Re: [cobalt-users] Newbie DNS ? for own network

[Jim Dory <engineer@xxxxxxxxxxxxx>]

OK, this isn't sinking in too well. Some more questions if you don't 
mind horribly: (Plus I'll keep on reading up..)

Paul Warner wrote:

> #  RAQ's resolver is configed through edits to /etc/resolv.conf.  These
>   are the IP addresses of DNS servers YOUR MACHINE will use to
>   resolve names into IP addresses.

This file I probably shouldn't touch? as it is changed by the Cobalt UI 
dns entries?

> #  DNS records to point the outside world TO YOUR MACHINE can
>   be left on register.com or moved to your RAQ.  
>
> #  Assuming you leave them on register.com you need an 'A' record
>   that points to the static IP from your cable co.  you may want to
>   define as shown below to resolve the domain w/o a www to the
>   same server (1st record).
>   nomecity.org.       in      a      xxx.xxx.xxx.xxx
>   www.nomecity.org.       in      a      xxx.xxx.xxx.xxx
>   mail.nomecity.org.       in      a      xxx.xxx.xxx.xxx

I believe I have the DNS records on register.com to point to our static 
IP address as you've shown. I haven't found 'A' records per se on 
register.com. They have a dialog for adding or 'Change IP' where you can 
add a domain name to point to a specific IP address. This I have just 
corrected to add mail.nomecity.org in to point to our static. I'll 
assume these are 'A' records.  I had that under Domain Aliases 
previously, and that must actually have been the CNAMEs that Dan K. had 
found. So I deleted those.

> #  Next you need to define who handles mail for your domain with an
>   MX record:
>   nomecity.org.       in      mx      30 mail.nomecity.org.
>   all mail for nomecity.org will be delivered to mail.nomecity.org.  The
>   30 is a preference value that can be used if you have multiple
>   servers to handle mail.  

On the register.com site, when editing a MX record, you are given host 
name, priority, and mail server entry boxes. I have nomecity.org in the 
host name, (should I include the .org?), I have priority as 'hi', and 
mail server as mail.nomecity.org.

> #  Finally, you will need to do some GUI stuff on your RAQ.  First, go
>   to the SiteAdmin -> ControlPanel -> Email and then make sure
>   that the addresses (IP and names) for 'Relay for following...' has
>   all IPs or host/domain names that will be SENDING via your server.
>   If you spec too broad, then every spammer on your cable provider's
>   net will be able to use your server to send.

Here I could use some more clarification. I have IP addresses for our 
internal lan listed in the form of say 192.168.1.0. Rather than listing 
each client computer's ip address. Is this proper? We use DHCP. When we 
send an email, we are actually using smtp.gci.net (the cable company) as 
the smtp server. Looking in my maillog, I see that gci.net fails to 
resolve, so I'm thinking I need to add it here, under relaying. But how 
would I do that and prevent everyone on the gci network from using me as 
a relay?

> #  Next, make sure that www.nomecity.org, nomecity.com, and
>   mail.nomecity.org are all listed in 'Host/Domain Aliases'.

Here I'm having a problem so I must have something misconfigured. I 
cannot get mail.nomecity.org to stick after entering it. I hit save 
changes, and when I go back to see if it took, it is gone. Won't save. 
Any ideas what to do to rectify?

> #  Lastly, go to the SiteAdmin and check SiteSettings to ensure that
>   www is 'Host Name', nomecity.org is 'Domain Name' and 'Web
>   Server Aliases', and mail.nomecity.org is 'Email Server Aliases'.
>  
Done.

> The changes on register.com can take as long as 48-hours to
> propogate to the world (yourself included).  If you want to setup DNS
> on the RAQ for INTERNAL use to reflect local hosts behind firewall,
> you can treat the server as PRIMARY for nomecity.org and post
> hostname/IP pairs of firewalled devices.  This will provide users with
> a local DNS server.  Users will use this devices IP as their default
> resolver.  If you ARE NOT, then disable DNS on the RAQ as you
> won't be using it.
>
> Clear as mud?
About as clear as mud to me, though I'm sure it will be crystal clear 
when I finally have that 'DOH' moment.  I have this other raq set up as 
a primary dns server. It must have found nomecity.org on its own and 
added it as a master zone. I know not about zones. I did read some 
documentation on them but it failed to make much sense.. yet.  So I just 
tried setting up this email raq to point to the other one for primary 
dns. That would all be internal. My confusion will be apparent with this 
question: Should I go into this other 'trusted' raq, call it green_raq, 
and set up A records and MX records on it as well to point to the 'dmz' 
email raq, call it red_raq? Maybe I'll muck around with that and think 
on it some more. I think I'm more a detail guy and my mind has a hard 
time wrapping around the larger picture. But I'll get it. eventually.

> I am also able to see the Nome Public Schools web page!  It looks like your
> issue may be that your resolver on the RAQ is looking to itself for
> direction
> when it should be looking at your cable provider's DNS server (optimum
> speed).

This this I don't get. I think the school's site is hosted on the cable 
co. gci. I just can't grasp what entry I should put in for Primary DNS 
Server (under Control Panel -> Network). As I've mentioned above, I have 
DNS enabled on this other 'green_raq' for the internal network. I'll 
play around with all this.

> Lemme know if I can clarify or help, but I'm in EDT and won't be up all
> night!
>
> -- Paul
>  

Thanks and cheers,

--
Jim D.