basic client setup plus name resolving from HW router

[Simon Hobson]

Olivier Schreiber wrote:

>  > You need to have dhcp-server and bind installed (you do not need
>>  dhcp-client on the machine you use as the server).
>>  On bind, configure a forward and reverse zone for your network
>  > (ie mydomain.com and 123.168.192.arpa).
>
>Would you mind clarifying the two above addrsses?
>I am not sure they are chosen or imposed by reading your explanations
>below. The `arpa' string is confusing me.

OK, the two zones in DNS you need are :

mydomain.com - this is what is commonly referred to as the 'forward' 
zone, it is used when you type in something like "ssh 
somemachine.mydomain.com" to resolve the name to an address. 
mydomain.com is however just an example, you should use your own 
domain here.

123.168.192.arpa - this is the 'reverse' zone, used to do lookups in 
the reverse direction to normal. When you (for example) ssh into 
another machine, it will most likely try and resolve your address for 
the benefit of logs etc - so it can log a connection from 
"mylaptop.mydomain.com" instead of 192.168.123.42. The way it works 
is that whatever address is given, reverse the order of the octets, 
and append "in-addr.arpa" - this makes the address into something 
with the same structure as the domain names so it can easily be 
handled by the same delegation process.

To see how this works, try :
dig +trace www.thehobsons.co.uk
dig +trace -x 212.159.9.131

This will show you the nameservers/delegations used to get from the 
root of the dns tree down to an individual node.


However, by setting up the two zones in your own dns server, queries 
for addresses in these zones will never be sent outside as your own 
server already has answers. Thus, within your own network, you can 
resolve (eg) somemachine.mydomain.com to an IP address, and resolve 
an IP address in the 192.168.123.0/24 network to a name.

You can configure your dns server in two ways for dealing with 
names/addresses that are not in your network :
1) forward any other queries to other dns servers (typically those 
provided by your ISP) - generally called a "forwarder".
2) go find the results itself, starting at the root nameservers.

All this is definitely not DHCP related, there is much out there on 
dns, but I would recommend an O'Reilly book called "DNS and Bind" by 
Paul Albitz and Cricket Liu. It includes a lot of advanced stuff that 
you can ignore, but it starts by explaining the fundamentals, how 
they work, and why it's done that way.

>  > <pet moan>
>>  Do not just 'make up' a domain, or use ".local", or use a domain that
>>  someone else is using. Using .local is wrong - it's a reserved domain
>>  name for ZeroConf (cf Apple's Rendevous, multicast DNS, ...) and
>>  whilst Windows networks work fine with a .local address, Macs will
>>  barf and the network doesn't work right.
>>  If you just 'make up' a domain name, at some point it could be
>>  registered by someone else - and then you would be using someone
>>  elses domain name.
>>  Using someone elses domain name is just plain bad manners. Apart from
>>  not being able to access anything in their domain, the domain you use
>>  internally DOES leak out (eg in mail headers) and it's bad to be
>>  using someone elses name.
>>  Getting your own domain name registered is so cheap and easy these
>>  days that there really isn't any excuse if you want to do things
>>  properly.
>>  </pet moan>
>
>Would you mind outlining more a HOWTO approach to your `moan' like
>which domain is the forward, which one is the backward--given a
>commercial ISP non-fixed IP address and how to get said domain name?
>I totally agree with your concern that people do the right thing but
>most of the time, they don't because they think it is too complicated.

There are many places where you can buy a domain name, I can't 
recommend any one in particular as I've got my domain names and web 
hosting via my ISP as part of my ADSL package.

If you are stuck with a dynamic IP address then that makes it rather 
difficult to run your own mail server. My ISP gives fixed addresses 
so I can run my own mail, and so can apply my own spam prevention 
measures such as greylisting which I find very effective - most 
definitely to be preferred over an ISPs mail server that accepts 
everything and then throws half your genuine mail away with the spam !

I have asked in a number of places about a suitable domain to use for 
private use and never had a good answer. Many use .local because it 
seems to make sense and I believe it is recommended by Microsoft when 
setting up a Small Business Server, but as stated above, it isn't a 
particularly good choice. Others just make up a domain name (eg 
'fredshouse.com') and hope no-one ever comes along and registers it. 
Others make up a top level domain that isn't used and use that - eg 
"fredshouse.private". As far as I know, there is no top level domain 
reserved for private use.

Of the options, best is to register your own domain name, after that, 
using something like mydomain.private seems reasonable since it 
doesn't seem too likely that ICANN will create .private as a new top 
level domain.