G'day all, I've been setting up a SOHO network, switching things over from a labour intensive /etc/hosts based system to a more automated setup. With much reading I think I can't see the wood for the trees any more.
I have found a lot of material on the individual components and their configuration, but not on the overall integration of the parts into a whole. Is there such a guide or even schematic to illustrate how and where each component is best used? More specifically:
Is there any overlap in the functions of NIS, bind and LDAP? Or are these mutually exclusive?
When using DHCP, is /etc/hosts redundant?
What is the optimal way to resolve names in a small but growing network?
Any help in clearing the fog will be thankfully received.
Simon Slater wrote:
Is there any overlap in the functions of NIS, bind and LDAP? Or are these mutually exclusive?
I would be surprised if you needed either NIS or LDAP for a SOHO network. However, I would say NIS and LDAP are similar, but bind (i.e. DNS) serves a fundamentally different purpose.
When using DHCP, is /etc/hosts redundant?
Well, you won't /need/ to use it. You configure a server to assign IPs (DHCP) and automatically tell other computers which computer maps to which IPs (DNS).
What is the optimal way to resolve names in a small but growing network?
Depends how small, of course. But I would think a simple DNS/DHCP server like dnsmasq is reasonable for such a network. See http://www.linux.com/articles/149040 for a good start.
Matt Flaschen
On Wed, 2009-03-04 at 03:55 -0500, Matthew Flaschen wrote:
Simon Slater wrote:
Is there any overlap in the functions of NIS, bind and LDAP? Or are these mutually exclusive?
I would be surprised if you needed either NIS or LDAP for a SOHO network. However, I would say NIS and LDAP are similar, but bind (i.e. DNS) serves a fundamentally different purpose.
When using DHCP, is /etc/hosts redundant?
Well, you won't /need/ to use it. You configure a server to assign IPs (DHCP) and automatically tell other computers which computer maps to which IPs (DNS).
What is the optimal way to resolve names in a small but growing network?
Depends how small, of course. But I would think a simple DNS/DHCP server like dnsmasq is reasonable for such a network. See http://www.linux.com/articles/149040 for a good start.
Matt Flaschen
Thanks Matt. I saw dnsmasq mentioned in one how-to but didn't chase it since I was focussing on DHCP and bind. Now there are half a dozen boxes, but will increase to 2 dozen over the next year. Is this still within the scope of dnsmasq? As that article suggests I would like to have the server do the work rather than have the DSL router handle DHCP, firewall etc. Realising there are a variety of solutions, I don't want to come against Ockham's Razor.
Simon Slater wrote:
Thanks Matt. I saw dnsmasq mentioned in one how-to but didn't chase it since I was focussing on DHCP and bind.
DHCP is a protocol and bind is an implementation (of DNS, mainly). You're comparing apples to orchardists.
Now there are half a dozen
boxes, but will increase to 2 dozen over the next year. Is this still within the scope of dnsmasq?
I believe so.
Realising there are a variety of solutions, I don't want to come against Ockham's Razor.
Right, I think dnsmasq is simple but will get your job done.
Matt Flaschen
On Wed, 2009-03-04 at 06:39 -0500, Matthew Flaschen wrote:
Simon Slater wrote:
Thanks Matt. I saw dnsmasq mentioned in one how-to but didn't chase it since I was focussing on DHCP and bind.
DHCP is a protocol and bind is an implementation (of DNS, mainly). You're comparing apples to orchardists.
These are the types of distinctions I need to get clear.
Now there are half a dozen
boxes, but will increase to 2 dozen over the next year. Is this still within the scope of dnsmasq?
I believe so.
Realising there are a variety of solutions, I don't want to come against Ockham's Razor.
Right, I think dnsmasq is simple but will get your job done.
Matt Flaschen
I'll read up on it tomorrow.
Simon Slater wrote:
G'day all, I've been setting up a SOHO network, switching things over from a labour intensive /etc/hosts based system to a more automated setup. With much reading I think I can't see the wood for the trees any more.
I have found a lot of material on the individual components and their configuration, but not on the overall integration of the parts into a whole. Is there such a guide or even schematic to illustrate how and where each component is best used? More specifically:
Is there any overlap in the functions of NIS, bind and LDAP? Or are these mutually exclusive?
Never used NIS, but you CAN use LDAP for your BIND content, but you always need BIND somewhere, and if the app needs LDAP, it needs LDAP (eg SIP).
When using DHCP, is /etc/hosts redundant?
You pretty much need localhost in /etc/hosts. But the basic handles most apps.
What is the optimal way to resolve names in a small but growing network?
Do you have local servers? If not run a namecaching server on your gateway/firewall; most support this. Otherwise, you need a local BIND server, use Webmin to maintain it. I am very experienced with BIND, and still use Webmin.
Simon Slater wrote:
G'day all, I've been setting up a SOHO network, switching things over from a labour intensive /etc/hosts based system to a more automated setup. With much reading I think I can't see the wood for the trees any more.
I have found a lot of material on the individual components and their configuration, but not on the overall integration of the parts into a whole. Is there such a guide or even schematic to illustrate how and where each component is best used? More specifically:
Is there any overlap in the functions of NIS, bind and LDAP? Or are these mutually exclusive?
When using DHCP, is /etc/hosts redundant?
What is the optimal way to resolve names in a small but growing network?
Any help in clearing the fog will be thankfully received.
Oh, the Amahi.org setup looks interesting if you can fit its usage senario....
Matthew Flaschen wrote:
Depends how small, of course. But I would think a simple DNS/DHCP server like dnsmasq is reasonable for such a network. See http://www.linux.com/articles/149040 for a good start.
Matt Flaschen
I also use dnsmasq as well. One thing to keep in mind is that you need to use a static address for the machine you are running it on. You have the option of having it load your hosts file to get all the machine names. This can help with the transition from using the hosts file to using your own DNS server.
Mikkel
Matthew Flaschen wrote:
Robert Moskowitz wrote: Otherwise, you need a local BIND
server, use Webmin to maintain it. I am very experienced with BIND, and still use Webmin.
Why exactly do you think he needs BIND?
If he has internal servers that local hosts need access to.
For example. If he is running an Netbios server and the clients need to access shares on it. He does not want the world to know about this NAS, plus it probably has an RFC1918 address. So with a local BIND server, he would set up an Internal view.
Perhaps he has an internal WiKi. I can go on with internal servers that need name resolution. He can maintain all of this in hosts files on each client as he seems to have done, or he can run his own internal DNS server with an internal view. Webmin makes this relatively easy.
If he has internal servers that local hosts need access to.
For example. If he is running an Netbios server and the clients need to access shares on it.
Right.
He does not want the world to know about this NAS,
Obviously.
plus it probably has an RFC1918 address.
I would definitely recommend a local-only address for the local services.
So with a local BIND server, he would set up an Internal view.
He /could/ do that but you haven't said why he should. If he wants his DNS/DHCP server connected to the outside internet, I would recommend he get two ethernet cards, eth0 and eth1, then configure dnsmasq to only serve on only the local interface. Note that this doesn't require any DNS-specific configurations. It is inherently simple and secure.
Perhaps he has an internal WiKi. I can go on with internal servers that need name resolution.
I think he wants name resolution for all local hosts (why not?).
He can maintain all of this in hosts files on each client as he seems to have done, or he can run his own internal DNS server with an internal view.
Nowhere do you say why the complexity of BIND is necessary. He would be served very well (no pun intended) with a far simpler DNS implementation.
Matt Flaschen
Flaschen, Matthew S wrote:
If he has internal servers that local hosts need access to.
For example. If he is running an Netbios server and the clients need to access shares on it.
Right.
He does not want the world to know about this NAS,
Obviously.
plus it probably has an RFC1918 address.
I would definitely recommend a local-only address for the local services.
So with a local BIND server, he would set up an Internal view.
He /could/ do that but you haven't said why he should. If he wants his DNS/DHCP server connected to the outside internet, I would recommend he get two ethernet cards, eth0 and eth1, then configure dnsmasq to only serve on only the local interface. Note that this doesn't require any DNS-specific configurations. It is inherently simple and secure.
Perhaps he has an internal WiKi. I can go on with internal servers that need name resolution.
I think he wants name resolution for all local hosts (why not?).
He can maintain all of this in hosts files on each client as he seems to have done, or he can run his own internal DNS server with an internal view.
Nowhere do you say why the complexity of BIND is necessary. He would be served very well (no pun intended) with a far simpler DNS implementation.
So your issue is not DNS, but rather the BIND implementation of DNS.
I have been working with BIND since '93. I have not spent any time looking at any other implementations of DNS
Go with whatever floats your boat.
Webmin DOES make working with BIND reasonable.
On Wed, 2009-03-04 at 12:34 -0500, Robert Moskowitz wrote:
Flaschen, Matthew S wrote:
If he has internal servers that local hosts need access to.
At the moment one server offering limited services internally, nothing external.
For example. If he is running an Netbios server and the clients need to access shares on it.
Right.
He does not want the world to know about this NAS,
Obviously
plus it probably has an RFC1918 address.
I would definitely recommend a local-only address for the local services.
So with a local BIND server, he would set up an Internal view.
He /could/ do that but you haven't said why he should. If he wants his DNS/DHCP server connected to the outside internet, I would recommend he get two ethernet cards, eth0 and eth1, then configure dnsmasq to only serve on only the local interface. Note that this doesn't require any DNS-specific configurations. It is inherently simple and secure.
Perhaps he has an internal WiKi. I can go on with internal servers that need name resolution.
I think he wants name resolution for all local hosts (why not?).
Yes
He can maintain all of this in hosts files on each client as he seems to have done, or he can run his own internal DNS server with an internal view.
Nowhere do you say why the complexity of BIND is necessary. He would be served very well (no pun intended) with a far simpler DNS implementation.
So your issue is not DNS, but rather the BIND implementation of DNS.
I have been working with BIND since '93. I have not spent any time looking at any other implementations of DNS
Go with whatever floats your boat.
Webmin DOES make working with BIND reasonable.
Now I've caught up on some sleep I can continue with a clearer head. The single server has 2 nics, one internal the other to the dsl router. For now internal name resolution and dhcp is the issue, but more internal services will be added down the road, as well as web server usw. I started with dhcpd but this does seem more powerful than I need now. I'll check out dnsmasq today.
Now I've caught up on some sleep I can continue with a clearer head. The single server has 2 nics, one internal the other to the dsl router. For now internal name resolution and dhcp is the issue, but more internal services will be added down the road, as well as web server usw. I started with dhcpd but this does seem more powerful than I need now.
I would say dhcpd is less powerful (for your purposes), because it does not integrate DNS and DHCP automatically. Now in many cases dhcpd is perfect, but since you want name resolution for all hosts I think dnsmasq is a better choice.
Matt Flaschen
Simon Slater wrote:
On Wed, 2009-03-04 at 12:34 -0500, Robert Moskowitz wrote:
Flaschen, Matthew S wrote:
If he has internal servers that local hosts need access to.
At the moment one server offering limited services internally, nothing external.
For example. If he is running an Netbios server and the clients need to access shares on it.
Right.
He does not want the world to know about this NAS,
Obviously
plus it probably has an RFC1918 address.
I would definitely recommend a local-only address for the local services.
So with a local BIND server, he would set up an Internal view.
He /could/ do that but you haven't said why he should. If he wants his DNS/DHCP server connected to the outside internet, I would recommend he get two ethernet cards, eth0 and eth1, then configure dnsmasq to only serve on only the local interface. Note that this doesn't require any DNS-specific configurations. It is inherently simple and secure.
Perhaps he has an internal WiKi. I can go on with internal servers that need name resolution.
I think he wants name resolution for all local hosts (why not?).
Yes
He can maintain all of this in hosts files on each client as he seems to have done, or he can run his own internal DNS server with an internal view.
Nowhere do you say why the complexity of BIND is necessary. He would be served very well (no pun intended) with a far simpler DNS implementation.
So your issue is not DNS, but rather the BIND implementation of DNS.
I have been working with BIND since '93. I have not spent any time looking at any other implementations of DNS
Go with whatever floats your boat.
Webmin DOES make working with BIND reasonable.
Now I've caught up on some sleep I can continue with a clearer head. The single server has 2 nics, one internal the other to the dsl router. For now internal name resolution and dhcp is the issue, but more internal services will be added down the road, as well as web server usw. I started with dhcpd but this does seem more powerful than I need now. I'll check out dnsmasq today.
webmin makes dhcpd easier, but as you mentioned there is dnsmasq.
On Wed, 2009-03-04 at 15:57 -0500, Flaschen, Matthew S wrote:
Now I've caught up on some sleep I can continue with a clearer head. The single server has 2 nics, one internal the other to the dsl
router.
For now internal name resolution and dhcp is the issue, but more internal services will be added down the road, as well as web server usw. I started with dhcpd but this does seem more powerful than I
need
now.
I would say dhcpd is less powerful (for your purposes), because it does not integrate DNS and DHCP automatically. Now in many cases dhcpd is perfect, but since you want name resolution for all hosts I think dnsmasq is a better choice.
Yes, thanks Matt. As you pointed out in your first post, I have been seeing the individual components of a network as disparate entities and not necessarily linking them together in the right ways.
What would be really helpful would be if someone could point me to an overview of networking, showing how the various applications, services and protocols link together, overlap, complement or substitute for each other, if such a thing exists.
Maybe good for a Fedora Classroom session. Anyone up for it?
-
Matthew Flaschen -
Mikkel -
Robert Moskowitz -
Simon Slater