On 8/31/05, Chris Marcellin <canus at teksavvy dot com> wrote:
> the reason why i want to host my own dns servers is because i'm going to be
> web hosting, and it would be so much easier doing it myself, perhaps more
> difficult in
> the beginning setting it up, but in the end much easier in the sense of
> to call my domain provider to keep on updating it and having to deal with
> politics, and secondly because i get experience from it.
I use DNS through my domain registrar and never have to call, it's all
managed from a web based interface. But when dealing with a hosting
environment, it's definitely easier to manage your own DNS servers.
I'd strongly recommend a secondary DNS server at another location
though. Especially with DSL and the lack of any really good service
level agreements. DSL is next day repair many times. Even if you
could push the websites to another server, they would be down for
24-48 hours for any name server changes to propagate.
Or, if your customers won't care if they could possibly be down for a
day or two worst case scenario, then this is fine.
> opt1/dmz for my servers using a private adress (192.168.1.1-254 for example)
> using natting 1:1, and port forwarding 80,53 etc...
> lan for workstations (192.168.2.1-254)
that sounds fine, as long as you only have two servers for those two
> can i use the same switch that i'll be using on the lan, for example using
> the lan and the opt1/dmz
No. It's bad network design (eliminates the purpose of having a DMZ),
and m0n0wall tends to not like two interfaces on the same broadcast
domain. At a minimum it'll complain about picking up ARP on
interfaces it shouldn't be, and I've seen things not work at all when
two interfaces are on the same broadcast domain.
Definitely need to go with two switches. They're too cheap not to.