There comes a time when learning about networking when we really start looking in to DNS and the possibility of self hosting. This could be for a web server, a mail server or both. In fact once you have a rock solid understanding of DNS there’s not a lot you won’t be able to do, so it really is worth taking a bit of time to have it completely understood.
I have decided to write a series of articles and tutorials to help other network engineers on their way to mastering DNS. Before we begin (if you’re in a major hurry you can skip straight to the articles, but I recommend reading this bit if you have the time) it’s important to understand some fundamentals about DNS.
DNS is extreamily fast to execute. All that is happening is the processor is reading from a look-up table of domain names and getting a number associated with it -The IP address. This process doesn’t take long at all, in fact it’s so fast, a single server is quite sufficient for handling around 10,000 DNS requests per second, so unless you’re a huge company or an ISP or have an extremily complex network topology just 1 server is quite enough.
By default DNS is a UDP packet not a TCP. The difference in a nutshell being UDP stands for Unsigned Data Packet, this means there is no ‘handshake’ which in turn means your server is not going to wait around for any communication to be ‘Ack’nowledged. This means that DNS is served on a best effort basis, if the server is busy when a DNS request comes in or the ADSL line is busy – it will simply be ignored.
Hosting your own DNS is it a good idea?
No, is about as succinct an answer possible. It’s fine to try out when learning about DNS and doing some tests but unless you fit very specific criteria (explained later), it really isn’t worth it, let me give you the reasons why…
Most ISP’s will charge you extra for having a static IP address. Here in the UK having a static IP address will usually cost you an extra £10 per month, which is £120 a year which is quite a lot really.
Hosting your own DNS you will also need to have two DNS servers. Yes that’s right you need two of them, one to respond for local queries and the other to respond to queries coming from the Internet. I think I’ll quickly go into a little more detail, but don’t let it bog you down if you find it gets too complicated.
If you are developing a website, let’s call it mydomain.com and you are hosting your own DNS. You also have a static IP address, lets hypothetically say it’s 220.127.116.11 ok. You are at home or in a small networked office which has one or two servers and you have decided to use one of them as a web server.
From a command prompt if you ping mydomain.com from within your local network (LAN) and you receive the external IP address of your website 18.104.22.168 that would be bad. The reason it’s bad is because the IP address of 22.214.171.124 is a public IP address not a local IP.
Any address that is not a part of the local area network range (10.xxx.xxx.xxx or 192.168.xxx.xxx – I think 176 is also local) gets routed straight through your default gateway (router). The packet leaves your router looking to resolve the DNS query mydomain.com, in order to do so it finds the root servers for the .com domain’s then it looks up the name servers for ‘mydomain’. The name servers are found and the IP address resolves back to 126.96.36.199. which is your WAN address (your Internet or public IP address you get when you connect to the Internet). This is bad and it’s called a ‘loop back’. It’s not only bad networking having to search the planet for your domain only to return to the address the request came from, it’s also happens to be a security breach and you will find most routers will block this sort of behaviour as it will think it’s under attack.
This means that on your local area network you will need to have a local DNS server. What a local DNS will do is answer requests for mydomain.com and reply with the local IP address of your web server – NOT your public IP address (WAN IP).
Something I’ve found that trips up the slightly less experienced network engineers is this: If you are hosting a website locally, you MUST have a DNS server to reply with local addresses. All DNS queries on your local network must go through your DNS server and ONLY your local DNS server. Do NOT think it’s OK to have a secondary DNS server that points to your ISP’s as a fail over. The reason for this is simple. What happens if for example, you were to ping mydomain.com from a command prompt? You would get a reply from your local DNS server with an IP address like 192.168.xxx.x – which is good, but what would happen if you were to ‘ping’ mydomain.com and your local DNS server was busy? It would see that there was a secondary DNS server listed and so without a second thought it would go off and ask your ISP’s DNS servers to resolve mydomain.com – BAM! loop-back problem! Not only that, the external value (your WAN IP address) 188.8.131.52 would then be stored in your local DNS cache. This is called cache polution and when that happens any time you try to access your domain mydomain.com your DNS cache will reply with 184.108.40.206 – even if your local DNS server is no longer busy! The only way to clear this cache polution is by using the command ‘ipconfig /flushdns’ from the command prompt.
So there you are. You will often find that DNS problems are most often caused by misconfiguration of LOCAL servers NOT servers ‘out there’. Getting local DNS right will save you a lot of grief. DNS is nothing to be afraid of and when you really know how it works, the world is your oyster.
When do you think it’s ok to host your own DNS?
I would say if you had at least two fast ADSL lines or more. You should have a DNS server for each line that you have coming in to answer requests coming in from the Internet. If you host your own DNS and your ADSL line is busy because someone on your network is surfing the web at the time or your DNS server is busy, you will miss the request.
You would also need to have a static IP address for each ADSL line you have coming in.
What do you recommend?
I recommend using DDNS. That’s Dynamic DNS it’s well worth getting to know how to use.
Unless you’re hosting a lot of websites, your best bet is to have your DNS externally hosted. I use dyndns.com but there are many DNS services available and you can use any one you like.
With dyndns.com I have 5 public name servers for my domain’s that are grographically dispersed available. RFC regulations state that you should have at least two and preferably three, so with 5 the chances of a DNS request for my domain going unresolved are slim.
Dyndns charge – I think, $27.50 for a year which is around £18, this may seem quite expensive but really it isn’t (if you know of other services that cost less and are highly reliable, please leave me a comment)
There is a way to have a brand new domain publicly available over the whole world instantly! No need to wait for between 24 hours to 3 days. I explain how to do this in a DNS mastery tutorial which I’ll write later in this series.