Edward Dekkers edward@tripled.iinet.net.au wrote:
Originally I thought I could just run DNS here on my Linux box. But apparently from what I understand of the reading I'm doing I'd need two servers to do this.
For a home DSL system having two DNS servers is overkill. If your network is down none of your services are going to be working anyway, so having a DNS on another network isn't going to help. Some registrars may enforce this requirement though. If so you might be able to make a deal with another person in a similar situation to provide DNS service for each other.
For more arguments on why you don't really need two DNS servers in this case see: http://cr.yp.to/djbdns/third-party.html
The problem is, is that most registrars require at least two DNS servers with different IP addresses, so that is why most are suggesting that he get a free secondary DNS server.
On 11/3/06, Bruno Wolff III bruno@wolff.to wrote:
Edward Dekkers edward@tripled.iinet.net.au wrote:
Originally I thought I could just run DNS here on my Linux box. But apparently from what I understand of the reading I'm doing I'd need two servers to do this.
For a home DSL system having two DNS servers is overkill. If your network is down none of your services are going to be working anyway, so having a DNS on another network isn't going to help. Some registrars may enforce this requirement though. If so you might be able to make a deal with another person in a similar situation to provide DNS service for each other.
For more arguments on why you don't really need two DNS servers in this case see: http://cr.yp.to/djbdns/third-party.html
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
On Fri, Nov 03, 2006 at 13:23:55 -0500, Dan McCullough dan.mccullough@gmail.com wrote:
The problem is, is that most registrars require at least two DNS servers with different IP addresses, so that is why most are suggesting that he get a free secondary DNS server.
Or he could deal with a more reasonable registrar.
From: "Bruno Wolff III" bruno@wolff.to
Edward Dekkers edward@tripled.iinet.net.au wrote:
Originally I thought I could just run DNS here on my Linux box. But apparently from what I understand of the reading I'm doing I'd need two servers to do this.
For a home DSL system having two DNS servers is overkill. If your network is down none of your services are going to be working anyway, so having a DNS on another network isn't going to help. Some registrars may enforce this requirement though. If so you might be able to make a deal with another person in a similar situation to provide DNS service for each other.
For more arguments on why you don't really need two DNS servers in this case see: http://cr.yp.to/djbdns/third-party.html
If it goes down for an extended period of time, as with a power loss and the UPS ran down, then when the UPS and machine come back up say a day or two later it will take a long time for the various DNS servers to find it again. It's better to have someone providing secondary name server for you. It's usually cheap. And you can configure it to update from your name server when you change your server's data.
{^_^}
On Fri, Nov 03, 2006 at 12:37:44 -0800, jdow jdow@earthlink.net wrote:
If it goes down for an extended period of time, as with a power loss and the UPS ran down, then when the UPS and machine come back up say a day or two later it will take a long time for the various DNS servers to find it again. It's better to have someone providing secondary name server for you. It's usually cheap. And you can configure it to update from your name server when you change your server's data.
Only if you conside "long" to be a couple of minutes. Negative cache entries aren't supposed be cached very long. While there are some ISPs that ignore TTLs, I haven't heard of many that cache negative entries for extended periods of time.
On Fri, 3 Nov 2006, jdow wrote:
From: "Bruno Wolff III" bruno@wolff.to
Edward Dekkers edward@tripled.iinet.net.au wrote:
Originally I thought I could just run DNS here on my Linux box. But apparently from what I understand of the reading I'm doing I'd need two servers to do this.
For a home DSL system having two DNS servers is overkill. If your network is down none of your services are going to be working anyway, so having a DNS on another network isn't going to help. Some registrars may enforce this requirement though. If so you might be able to make a deal with another person in a similar situation to provide DNS service for each other.
For more arguments on why you don't really need two DNS servers in this case see: http://cr.yp.to/djbdns/third-party.html
If it goes down for an extended period of time, as with a power loss and the UPS ran down, then when the UPS and machine come back up say a day or two later it will take a long time for the various DNS servers to find it again. It's better to have someone providing secondary name server for you. It's usually cheap. And you can configure it to update from your name server when you change your server's data.
And on top of that a minimum of 2 geographically diverse nameservers are required by RFC.
PLEASE, if your not going to do it right do NOT do it. When you think you have things setup correctly go here: http://www.dnsreport.com/ and see if you really do. you would be suprised how easy it is to get things wrong.
Regards,
On Fri, 3 Nov 2006, Bruno Wolff III wrote:
For more arguments on why you don't really need two DNS servers in this case see: http://cr.yp.to/djbdns/third-party.html
id expect this tripe from him, the one who hasnt made his mail server compatible for current compilers without someone elses patches, for several years, its so outdated and flawed by default, and a lot of other things so dont get me started on djb and his way of thinking :) he needs to coke back to reality
Secondary DNS required by "some"? it is mandatory for two (but id expect djb to think hes above them)
Sec DNS offsite and a sec MX offsite = mail is collected for when primary mx is back, MANY mail servers refuse to try sec mx's, hotmail used to be like this and AFAIK prolly still is this way.
djb prolly wrote that in 1999 like most of the stuff he wrote and hasnt looked at it since and prolly has as many friends now as he did back in 1999 so he couldnt care if his mail is unreachable :)
On Sat, Nov 04, 2006 at 10:33:47 +1000, Res res@ausics.net wrote:
On Fri, 3 Nov 2006, Bruno Wolff III wrote:
For more arguments on why you don't really need two DNS servers in this case see: http://cr.yp.to/djbdns/third-party.html
id expect this tripe from him, the one who hasnt made his mail server compatible for current compilers without someone elses patches, for several years, its so outdated and flawed by default, and a lot of other things so dont get me started on djb and his way of thinking :) he needs to coke back to reality
qmail is a different issue. The arguments at the link I posted are still relevant today. If you aren't replicating your other servers in different geographic locations, there isn't much benefit to replicating your DNS servers in different geographic locations.
If you are running your own server on your DSL connection, having someone else acting as a backup dns server doesn't provide you with much benefit and there are downsides you need to balance against that.
It is reasonable to ask whether you really want to be running a mail or web server on your DSL connection, but if you do go that way, getting someone else to run secondary DNS server for you is going to be a waste of effort unless the registrar you deal with forces you to do it.
On Fri, 2006-11-03 at 10:08 -0700, David G. Miller wrote:
The only problem I've run into is my ISP still claims my IP address on a reverse look-up so there are a very few places (spamhaus in particular) who won't accept e-mail from my domain.
This is where it's an advantage to get your ISP to host your DNS records. You *may* be able to get them to put in a PTR record for you. You've very unlikely to get them to do so when you host your records elsewhere.
On Sat, Nov 04, 2006 at 09:58:24 +1030, Tim ignored_mailbox@yahoo.com.au wrote:
On Fri, 2006-11-03 at 10:08 -0700, David G. Miller wrote:
The only problem I've run into is my ISP still claims my IP address on a reverse look-up so there are a very few places (spamhaus in particular) who won't accept e-mail from my domain.
This is where it's an advantage to get your ISP to host your DNS records. You *may* be able to get them to put in a PTR record for you. You've very unlikely to get them to do so when you host your records elsewhere.
Speakeasy will do this for you. They are available in a lot of the US. (They use COVAD and New Edge Networks for CLECs, so at least one of those two needs to have equipment in your CO to get their DSL service.)