HowTo setup DNS for ISPConfig name servers and dns zones requirements

knarf_D10 · Oct 9, 2013, 7:20 PM

Hello There,

Need help on HowTo setup DNS for ISPConfig name servers and dns zones requirements
I have ISPConfig running with all systems online.

My goal is to have an internal webserver to provide a platform to develop and prototype my customer’s web sites
I want to implement internal subdomains, of my external public domain, for any or all of my customers.
I want to implement split-brain DNS for security purpose

My setup is like this:
(The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPConfig 3)) virtualized on Xenserver 6.2
Running in a Windows Active Directory Domain (providing DHCP / DNS / AD) environment

The IPSConfig server is integrated in AD with PowerBroker open (tested and working)
It's name is say isp.abc.my-domain.com on static ip 192.168.1.20

The AD domain is lets say abc.my-domain.com
It's name is say pdc.abc.my-domain.com (also on xen) static ip 192.168.28.15

My ISP is giving me a DHCP ip also
My router is pfSense 2.1 lan IP 192.168.1.1

1- First I'd like your insight to help me to validate this setup.
2- Considering that my router’s public ip is dynamic
a.) Is it possible to publish my servers ip without dynamic dns
b.) How should I setup my external dns services as to meet ISPConfig name servers requirements.

Any help or comments is welcome and much appreciated.
See Related post on howtoforge (http://www.howtoforge.com/forums/showthread.php?t=63491)
Best Regards

Franck

knarf_D10 · Oct 9, 2013, 9:35 PM

Please excuse my ignorance… still very new with this.

Ok this is answered a couple of questions (https://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS)
to the question "Is it possible to publish my servers ip without dynamic dns"
the question should have been … without an external dns

So I went ahead an installed the bind package.

But I just not sure on what name to use in "/etc/namedb/named.conf".
relating to my setup should I put abc.my-domain.com instead of dyn.example.com

when I create my abc.my-domain.com

my guess is i will need to put
NS ns1.my-domain.com.
NS ns2.my-domain.com.

how do I relate my setup with regards to your "hostmaster.example.com."
dyn.example.com IN SOA ns.example.com. hostmaster.example.com.

Is hostmaster.example.com. the pfsense router?
Also in this tutorial am I correct to assume that the full path of "dynamic/dyn.example.com" is /etc/namedb/dynamic/dyn.example.com" ?

Is there any other specific tutorial I should study?

Please help

Best Regards

Frank

ghostshell · Oct 18, 2013, 10:36 PM

For me i created all my DNS records through ISPConfig, verified records added via Webmin.

Then under the DHCP server settings i have all internal devices using that server as its DNS, no secondary listed, and i can access all my sites internally with this setup.

Without the internal DNS PFSense thinks its under attack and will give a security error and not allow me to access any of my hosted sites.

knarf_D10 · Oct 22, 2013, 12:43 AM

Hey ghostshell,

Thank's for your answer !

In my setup the DHCP server is Win AD! Am I correct to understand that I would need to enable dhcp on pfsense.

What do you mean by

Without the internal DNS PFSense…

I'm confused here…
Do you mean some other DNS server than the one your ISPconfig setup is providing.

Can you elaborate please?

Regards

Franck