DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th March 2009
paran0iaX paran0iaX is offline
Port Guard
 
Join Date: Mar 2009
Posts: 16
Default Setting up nameservers

I just got a dedicated server with OpenBSD on it and I need to set up nameservers (just the minimum 2). Can anyone point me to a guide or something to set this up on OpenBSD?
Reply With Quote
  #2   (View Single Post)  
Old 12th March 2009
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,056
Default

IMHO use tinydns:
http://taciturne.net/it-notes/openbsd/djbdns/

Its very similar to OpenBSD (minimal, secure, well written).
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
  #3   (View Single Post)  
Old 12th March 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by paran0iaX View Post
I just got a dedicated server with OpenBSD on it and I need to set up nameservers (just the minimum 2).
  • Given previous discussion, is your goal to expose this box to the Internet? If so, have you secured a static IP address from an ISP? If you simply have rotating DHCP addresses, setting up your own DNS servers will not allow you to access this box from elsewhere on the Internet, however, there are services which will monitor DHCP leases & modify their tables accordingly. An example is DynDNS:

    http://www.dyndns.com/services/dns/dyndns/

    I don't have experience this bunch, but there may be others who do.
  • Secondly, setting up DNS server(s) is only part of the equation. Have you contracted with some other entity (ie. ISP) to point to your server(s)? DNS is predicated on other registered servers pointing to your registered server(s).
  • Likewise, if your goal is to set up a secure tunnel, IPSec, or VPN connection, you will need to verify that you can do what you are envisioning with a DHCP address if that is what you have. If you have a static IP, that's another story; you can do anything you want, but you also will be paying for it.
Setting up DNS servers of your own means that you will be taking on their care & feeding yourself. Given that you previously mentioned that you have little networking experience, setting up a permanent presence on the Internet seems to be an ambitious move, hence the questions.

Last edited by ocicat; 12th March 2009 at 11:01 PM.
Reply With Quote
  #4   (View Single Post)  
Old 12th March 2009
paran0iaX paran0iaX is offline
Port Guard
 
Join Date: Mar 2009
Posts: 16
Default

Yes, I'm paying for a single static IP address (though I can get more if I pay extra). This isn't a server I set up myself, it's with a dedicated server hosting company that I pay for every month. I found a good Tier 1 host that I checked lots of reviews about, and it seems that they're very good and reputable, and cheap, as a main thing so I decided to go with that since the internet here is pretty fast anyway, so speed isn't an issue. (1Mbps downstream DSL costs $19.99 a month, but I get about 8-9Mbps downstream here for free at college, which would cost me about $50 a month more or less with taxes and stuff if I get the cable internet provider that practically has this area monopolized and is the only available major ISP for that kind of speed in my area of the state, and this dedicated server costs cheaper than that per month so I thought it'd be smarter to get the dedicated server instead of my own internet instead.)

The company I'm hosting with has their own nameservers that we're allowed to use, but they said most people set up their own nameservers so that was just a suggestion and I don't think it'd really hurt to learn through experiencing with it a bit. If I mess up I can just start over anyway.

Last edited by paran0iaX; 12th March 2009 at 11:34 PM.
Reply With Quote
  #5   (View Single Post)  
Old 12th March 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Not that I am trying to discourage you from becoming your own DNS administrator, but you need to go into the ongoing upkeep knowledgeable of what responsibility you are taking upon yourself. People set up their own DNS servers these days if:
  • they want corporate autonomy.
  • they need/want control over their own zones.
  • they want the learning experience.
One of the better (classic) references on DNS is the following:

http://www.amazon.com/DNS-BIND-5th-C...6901029&sr=8-1
Reply With Quote
  #6   (View Single Post)  
Old 12th March 2009
paran0iaX paran0iaX is offline
Port Guard
 
Join Date: Mar 2009
Posts: 16
Default

Thanks. I'll definitely look for that book tomorrow afternoon at the store.
Reply With Quote
  #7   (View Single Post)  
Old 12th March 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

If you are moving in the direction of establishing a permanent connection to the Internet, I would also suggest that you get The Book of PF:

http://nostarch.com/pf.htm

By having a permanent connection, you will have to put serious thought into how to protect any device exposed, & studying pf(4) is a very good place to begin. Hansteen wrote a preliminary tutorial which is still available online:

http://www.bgnett.no/~peter/pf/

I would highly suggest reading both.
Reply With Quote
  #8   (View Single Post)  
Old 13th March 2009
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

Setting up a BIND (aka "named", which comes with OBSD pre-installed) configuration isn't extremely complicated, but mastering exotic administration tasks does take a bit of experience with it. That being said, there are lots of examples you can find for simple domain hosting on your server.

The DNS book ocicat suggests is a good one, and if you do decide to take DNS seriously (which I would always recommend) it will be referenced frequently.

Do you have static IP at your college connection? If so, setting up an 'always-on' encrypted tunnel between your college and your server is quite simple and is (relatively) low-overhead.
__________________
Network Firefighter
Reply With Quote
  #9   (View Single Post)  
Old 13th March 2009
paran0iaX paran0iaX is offline
Port Guard
 
Join Date: Mar 2009
Posts: 16
Default

No, the college connection here is DHCP. But wouldn't a VPN do the same job? Encrypting my traffic to my dedicated server? Doesn't a VPN do that if I set it up?
Reply With Quote
Old 13th March 2009
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

We're both talking about the same thing. However, you're likely referring to a solution usually referred to as a "road-warrior" vpn where you have a remote random IP connection that logs (dials) into a server. Connections like these can last for long periods of time (I'll see mine last all weekend to the office from home), but they are still considered temporary. SSH tunneling is used sometimes for this, also the OpenVPN application has an elaborate road-warrior solution.

The solution I was referring to was a static "always-on" connection. That can be done between two OpenBSD servers without any installation of additional software, and can re-establish itself upon system reboot. Additionally, it's a very small configuration -

http://www.daemonforums.org/showthread.php?t=462

I'm not sure if it would work with DNS names instead of IP addresses, but if it could, perhaps using DynDNS in conjunction domain names would still allow this type of solution.
__________________
Network Firefighter
Reply With Quote
Old 13th March 2009
paran0iaX paran0iaX is offline
Port Guard
 
Join Date: Mar 2009
Posts: 16
Default

ai-danno, that sounds like a really good idea. For whatever reason, I'm drawn into OpenBSD and I think I'm getting addicted. I don't know why it fascinates me so much, even though I've had experience with Linux for some time now. OpenBSD just sounds so cool! (Maybe the fact that everyone I've spoken with on this forum is pretty kind and full of constructive advice helps.)

Back on that continuous connection between two OpenBSD computers - I know for a fact that the IP on my dedicated server will never change (unless something unexpected happens), but I'm pretty sure my connection at college will. I notice that it changes sometimes every week, and other times it stays the same for a month at a time. But couldn't I just change the settings to match my IP address each time it changes? Or would a "road warrior" VPN be more efficient for this?
Reply With Quote
Old 13th March 2009
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

Well it's good to hear the bug has bitten you- to be sure, OpenBSD is no easy road compared to other operating systems, but it is rewarding. If you are truly interested in diving in, then it behooves you to learn not only the technical aspects of the project, but the philosophical aspects as well.

There is a community and distinct culture wrapped around OpenBSD, starting with Theo De Raadt (founder and project leader), and moving on down. The community is an odd one- abuse and harassment awaits the noob who does not demonstrate critical thinking skills when approaching the community with a problem. But this is the cost of belonging to a developer community that develops for itself only- the quality of the code is extremely high, but the community patience level is almost non-existent. Join the misc@openbsd.org mailing list and peruse the archives at marc.info and you will quickly see what I mean. I would consider this forum to be much more friendly, but this is AFAIK a users-only site.

So, now that all fair warning has been given- welcome! Remember, try to thoroughly research your issue when phrasing any questions - go here for proper etiquette-

http://www.daemonforums.org/showthread.php?t=596

On your particular issue, a road-warrior setup will need to redial in when the connection is broken (which on most software can be programmed to autoredial) and on the static tunnel, you're right the new address would need to be programmed in. But this is what I'm saying about dynamic DNS- if the setup can use domain names instead of IP addresses then you can have your dynDNS domain name point to the new address and re-establish the tunnel (with a small script of course.)
__________________
Network Firefighter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
getting and setting time from router michaelrmgreen General software and network 1 5th February 2009 01:58 PM
help for setting ezjail? bgobs FreeBSD General 13 15th June 2008 10:50 AM
nameservers c0mrade General software and network 8 27th May 2008 01:41 AM
Setting Up MPD benjgvps FreeBSD General 0 21st May 2008 12:20 PM
thanks for setting this up DraconianTimes Off-Topic 8 5th May 2008 08:14 AM


All times are GMT. The time now is 04:13 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick