hello friends! new(ish)!

Setting up a Server/DNS: Difference between revisions

From InstallGentoo Wiki v2
Jump to navigation Jump to search
 
(5 intermediate revisions by 3 users not shown)
Line 11: Line 11:
Some recommendations:
Some recommendations:
* [https://internet.bs internet.bs]
* [https://internet.bs internet.bs]
* [https://gandi.net Gandi]
* [https://porkbun.com Porkbun]
* [https://namesilo.com Namesilo]
* [https://namesilo.com Namesilo]
You can use [https://tld-list.com TLD-List] to compare prices and features, and [https://www.domainhack.me/ domainhack.me] to help you come up with neat domain hacks (though all the good ones are already taken).
You can use [https://tld-list.com TLD-List] to compare prices and features, and [https://www.domainhack.me/ domainhack.me] to help you come up with neat domain hacks (though all the good ones are already taken).
Line 29: Line 29:
A dynamic DNS service keeps a system addressable from the same domain regardless of IP address changes (e.g. dynamic IP from residential ISP if you're hosting from home).
A dynamic DNS service keeps a system addressable from the same domain regardless of IP address changes (e.g. dynamic IP from residential ISP if you're hosting from home).
There are a few options for this:
There are a few options for this:
*Running your own DNS server with PowerDNS + [https://github.com/pboehm/ddns pboehm/ddns] or BIND/Yadifa + [https://github.com/SFTtech/sftdyn sftdyn] or [https://github.com/nsupdate-info/nsupdate.info nsupdate]
*Running your own DNS server with PowerDNS + [https://github.com/pboehm/ddns pboehm/ddns], or BIND/Yadifa + [https://github.com/SFTtech/sftdyn sftdyn], or [https://github.com/nsupdate-info/nsupdate.info nsupdate]
*[[Setting up a Server/DNS#FreeDNS|FreeDNS]] though not recommended with your own domain
*[[Setting up a Server/DNS#FreeDNS|FreeDNS]] though not recommended with your own domain
*[https://nsupdate.info Hosted nsupdate] - privacy respecting, two minute set up
*[https://nsupdate.info Hosted nsupdate] - privacy respecting, two minute set up
*Free dynamic DNS from [https://www.1984hosting.com/product/freedns/ 1984] (privacy-conscious), [https://dns.he.net/ Hurricane Electric] (easy, flexible, fast, recommended), [https://www.cloudflare.com/dns/ Cloudflare] (just use HE-tier)
*Free dynamic DNS from [https://www.1984hosting.com/product/freedns/ 1984] (privacy-conscious), [https://dns.he.net/ Hurricane Electric] (easy, flexible, fast, recommended), [https://www.cloudflare.com/dns/ Cloudflare] (just use HE-tier), [https://www.namecheap.com/store/domains/freedns/ Namecheap] (also a registrar)


= Running your own DNS server =
= Running your own DNS server =
== Recursive ==
A recursive DNS server forwards and caches results from authoritative servers. Most they can be configured to answer queries from local data too, but not as flexibly as authoritative servers.
*Unbound - high performance caching recursive DNS server
*dnsmasq - Lightweight DNS forwarder available on most router software like OpenWRT. Can run with DHCP to map leases to domain names.
== Authoritative ==
== Authoritative ==
If you have domains of your own and want more flexibility than your registrar offers or just want to do it yourself this is the one you want.
If you have domains of your own and want more flexibility than your registrar offers or just want to do it yourself this is the one you want.
Recommended software:
Recommended software:
*Yadifa - Authoritative-only, very fast, runs the .eu tld zone
*'''[https://www.knot-dns.cz/ Knot DNS]''' - modern, easy to configure authoritative-only DNS server, runs the .cz tld zone among others.
*BIND - by far the most popular thanks to its age and proven reliability
*'''[https://www.nlnetlabs.nl/projects/nsd/about/ NSD]''' - modern authoritative-only DNS server, runs many tld zones including .nl and .fr.
*Unbound - designed to replace bind, more modern/secure
*[https://www.powerdns.com/ PowerDNS] - probably the most extensible open source DNS server out there.
*PowerDNS - probably the most extensible open source DNS server out there
*[https://www.yadifa.eu/ Yadifa] - authoritative-only, runs the .eu tld zone.
*[https://www.isc.org/bind/ BIND] - by far the most popular thanks to its age and proven reliability. Slowly fading in popularity, but it will never go away.
*[https://coredns.io/ CoreDNS] - another very extensible open source DNS server. Popular (and developed for) cloud applications.
*[https://cr.yp.to/djbdns.html djbdns] - suite of DNS tools (tinydns is the authoritative dns server) created after frustration with bugs and vulnerabilities in BIND. Very popular in early 2000s, released into the public domain in 2009. Use [https://www.tinydnssec.org/ tinydnssec] or the [https://packages.debian.org/search?searchon=sourcenames&keywords=djbdns version in Debian repos] for IPv6 and DNSSEC support.
Knot, NSD and BIND all see extensive use for TLD zones and the internet [https://root-servers.org root nameservers].
 
 
[[Category:Hardware]]
[[Category:Software]]

Latest revision as of 21:21, 2 July 2023

DNS blurb goes here

Getting a Domain Name

The primary identifier of your server on the internet is the IP address. Not only is it often a huge pain to memorize and type the IP every time, but if you're hosting from home your IP likely changes periodically. It's a lot more convenient to have a domain like server.mydomain.net that you can use to get to the server.

You have two real options for a domain, either buy one directly from a registrar or get a free one from FreeDNS or similar.

From a Registrar

Think of a domain, go to the registrar and buy. Most registrars provide their own DNS servers, but few offer dynamic DNS - if you require dynamic DNS see here. Many registrars offer whois guard to protect the personal info contained in whois records, though you can often just falsify the whois information if this isnt offered (OVH is a notable exception). Some recommendations:

You can use TLD-List to compare prices and features, and domainhack.me to help you come up with neat domain hacks (though all the good ones are already taken).

FreeDNS

Make a free account, then go to subdomains and click add. Type in what subdomain you want to use, and pick one of the free domains. For example, if you want your server to be called cocks, and you pick the domain chickenkiller.com, your server will be accessible at cocks.chickenkiller.com (although this one is probably taken already). If you don't know your servers external ip curl http://ident.me/ from a shell to get it.

Click save, and it should pop-up in your subdomains. After a few seconds, the URL should point to your server's IP. You can test with SSH, ping, or opening in a web browser depending on what you have working. However, if your IP should change, you will need to manually update it. For doing this easily, FreeDNS actually provides an API. If you click the "ASCII" link there, you should get a table of all your domains. At the end of each line is an address. Every time you load this address in a browser, the IP will get updated.

To update it automatically put this in your crontab (crontab -e)

0 9 * * * curl https://freedns.afraid.org/api/?action=getdyndns&sha=API_KEY_GOES_HERE

This will run at 9 AM every day. If you want logging check this Python Script with logging.

Dynamic DNS

A dynamic DNS service keeps a system addressable from the same domain regardless of IP address changes (e.g. dynamic IP from residential ISP if you're hosting from home). There are a few options for this:

Running your own DNS server

Recursive

A recursive DNS server forwards and caches results from authoritative servers. Most they can be configured to answer queries from local data too, but not as flexibly as authoritative servers.

  • Unbound - high performance caching recursive DNS server
  • dnsmasq - Lightweight DNS forwarder available on most router software like OpenWRT. Can run with DHCP to map leases to domain names.

Authoritative

If you have domains of your own and want more flexibility than your registrar offers or just want to do it yourself this is the one you want. Recommended software:

  • Knot DNS - modern, easy to configure authoritative-only DNS server, runs the .cz tld zone among others.
  • NSD - modern authoritative-only DNS server, runs many tld zones including .nl and .fr.
  • PowerDNS - probably the most extensible open source DNS server out there.
  • Yadifa - authoritative-only, runs the .eu tld zone.
  • BIND - by far the most popular thanks to its age and proven reliability. Slowly fading in popularity, but it will never go away.
  • CoreDNS - another very extensible open source DNS server. Popular (and developed for) cloud applications.
  • djbdns - suite of DNS tools (tinydns is the authoritative dns server) created after frustration with bugs and vulnerabilities in BIND. Very popular in early 2000s, released into the public domain in 2009. Use tinydnssec or the version in Debian repos for IPv6 and DNSSEC support.

Knot, NSD and BIND all see extensive use for TLD zones and the internet root nameservers.