8

I just bought a raspberry pi and made it a web server. I have a network with 1 IP. I created a DMZ and I am able to access my raspberry pi web server from the internet. I bought a domain that I intend to use for my web site but I found that I need to create some name servers(primary and secondary) and provide IPs for those name server to those from which I bought my domain name.

My questions are: Can I have my DNS server and my web site using the same IP? Is it really needed to have a secondary name server(as I have only one IP I don't think I could have a secondary name server)? What is it to be done next? Should I install a DNS server on my raspberry and configure it? Can I have my website up and running with just 1 IP and 1 raspberry pi? How can I achieve all of these things(having my website on my raspberry up and running and my domain name pointing to it)?

Thanks!

5 Answers5

16

Ugh. I don't normally chime in after so many good people have answered, but I can't entirely agree with any of the answers so far posted. After 20 years of DNS admin, here's my take:

  • Should DNS just be outsourced? No. It's perfectly fine to run your own DNS server (though a static IP address is to my mind essential), and as Vasili notes, it's a good learning experience. We see a number of questions here on SF that arise because the web interfaces of some DNS providers are so appalling that they lead people into making basic DNS errors.

  • Can you run DNS service on a server that offers other services? Yes, of course. The main DNS server for teaparty.net is also the web server (the IP addresses are slightly different, but that's only because my colocated server has several addresses allocated to it).

  • Do you need more than one DNS server? Hell, yes. RFC2182 discusses this explicitly, and notes that:

An argument is occasionally made that there is no need for the domain name servers for a domain to be accessible if the hosts in the domain are unreachable. This argument is fallacious.

Your secondary server should be on a completely different network, and preferably continent, than your primary server. Note that my secondary name server, ns2.teaparty.net, is nowhere near ns.teaparty.net in address space, and in a different country to boot. In the good old days, operators of primary name servers would swap services with each other, so that my primary would also be your secondary, and vice-versa. Alternatively, in these days of cheap VPSes, a tiny, cheap VPS will do the job of 2ary very well.

Don't forget to tie down your DNS server(s) so that they will only recursively-resolve for people in your own organisation. Open DNS servers are lovely, but unless carefully configured they can be used for amplified reflection DDoS attacks, which are bad.

Finally, whilst best-practice questions are arguably the lifeblood of SF, requests for learning material recommendations are explcitly off-topic. If I were you, I'd edit that bit out of your question lest it accumulate any more close votes.

Community
  • 1
MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • I like the Idea of nameserver trading. A shame that this isn't done anymore. – Christopher Perrin Aug 08 '14 at 12:33
  • 1
    It is! My secondary is my friend Marcus' primary, and vice-versa. It just requires a more personal relationship than was usual in the old days, when nearly everyone did it for nearly anyone. – MadHatter Aug 08 '14 at 12:37
  • Thank you for your answer, it is very informing. I edited the learning material recommendations part but why is it off-topic? –  Aug 08 '14 at 15:35
  • See [our help guide](http://serverfault.com/help/on-topic) for more information: that limitation is pretty clearly expressed. – MadHatter Aug 08 '14 at 15:41
14

There's nothing wrong with having two services go to the same IP address, as long as the destination ports do not conflict with one another.

In this case, you would be using port 53 for DNS, and port 80 for your web server.

You can also have both (or all) of your nameservers set to the same IP address.*

You will need to set up an authoritative DNS server on your raspberry pi, then let your registrar know the IP addresses of your nameservers, and delegate authority of your domain to your dns server.

*It goes against normal recommendations, but it is possible.

Vasili Syrakis
  • 4,435
  • 3
  • 21
  • 29
  • 1
    Upvoted to counter a down you got. This is borderline because it runs counter to RFC 2182. Still, this user is clearly just getting started and this is a reasonable compromise to make when you really have just 1 IP at your disposal. – dmourati Aug 08 '14 at 07:36
  • 1
    Absolutely. It's dodgy. I do it at home, simply because I want to test things... Eg. WebApps that interact with an authoritative BIND server (I can't do that when my DNS is hosted with my registrar) – Vasili Syrakis Aug 08 '14 at 07:37
  • dmourati: sorry, what? Which bit of RFC2182 do you think this violates? – MadHatter Aug 08 '14 at 07:41
  • 5
    Well, having all your nameservers in the same building already goes against the best practices specified in that RFC. – Vasili Syrakis Aug 08 '14 at 07:44
  • 4
    I agree with that. I'd focussed on the bit of the question about having the DNS server and other services on the same server/ address, and rather ignored the bit about "do I need two nameservers". The answer to the latter question is a resounding "*hell, yes*". And as Vasili and others have said, they shouldn't be anywhere near each other, either in address space or real space. – MadHatter Aug 08 '14 at 07:47
  • @MadHatter OP asked: "Is it really needed to have a secondary name server?" The first sentence of RFC 2182: "A number of problems in DNS operations today are attributable to poor choices of secondary servers for DNS zones" I think you know that so I'm not sure why you asked that question. I disagree with your point about running your own DNS after having done that for about 20 years as well and since discovering the joys of programatic DNS via API: https://github.com/Netflix/denominator – dmourati Aug 08 '14 at 17:14
  • As I'd hoped my later comment clarified, when I wrote "*which bit of RFC2182 do you think this violates*", I meant that **only** in response to the suggestion that a secondary can't also run other services. Vasili clarified that the OP had asked more questions than that, and I tried to deal with those more clearly in my own answer. Nevertheless, if you *au fond* believe that one shouldn't run one's own DNS, we'll have to agree to disagree. – MadHatter Aug 08 '14 at 18:40
  • @MadHatter, I think you should run your own at small to mid-scale to understand how it all works and then graduate to a provided service if and when you need things like API support and anycast. – dmourati Aug 08 '14 at 21:43
  • That's a fairer statement, though it's not what you put in your answer. I still disagree with it, though. – MadHatter Aug 08 '14 at 23:48
2

Yes, DNS and web server can be on the same IP.

However the way DNS is usually configured, it has to be a static IP. Running a web server on a dynamic IP is simple, as long as the DNS server supports it.

Moreover, you really should have two DNS servers with IPs in different subnets. So it may be simpler to just host you domain at one of the many free DNS hosting providers. I know of HE, other answers have mentioned other providers.

If you really want to host your own DNS server on a dynamic IP, the way to do it is to register dynamic hostnames at a couple of providers. Now you can have the NS records for your domain pointing at those two dynamic hostnames. Since those are outside your own domain, you don't need glue.

kasperd
  • 29,894
  • 16
  • 72
  • 122
0

This is no problem technically speaking. But that's not what you want for your "home server" needs. Register yourself to some DynDNS service (DynDNS, no-ip, etc...) and point your domain there, thats it. Don't run a DNS Server if you don't know what you are doing. In your case it is also not needed to run one yourself.

duenni
  • 2,939
  • 1
  • 22
  • 38
  • What if the OP wants to learn how to use DNS server software? – Vasili Syrakis Aug 08 '14 at 07:35
  • "I intend to use for my web site" thats what he wrote. ALso "but I found that I need to create some name servers", so seems like he misunderstood something. He does not _need_ to run a name server in this scenario. – duenni Aug 08 '14 at 07:39
  • Even if that's the case, I'm pretty happy to send him on a wild hunt to set up his own DNS. It will make a good learning experience. – Vasili Syrakis Aug 08 '14 at 07:40
-2

DNS is pretty central to all serving. Consider moving your DNS to a dedicated provider:

Dyn

UltraDNS

Route53

Doing so will fix the one problem you've identified, namely that your domain registrar wants you to provide at least two (some regions three or more) DNS servers for your domain.

Sometimes, your domain registrar will provide this service for free.

dmourati
  • 24,720
  • 2
  • 40
  • 69