systemd-resolved, split dns, & vpn setup

Discussion:

Jack Craig

2021-04-08 20:37:41 UTC

hi list,

I have a small home domain (linuxlighthouse.com) running on fedora 32.
I am trying to set up network services for DNS & HTTPS

I have only the one server that I'm trying to provide all these services
from,
a single host using a static ip from att. i have a cascaded router config
connecting my external ip, 108.220.213.121 to it's internal 10.0.0.101.

I have tried at length to get bind 9 to support proper a split horizon
configuration without success.

I came across two very informative articles about systemD-resolveD and
their future implementation on F33 as standard routing/resolution for DNS.

the second article added focus on systemD-resolveD
split DNS and VPN configuration.

This was looking like a good solution until I got down to the end of the
second article
where it said, if I understand this correctly, the systemD-resolveD is not
appropriate for the primary DNS server of a domain.

that in fact you need dns domain server to use bind instead.

so I am confused about how to jam all these related services on a single
host??

My question to this group is, at this point in time, where is the best
place
for me to post queries on this set up?

a future goal is to use wireguard vpn once the above issues are resolved.

suggestions? should queries be sent to this mailing list or is there a
more appropriate list?

thank you in advance for your consideration, Thx, jackc...

Peter Boy

2021-04-08 23:10:56 UTC

Permalink

This was looking like a good solution until I got down to the end of the second article
where it said, if I understand this correctly, the systemD-resolveD is not appropriate for the primary DNS server of a domain.

Indeed, systems-resolved is a name resolver, as the name suggest, and it queries a DNS server to get needed Informations. It is not a DNS server at all.

so I am confused about how to jam all these related services on a single host??

Bind may be an overkill for your home network. Usually you would activate the NetworkManager dnsmasq plugin on your server. It is its task to resolve the addresses of your local network(s) and delegates anything else to your providers DNS. It is quite easy so setup

My question to this group is, at this point in time, where is the best place
for me to post queries on this set up?

If you use Fedora Server, there is a server list {***@lists.fedoraproject.org). But this list should be fine as well.

Peter

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, rep

Jack Craig

2021-04-10 04:47:06 UTC

Permalink

hi Peter,

thx very much for your time & expertise.

very much appreciated, jackc...

Post by Jack Craig

Post by Jack Craig
This was looking like a good solution until I got down to the end of the

second article

Post by Jack Craig
where it said, if I understand this correctly, the systemD-resolveD is

not appropriate for the primary DNS server of a domain.
Indeed, systems-resolved is a name resolver, as the name suggest, and it
queries a DNS server to get needed Informations. It is not a DNS server at
all.

Post by Jack Craig
so I am confused about how to jam all these related services on a single

host??
Bind may be an overkill for your home network. Usually you would activate
the NetworkManager dnsmasq plugin on your server. It is its task to resolve
the addresses of your local network(s) and delegates anything else to your
providers DNS. It is quite easy so setup

Post by Jack Craig
My question to this group is, at this point in time, where is the best

place

Post by Jack Craig
for me to post queries on this set up?

If you use Fedora Server, there is a server list {
Peter
_______________________________________________
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
https://pagure.io/fedora-infrastructure

Tim via users

2021-04-10 08:20:03 UTC

Permalink

Post by Jack Craig
I have tried at length to get bind 9 to support proper a split
horizon configuration without success.

I remember going through that with you last year. It definitely works,
as I did it on my system as I went through it with you.

Do you have something unusual about your system? Is it running in a
virtual machine, or is it an ordinary installation? Are you going
through a VPN?

Does your machine really need to resolve outside addresses? For me, my
local DNS just resolves all my domain names to internal IPs, and my
domain name is resolved for the rest of the world by other DNS servers
(in the usual way).

--

uname -rsvp
Linux 3.10.0-1160.21.1.el7.x86_64 #1 SMP Tue Mar 16 18:28:22 UTC 2021 x86_64

Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/f

Jack Craig

2021-04-10 19:03:12 UTC

Permalink

Post by Tim via users

Post by Jack Craig
I have tried at length to get bind 9 to support proper a split
horizon configuration without success.

I remember going through that with you last year. It definitely works,
as I did it on my system as I went through it with you.

Yes tim, you did and your help was wonderful I got in my DNS
working 90% of the time with your assistance. however it's the last 10%
it's got me ;
perhaps it's because I'm misunderstanding my goals

I think I understand that the primary name server for domain must be in my
case this home server that I'm using and that I need to be able to resolve
my service name to my service public IP based on a mechanism that I
expected I provide through find

what seems to be happening is that I am not getting external and internal
resolutions for internal and external look ups

AT&T my ISP has agreed to secondary my DNS server but I'm expecting to set
up the primary so it is setting up that primary and coordinating it with
the external IP look up's from the world that I am stumbling on at the
moment

Post by Tim via users
Do you have something unusual about your system? Is it running in a
virtual machine, or is it an ordinary installation?

it's a workstation config, no nothing special it's just trying to
synchronize the name Dns/HTTPD/httpds
and the certification from letsencrypt that I need to get organized at this
later

Are you going

Post by Tim via users
through a VPN?

Not yet, my intention was to get this networking up and working correctly
and then put a wireguard VPN
between me and the world . but I've not looked at that until I get the
current DNS configuration set up procareerperly

OK time to share the real problem here ,it is me. that is to say after
several decades of computer work I got Parkinson's and that forced me to
stop working commercially. I didn't want to give up my networking all the
way so I keep this home network has a constant challenge to keep my brain
moving.

sadly Parkinson's symptoms are not limited to muscle jerking around it also
includes 'Swiss cheese'ing in my brain so I'm working at a disadvantage.
still I'm not giving up

Post by Tim via users
Does your machine really need to resolve outside addresses? For me, my
local DNS just resolves all my domain names to internal IPs, and my
domain name is resolved for the rest of the world by other DNS servers
(in the usual way).

Perhaps you could elaborate on this comment above? I need to be able to
provide a primary DNS server to look up between my external IP and my fully
qualified domain name but your description here makes it sound like I'm
doing way too much work I just need to be able to correlate external and
internal views

Perhaps you could expand on this a little bit because I think this is maybe
why I'm getting off in the weeds

Thanks again, ...

Post by Tim via users
--
uname -rsvp
Linux 3.10.0-1160.21.1.el7.x86_64 #1 SMP Tue Mar 16 18:28:22 UTC 2021 x86_64
Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
_______________________________________________
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
https://pagure.io/fedora-infrastructure

Tim via users

2021-04-11 06:30:10 UTC

Permalink

Post by Jack Craig
OK time to share the real problem here ,it is me. that is to say
after several decades of computer work I got Parkinson's and that
forced me to stop working commercially. I didn't want to give up my
networking all the way so I keep this home network has a constant
challenge to keep my brain moving.
sadly Parkinson's symptoms are not limited to muscle jerking around
it also includes 'Swiss cheese'ing in my brain so I'm working at a
disadvantage. still I'm not giving up

Do other techniques help in understanding? e.g. If you doodle diagrams
with pen and paper as to what bits go where.

Post by Jack Craig

Post by Tim via users
Does your machine really need to resolve outside addresses? For
me, my local DNS just resolves all my domain names to internal IPs,
and my domain name is resolved for the rest of the world by other
DNS servers (in the usual way).

Perhaps you could elaborate on this comment above? I need to be able
to provide a primary DNS server to look up between my external IP and
my fully qualified domain name but your description here makes it
sound like I'm doing way too much work I just need to be able to
correlate external and internal views
Perhaps you could expand on this a little bit because I think this is
maybe why I'm getting off in the weeds

Does this approach seem a feasible solution for you:

Okay, let's say that I own the domain name "example.com" (it's a real
domain, specifically meant for everyone to make use of in examples,
without messing up real websites, but it's not really mine). And I
have a website at www.example.com, an email address of ***@example.com,
all the usual gubbins.

I'm paying a service provider $20 a month for them to host my website,
handle my mail. And, for $20 a year, they're the registrar for my
domain name. There are cheaper services, but this price point provides
reasonable service.

When I register my domain name with them, its details are put into
public DNS servers (the domain name, the IP address, and all the other
administrative details about who owns it, etc). The website is hosted
by their webserver. My mail is handled by their mail server. All of
this is external to me, and completely independent. I don't need to do
anything on my computers, nor even my ISP. My hosting service provider
is not the same as my internet service provider.

I could, technically, run all of this on my own computer, but many ISPs
forbid it. Many will stuff it up through the cockeyed way they run
their networks. And I'd have to deal with all the daily hack attempts
that are inflicted upon public web services.

I could run it using my ISP to provide the facilities, but some are
crap at it, often overpriced, and if you ever decide you want to change
ISPs, you've got to move all of your things somewhere else. That
inconvenience is used to tie you down to staying with them.

What I *also* do, just for my own benefit, is run my own webservers,
mailservers, DNS servers, etc., on my own computer. This allows me to
test things before they go public. It allows me to learn how the
software works without messing things up on the internet.

Since I own example.com, I create a sub-domain of lan.example.com to
use within my network. The rest of the world doesn't know about this,
it's not in my public DNS records, I only do it on my local DNS and web
servers. If I want to test out things to go on my website, first
they're done on lan.example.com. Then, when I'm happy, I upload the
changes to www.example.com. I can easily distinguish one from the
other by the different domain names. But I don't have to do this. I
could just directly do everything on the external webserver.

Running my own DNS server has other benefits, but they only affect me,
the outside world doesn't make any use of it. I have internal address
resolution without horsing around with hosts files, Avahi or MDNS. I
can block unwanted things in websites by forbidding them in my DNS
server. Again, I don't have to do this. There's no obligation on
anyone to run their own DNS server if they want a public domain name.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedo

Tim via users

2021-04-11 06:39:34 UTC

Permalink

I'm answering this with a separate response because it goes off in a
different direction. You can decide which way to go without mixing up
all the information together.

Post by Jack Craig
I think I understand that the primary name server for domain must be
in my case this home server that I'm using and that I need to be able
to resolve my service name to my service public IP based on a
mechanism that I expected I provide through find
what seems to be happening is that I am not getting external and
internal resolutions for internal and external look ups
AT&T my ISP has agreed to secondary my DNS server but I'm expecting
to set up the primary so it is setting up that primary and
coordinating it with the external IP look up's from the world that I
am stumbling on at the moment

Jack Craig

2021-04-12 19:06:12 UTC

Permalink

Oh so now I have learned something new.

I thought that because I was a Domain owner, I had to do the translation
from my public IP to my local DNS name

in as much as networksolutions.com, my domain registrar provider, has
already the IP and host name then

I don't need to provide that so let me trim off that external. zone I'm
assuming that I still need to provide service for the 10.0.0.0 internal
addresses, but that could just be covered by my /etc/hosts file right?

With this new bit of information, I should be able to run a minimal
configuration as you earlier outlined
I was trying to throw in everything plus the kitchen sink. I'll start
ripping the plumbing out of named.conf;
see how little I can get away with.

Once again thanks for your time!!

On Sat, Apr 10, 2021 at 11:39 PM Tim via users <

Post by Tim via users
I'm answering this with a separate response because it goes off in a
different direction. You can decide which way to go without mixing up
all the information together.

Tim via users

2021-04-13 10:52:10 UTC

Permalink

Post by Jack Craig
Oh so now I have learned something new.
I thought that because I was a Domain owner, I had to do the
translation from my public IP to my local DNS name

Just to be clear:

By "your public IP" do mean the IP for your server that the world is
going to view pages on?

Or do you mean the public IP that your computer is currently located at
(which will probably change often, if you don't pay for a fixed IP)?

And are they one and the same thing? Are you serving from your own PC?
Is is an external computer serving your files to the public.

If your website server isn't your own computer on your own network,
there's no need for any public DNS records to have your own network
addresses in them.

Whatever the answers are to the above, you don't have to provide the
DNS records for that on your own equipment. Any DNS server can provide
answers to DNS queries. But for the general public to be able to use
your domain name, your records have to discoverable on public DNS
servers. Normally, when you register a domain and have it hosted,
that's all taken care of for you. They put the records in their domain
server, and their domain server feeds info upstream to higher up
servers (it's all like a family tree).

You can see that sort of thing with the "dig" tool. If you do a "dig
example.com" you'll get a collection of responses. The "answer"
section is the domain name and numerical IP address for it, that you
queried. The "authority" section will be the authoritative name
servers for those records (the master host for them). An "additional"
section which can provide info about those authoritative servers. And
in the last bit will be the "SERVER" that directly answered your query.

Post by Jack Craig
in as much as networksolutions.com, my domain registrar provider, has
already the IP and host name then
I don't need to provide that so let me trim off that external. zone
I'm assuming that I still need to provide service for the 10.0.0.0
internal addresses, but that could just be covered by my /etc/hosts
file right?

Your own internal address resolution is done within your own computer
network. That can be a hosts file, it can be your own name server.

--

uname -rsvp
Linux 3.10.0-1160.21.1.el7.x86_64 #1 SMP Tue Mar 16 18:28:22 UTC 2021 x86_64

Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure

Ed Greshko

2021-04-13 11:37:11 UTC

Permalink

Post by Tim via users
You can see that sort of thing with the "dig" tool. If you do a "dig
example.com" you'll get a collection of responses. The "answer"
section is the domain name and numerical IP address for it, that you
queried. The "authority" section will be the authoritative name
servers for those records (the master host for them). An "additional"
section which can provide info about those authoritative servers. And
in the last bit will be the "SERVER" that directly answered your query.

One has to be somewhat careful as to the actual dig command used.

By default the type searched are A records. So, if your domain name is also the name of
a host then you'd need to use "dig -tany domainname"

example:

[***@meimei ~]$ dig ibm.com
ibm.com.                19      IN      A       104.115.95.17

[***@meimei ~]$ dig -tany ibm.com
ibm.com.                20      IN      AAAA 2600:1417:1800:289::3831
ibm.com.                20      IN      AAAA 2600:1417:1800:286::3831
ibm.com.                3600    IN      MX      5 mx0b-001b2d01.pphosted.com.
ibm.com.                3600    IN      MX      5 mx0a-001b2d01.pphosted.com.
ibm.com.                86061   IN      SOA     asia3.akam.net. dnsadm.us.ibm.com. 1564134810 43200 7200 604800 3600
etc.....

Also, if you are running a DNS server to for "local" addresses in your domain and your system's configuration
points to the local server you would most likely want to add the @server parameter to make sure you get
the "external" information.

[***@meimei ~]$ dig -tany meimei.greshko.com
meimei.greshko.com.     86400   IN      A       192.168.1.18
meimei.greshko.com.     86400   IN      AAAA 2001:b030:112f::140e

[***@meimei ~]$ dig @8.8.8.8 -tany meimei.greshko.com
meimei.greshko.com.     1199    IN      A       211.75.128.214
meimei.greshko.com.     1199    IN      AAAA 2001:b030:112f::140e
--
Remind me to ignore comments which aren't germane to the thread.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report

Jack Craig

2021-04-13 18:38:01 UTC

Permalink

Post by Tim via users

Post by Jack Craig
Oh so now I have learned something new.
I thought that because I was a Domain owner, I had to do the
translation from my public IP to my local DNS name

By "your public IP" do mean the IP for your server that the world is
going to view pages on?

yes, 1008.220.1`3.1 yes 108.220.213.121

Post by Tim via users
Or do you mean the public IP that your computer is currently located at
(which will probably change often, if you don't pay for a fixed IP)?

Static IP

Post by Tim via users
And are they one and the same thing? Are you serving from your own PC?
Is is an external computer serving your files to the public.

Internally my IP is 10.0.0.101

Post by Tim via users
If your website server isn't your own computer on your own network,
there's no need for any public DNS records to have your own network
addresses in them.
Whatever the answers are to the above, you don't have to provide the
DNS records for that on your own equipment. Any DNS server can provide
answers to DNS queries. But for the general public to be able to use
your domain name, your records have to discoverable on public DNS
servers. Normally, when you register a domain and have it hosted,
that's all taken care of for you. They put the records in their domain
server, and their domain server feeds info upstream to higher up
servers (it's all like a family tree).
You can see that sort of thing with the "dig" tool. If you do a "dig
example.com" you'll get a collection of responses. The "answer"
section is the domain name and numerical IP address for it, that you
queried. The "authority" section will be the authoritative name
servers for those records (the master host for them). An "additional"
section which can provide info about those authoritative servers. And
in the last bit will be the "SERVER" that directly answered your query.

Mostly dns seem my DNS seems right however I'm having a challenge trying
to get let's encrypt certification renewed.

So I'm going to back up and take another run at this...

thanks again gentlemen,...

Post by Tim via users

Your own internal address resolution is done within your own computer
network. That can be a hosts file, it can be your own name server.
--
uname -rsvp
Linux 3.10.0-1160.21.1.el7.x86_64 #1 SMP Tue Mar 16 18:28:22 UTC 2021 x86_64
Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
_______________________________________________
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
https://pagure.io/fedora-infrastructure

Ed Greshko

2021-04-13 18:51:55 UTC

Permalink

Post by Tim via users

Post by Jack Craig
Oh so now I have learned something new.
I thought that because I was a Domain owner, I had to do the
translation from my public IP to my local DNS name

By "your public IP" do mean the IP for your server that the world is
going to view pages on?
yes, 1008.220.1`3.1 yes 108.220.213.121

I believe I'm looking at the correct record. If so,

IPv6 address fe80::15ef:5535

is not a routeable IPv6 address. It is akin to setting 10.0.0.101 as your public IPv4 address.

It may render a host unreachable for those in the world with IPv6 connectivity only.

--
Remind me to ignore comments which aren't germane to the thread.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https:

J.Witvliet--- via users

2021-04-13 06:54:18 UTC

Permalink

From: "Jack Craig" <***@gmail.com<mailto:***@gmail.com>>
Date: Monday, 12 April 2021 at 21:07:07
To: "Community support for Fedora users" <***@lists.fedoraproject.org<mailto:***@lists.fedoraproject.org>>
Subject: Re: systemd-resolved, split dns, & vpn setup

Oh so now I have learned something new.

I thought that because I was a Domain owner, I had to do the translation from my public IP to my local DNS name

You can do, but you donât MUST do it.
I to have a split horizon, but updating records at my dns-provider is a rather masochistic exercise. Besides, it changed hands four times.

in as much as networksolutions.com<http://networksolutions.com>, my domain registrar provider, has already the IP and host name then

I don't need to provide that so let me trim off that external. zone I'm assuming that I still need to provide service for the 10.0.0.0 internal addresses, but that could just be covered by my /etc/hosts file right?

Only if you serve it to a single machine in your lan, /etc/host is a sensible option.
If you have multiple machines in your network, bind remain the ultimate solution (imho).
Besides, hosts is only useful for translating names to numbers and vice-versa. Anything else: (txt, srv, etc) not possible. So: âviva bind!â

With this new bit of information, I should be able to run a minimal configuration as you earlier outlined
I was trying to throw in everything plus the kitchen sink. I'll start ripping the plumbing out of named.conf;
see how little I can get away with.

Once again thanks for your time!!

On Sat, Apr 10, 2021 at 11:39 PM Tim via users <***@lists.fedoraproject.org<mailto:***@lists.fedoraproject.org>> wrote:
I'm answering this with a separate response because it goes off in a
different direction. You can decide which way to go without mixing up
all the information together.

In very few cases the primary name server for a public DNS record will
be on a home computer. It'll usually be done where you register your
domain name. Though you can shift it elsewhere. You can renew a
domain name and host it with a different company. You can have a
company host your website, and they can also host your DNS records.

For what it's worth, if they do your mail and website through something
like cpanel, they'll probably want to host your DNS records, too, so
their cpanel software can control any changes the DNS records.

You can run your own slave name server, that follows what the public
one does. This can be handy, but not essential, to keep an eye out for
anything that goes wrong.

If you want to run dynamic DNS, so you can log into your home computer
from somewhere else on the net without having to know your IP, that's a
different thing, again.

But, if you want to be your DNS server for the whole world, they have
to be able to connect to you. Traffic has to be able to get through.
And you will need a fixed IP.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org<mailto:***@lists.fedoraproject.org>
To unsubscribe send an email to users-***@lists.fedoraproject.org<mailto:users-***@lists.fedoraproject.org>
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.

Jack Craig

2021-04-13 18:30:47 UTC

Permalink

On Mon, Apr 12, 2021 at 11:54 PM J.Witvliet--- via users <

*Date:* Monday, 12 April 2021 at 21:07:07
*Subject:* Re: systemd-resolved, split dns, & vpn setup
Oh so now I have learned something new.
I thought that because I was a Domain owner, I had to do the translation
from my public IP to my local DNS name
You can do, but you donât MUST do it.
I to have a split horizon, but updating records at my dns-provider is a
rather masochistic exercise. Besides, it changed hands four times.
Thank you for clearing up these misconceptions.

not sure where they came from but good to hear that I can work around them

in as much as networksolutions.com, my domain registrar provider, has

already the IP and host name then
I don't need to provide that so let me trim off that external. zone I'm
assuming that I still need to provide service for the 10.0.0.0 internal
addresses, but that could just be covered by my /etc/hosts file right?
Only if you serve it to a single machine in your lan, /etc/host is a sensible option.
If you have multiple machines in your network, bind remain the ultimate solution (imho).
Besides, hosts is only useful for translating names to numbers and
vice-versa. Anything else: (txt, srv, etc) not possible. So: âviva bind!â

As the case is, I do only have one machine

this is great this means if I don't have to serve port 53 I can shut that
down and close the firewall for that port as well
I guess you guys don't run named either on the single server
configuration?

With this new bit of information, I should be able to run a minimal
configuration as you earlier outlined
I was trying to throw in everything plus the kitchen sink. I'll start
ripping the plumbing out of named.conf;
see how little I can get away with.
Once again thanks for your time!!
On Sat, Apr 10, 2021 at 11:39 PM Tim via users <

Post by Tim via users
I'm answering this with a separate response because it goes off in a
different direction. You can decide which way to go without mixing up
all the information together.

my Domain is registered with network solutions my static IP block of eight
IP address is are from AT&T.

Post by Tim via users
You can run your own slave name server, that follows what the public
one does. This can be handy, but not essential, to keep an eye out for
anything that goes wrong.
If you want to run dynamic DNS, so you can log into your home computer
from somewhere else on the net without having to know your IP, that's a
different thing, again.
But, if you want to be your DNS server for the whole world, they have
to be able to connect to you. Traffic has to be able to get through.
And you will need a fixed IP.
_______________________________________________
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
https://pagure.io/fedora-infrastructure

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u
niet de geadresseerde bent of dit bericht abusievelijk aan u is
toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht
te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van
welke aard ook, die verband houdt met risico's verbonden aan het
elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you
are not the addressee or if this message was sent to you by mistake, you
are requested to inform the sender and delete the message. The State
accepts no liability for damage of any kind resulting from the risks
inherent in the electronic transmission of messages.
_______________________________________________
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
https://pagure.io/fedora-infrastructure