# Advice on buying and setting up a domainname

## rajl

Please give me advice on how I can solve this problem.  I've been googleing and searching the forums, only to find several vague or unintelligible (to the novice) posts and articles.

I want to buy a domainname for my personal use.  It will be a gentoo server of some sort.  I want it to handle web-serving with apache, email serving with postfix, webmail with most likely squirrellmail or maybe horde-imp.  I'm doing all this merely from a hobbyist perspective.  My questions deal with the domain name stuff.

1) Any good suggestions on where to buy a domainname from?  I'm looking for a good deal on prices offered, services available, customer service, etc.

2) I have several computers, each of which I want to give it's own hostname such as webserver.mydomain.com and mailserver.mydomain.com and wifescomputer.mydomain.com.  I want these names viewable to the outside world as well.  Do I have to run my own dns server to accomplish this or some other server, or will the company I bought my domain from allow for that?  If I have to run my own dns server, what steps would I need to do in additoin to software installation and setup?

3) Anything else I should know about buying and running a domainname that I don't know about?

----------

## dkaplowitz

I've used domainmonger.com, but at $17./yr they are starting to look expensive compared to other sites that charge as low as $6.95/yr for domain registration. This is only for domain name registration, they offer no hosting.

Hosting your own DNS offers you the most flexibility and control over your hostnames. You can come up with any names you want, change it any time you want and have literally hundreds of domains and/or names for/on each machine. But it's a headache too. You have to maintain security with your DNS server and its configuration, you have to configure a firewall to listen on port 53 for incoming traffic to forward to your internal DNS server (because of course your firewall isn't doing anything but being a firewall, unless you are psychotic).

Having someone else host for you costs more (though you might find hosts for free or cheap, I'm not sure where they are though) and you lose flexibility (and speed) when making changes b/c you have to play by their rules when doing so.

Personally I think hosting on my own is worth the headaches, but that's me. I don't mind spending the time keeping BIND up to date and/or keeping the server on which it resides patched. I've learned a lot doing it. Also the firewall settings (and don't forget those to whom you are allowing zone x-fers in your DNS config) can be a good challenge.

Weigh the options. Luckily with Linux you have an OS that easily can do it all for you. 

Good luck,

Dave

----------

## PermaNoob

1) I recommend GoDaddy.com for registering your domain name.  $6.95/year for a .com domain.  

2) I use ZoneEdit.com to do my DNS.. for free (up to 5 domains).  They'll give you addresses for 2 nameservers.  Put those nameservers in your GoDaddy configuration thingy and wait a couple of days.  Then you'll be able to use your new domain name.  ZoneEdit is very easy to use, and very flexible.  Also, if you don't have a static IP addresss, you can use DDClient to update your ZoneEdit account settings whenever your IP changes.  Again... very easy to do.  If you want all machines accessible by name, you can do this with this setup... you just need your firewall to forward whatever ports to whatever machine.  

3) Most people would recommend that you run public services (web, mail, etc...) in a DMZ.  So, if your web server gets rooted, for example, the intruder won't have access to machines on your local LAN... just the DMZ.  Someone else could probably explain this better than I can.  

That's about all I can think of... what you want to do isn't too complicated... I mean I did it and I'm pretty new to all this stuff.  Just be patient, read the friendly manual, and ask questions when you get stuck.

----------

## dkaplowitz

I just registered a site with godaddy. I couldn't resist checking it out for that price. I hate their site. It's like spam hell. But for almost 1/3 of what I was previously paying, it'll almost be worth it.

----------

## splooge

"you can use DDClient to update your ZoneEdit account settings"

Instead of using ddclient I recommend doing it this way:

Your DHCP client (dhcpcd) can execute a file upon obtaining a new IP address.  The file you want to create is /etc/dhcpc/dhclient.exe.  Set it executable by typing chmod 700 /etc/dhcpc/dhclient.exe

In the file you want the following lines (one for each host):

```
wget -O - --http-user=username --http passwd=password 'http://dynamic.zoneedit.com/auth/dynamic.html?host=www.mydomain.com'
```

edit: that all goes on one line.

GL

----------

## rajl

Ok, so I'm leaning towards godaddy unless somone finds some better deals.

I think I would prefer to do my dns hosting on my own.  Bind though I have heard has a reputation for security holes on regular basis that demand to be plugged.  I'm looking for a challenging hobbyist project, not another slavemaster.  I noticed several references to something called djbdns, written by the same guy that does qmail.  I also noticed that he apparently ditches standards conformance as he deems convenient (correct me if I'm wrong on both accounts).  Are there any other servers I should consider?  Which one should I use and why?

Also, in setting up a dns server, after installing and configuring it, what else would I need to do?  Do I just let it run on my port 53 and everything automagically happens? Do I need to tell someone like ICANN somehow since this is a publically available dns server?

Finally, are there any good tutorials on this subject for beginners?  I searched the forums and googled, but didn't find anything that was satisfactory.

----------

## Spooky Ghost

I use http://www.dyndns.org/ for my DNS needs.  Although it costs $24.95/year for a custom domain name I find it's money well spent.  You can have as many hosts as you want in name.mydomain.com, you just have to run a client to update the records with your IP address as and when they changes.

----------

## nevynxxx

 *Spooky Ghost wrote:*   

> I use http://www.dyndns.org/ for my DNS needs.  Although it costs $24.95/year for a custom domain name I find it's money well spent.  You can have as many hosts as you want in name.mydomain.com, you just have to run a client to update the records with your IP address as and when they changes.

 

And who needs a custom dns, anferny.ath.cx is easy enough to remember and was free from dyndns (apart from I have it now) you can have almost anything with .ath.cx on the end. As well as others.

----------

## dvc5

I would recommend using tinydns instead of BIND because it's not as security-hole-prone as BIND. Cake to setup as well.

```
emerge djbdns
```

----------

## scout

 *dkaplowitz wrote:*   

> I just registered a site with godaddy. (...) I hate their site. It's like spam hell.

 

I hated their site so much that I stopped the registration just before paying, and used http://www.registerfly.com . They are charging $9.99 which is a few dollars more than godaddy, but I think this is worth it, especially if you consider that goddaddy+I don't want my email in the whois database is more exensive that registerfly+I don't want my email in the whois database.

----------

## Sir_Chancealot

 *rajl wrote:*   

> Ok, so I'm leaning towards godaddy unless somone finds some better deals.  ...   

 

DO NOT,  I repeat-  DO NOT use godaddy.

They are absolute HELL if you try to move your domain and you don't have the passwords.

Let me explain....

When my brother set up his website, he (as clients often do) hired someone to do everything for him.  They set up the original website (registered through godaddy), and set themselves up to be the maintainer.  Ok, nothing unusual in that.  

He later switched to SBC Yellowpages to host his website, because it came free with his Yellow Pages advertisement.  The old provider sent him all the information (passwords, etc.) to switch.  Unknown to him, it was only good for 7 days.  Along comes Sir_Chancealot and, being the good brother, offers to do all the DNS work to switch his webpage.  I call Godaddy.com.  Then the crap starts.

First, they wanted the old passwords.  I explained the situation to them.  They then stated the only way to do this without the password was to give the original credit card number.  Now, remember how he had contracted someone else to register a name, and to set up the site (for which he was billed)?  I explained the situation to them (again, this is NOT an unusual thing, indeed it is almost the norm.)  I spoke with about 5 people.  They could not understand why I couldn't just give them the credit card number used to buy the original domain name.   

 :Rolling Eyes: 

Now, what they are ALLEGEDLY doing is keeping people from hijacking domain names.  I say allegedly because any one with any kind of common sense would see that, in this particular case, is NOT what was going on.  I pointed them to the old web site.  The old web site said the usual page is being moved, blah, blah, blah.  I pointed them to the NEW website already set up, with the same business name and address that was registered as the domain name owner (not maintainer).  This was on PAC-Bell servers, mind you.  They STILL would not believe I wasn't trying to hijack the page.

To make a real long story short:  3 hours of long distance calls later, 5 different people, and I finally got someone who sort of believed I wasn't trying to hijack the page.  (Note:  They wouldn't even CALL the domain name owner, recorded in their OWN records, to see if what I was saying was true!)

I have done this LOADS of times, more times than I can count, really.  Normally, it takes 10 minutes or so to do.  It took me 3 HOURS with Godaddy.com

In short, DO NOT USE GODADDY.COM.  They totally SUCK at doing anything related to domain names.  They make it nearly impossible to do the things that sometimes need to be done with DNS registrations.  And we all KNOW how well clients keep track of important things like dns registration passwords, right?    :Wink: 

Save yourself some time and grief.  Don't use godaddy.com

----------

## rajl

Well, after that venting tirade, I'll consider buying elsewhere.  Still, my question has not been answered: bind, djbdns, or something else (I notice there is an ebuild for something called powerdns) and most importantly why?  Second, where is a good tutorial for setting up one of these servers to manage my domain (I'd rather do it myself than pay someone else, this is purely a hobby project)? Third, is there any sort of additional registering I have to do for my new dns server in addition to buying the domain name?

Waiting to buy my domain until I get some more input.

----------

## splooge

For as many questions as you are asking I would recommend hosting dns off-site for now until you know what's up.  You say you are shying away from this option because "you don't want to pay for it," so here's a tip:

http://www.zoneedit.com

Host up to 5 domain names for free.

DNS will probably be your biggest hurdle in your project.  Do it the simple way for now, have zoneedit.com host it.  Once you've setup your gentoo web and mail server, then consider hosting dns locally.  Bad DNS will affect your web server, whereas a bad webserver won't affect your DNS -- meaning you'll have less problems getting the rest of your server setup if you host it somewhere reliable.

I consider myself pretty good with DNS, and there's no way I'd want to host it on any sort of connection that has any remote chance of going down or changing its IP addresses (cable modem, dsl) or going out of business.  Changing DNS servers can suck.  bad.  I've got some horror stories I could tell you -- one being a domain of mine that couldn't be contacted for 6 months.  (I registered with network solutions via e-mail template about 8 years ago before they had a web interface.  I hosted my own DNS servers.  My DNS server was on my mail server.  When I was forced to move my box, my dns server changed its IP, so other dns servers didn't know how to resolve my domain name.  So when I tried to update my DNS records for my domain with netsol, they tried to e-mail me the confirmation e-mail, but alas, my dns server had changed IP addresses and netsol couldn't find my dns records to send mail to the (new or old) mail server.)

Long story short, netsol couldn't e-mail me cause my dns records were wrong, and I couldn't change my dns records 'cause I couldn't get an e-mail response from netsol.  Catch-22.

----------

## nero

I bought a User Mode Linux virtual server from http://www.tektonic.net. I pay about $20/mo for full root access on a co-located gentoo server with a decent (at least 800kB/s down, and 300 kB/s up) backbone. They will handle all of you DNS stuff for no extra charge, and I registered my domain with GoDaddy. The only compaint I have is that I had to bust some ass to keep the tech support guys on the ball.

This way, you could set up a dns server for your boxen at home, install a mail/web/ssh/ftp/etc daemon and configure it the way you want it, and it is guaranteed to have a 99.9% uptime (unless it is your fault). You can also buy some extra IPs and give every one of your boxes at home real IP address. Or anything else you can think of, for that matter  :Wink: 

----------

## rajl

Ok, so i'll take the hint and for the time being, in terms of functionality, I should go pay for someone else to do it.

This does not reach my original goal of *learning* about how to do DNS, which is my primary reason for wanting to do this project, hence why I do not want to pay any money for it.  Paying someone else to do it for me does not let me learn.   I already know how to setup up a working gentoo web/mail/mailing list/samba/ftp/database server, I've done it multiple times for work, and I right now have a web and mail server running at home minus the purchased domain name and dns stuff, which I want to setup on my own.  Hence my 4 questions:

1) Where are the best places to buy a domainname?  A lot of people are against godaddy, so I'll shy away from them.  www.zoneedit.com is a good place for basic free dns for up to 5 fqdn's.

2) What is a good dns server and why?  Bind I here has frequent security holes, but is probably the most widely used.  djbdns is fast and much more secure, but my research indicates that the author is not always standards compliant.  Powerdns I haven't heard much besides that I found there's an ebuild for it.  Any further insight between these three?

3) Where can I find a good tutorial for the dns newbie?  Where can I find a good tutorial for setting up which ever software I choose?

4) After installing the dns server do I need to do anything more?  For example, do I need to update any records or anything with the company I bought my domain name from?  If so, please give me an idea as to what.

----------

## nero

 *Quote:*   

> 3) Where can I find a good tutorial for the dns newbie? Where can I find a good tutorial for setting up which ever software I choose? 

 

I highly reccomend "DNS and BIND" (O'Reilly)  http://www.oreilly.com/catalog/dns4/

----------

## dkaplowitz

There is a popular alternative to BIND called, I think, djbdns...something like that. It's supposed to be way easier to configure and a lot more secure. It's not used as much as BIND though, so who's to say it's really that much more secure? Things like BIND and Sendmail and Apache are so widely used that it's likely that they are as secure as their alternatives, there's just a lot more eyes on the products and a lot more ppl trying to exploit it. The good thing about BIND is that most security flaws are discovered quickly, are widely reported (bugtraq mailing list is a must, as is the BIND9 announce mailing list), and are patched quickly. So if you keep abreast of the news for the products you use you'll be in good shape. 

Once you set upi the 2 or 3 files you need for your domain (if BIND is the route you go), you need to open your firewall to port 53 UDP traffic from the web and forward it to the machine that's hosting DNS. I wouldn't recommend running DNS on a server that's directly exposed to the Internet. I personally host DNS on a DMZ that is separated from my private LAN. I use an OpenBSD firewall to forward traffic to it from the Internet. You'll need to enable TCP port 53 too if you have a remote secondary name server doing zone transfers. Having a remote secondary is good practice if you want some level of redundancy for the times when you are doing maintenance. But that's more for if you're running a site that a lot of ppl rely on, or are using heavily.

Once DNS is configured, and your machine is accessible from the Internet, you need to tell your registrar that that machine is now the primary name server for your domain. In my case my machines weren't registered as valid name servers, so my registrar (domainmonger.com) added my IP addresses to the registry and I was able to use my own name servers.....they did this for free.

----------

## mozingod

 *dkaplowitz wrote:*   

> There is a popular alternative to BIND called, I think, djbdns...something like that. It's supposed to be way easier to configure and a lot more secure. It's not used as much as BIND though, so who's to say it's really that much more secure?

 

Djbdns is made by the guys that make Qmail. It's a DNS caching service, it doesn't resolve any names by itself, so he can't use it. 

I use Dyndns too. They used to be $30 for a lifetime registration, which is a hell of a deal, but as mentioned they've moved to $25/year, which isn't too bad anyway (a few bucks a month). 

I've used Godaddy for quite some time with a lot of domains, and I've never had a problem. Spam hell? I have yet to get an email from them or because of them, and their site is very well laid out and makes it really easy to work with your domains you have registered with them.

----------

## rajl

Would that make bind my only option then?

----------

## NeddySeagoon

rajl,

You don't need a domain name to host a website. Your users will need to use the IP address of the host to find it. All a name gives you is something easy to remember.

Put your site up first - some ISPs block port 80. If you suffer from one of these, you will not be able to run a web server on the standard port.

I've registered a few domains with gandi.net. I use their DNS becuse I don't want to do my own yet. There is no spam, just a simple web interface. They don't do hosting, just DNS and registration. You get to fiddle with your name record, mxrecord and all the virtual domains you want. If you make a mess of it and cut your site off, they don't mind either.

----------

## stamford

You may want to base your decision in some part on your connection.  In my case, I have a cable modem on which the provider blocks port 80.  I also wanted to experiement with DNS.  Here's what I did:

For a registrair and "External DNS" I used dyndns.org.  Great website, not too pricy ($25/year is about 3 beers in NYC!)  They can also do host to port mapping.  Since I only have one external IP address with my cable connection, this is important.  For example I can redirect www.mydomain.com to 155.155.155.155 port 8000.  While mail.mydomain.com goes to 155.155.155.155 port 23 (the 155 being my external IP address).

On my internal network, I have dedicated servers for www, mail, dns/dhcp, file/print and various other things.  I use all old "junk" hardware so it takes more machines than one "modern" machine, but it's also more fun in my optinion.

My internal DHCP server assigns "static" address via DHCP to the www and mail servers, for which my firewall (a snapgear linux-based box) redirects the ports as setup on dyndns.  Other hosts get "random" addresses.

I have an internal DNS that maps all the same hosts as external.  Instead of mail.mydomain.com pointing to a specific port, on the internal network it points to a specific host, i.e. 196.168.1.10.  This keep mail clients working the same whether outside or inside the network.

This way, I don't have to worry about exposing an internal DNS to the outside world, and it appears I have multiple hosts (and I do in reality) but everything works off a single IP address.  The redirect feature of dyndns alone is worth the money in my opinion.

Good luck and let me know if you have any questions!  patgrayjr at yahoo dot com.

----------

## dogmeat138

What i wanna know, is how to setup reverse. =) PM me with info please. If possable.

----------

## placeholder

Ready for the cheapass hobo method? Go to http://shorturl.com/ and get a free account and then go from there. I use pstudios.vze.com and it's not too bad to do it this way. It's nice, it's free, and it makes me happy. lol

----------

## ursus

 *rajl wrote:*   

> Where are the best places to buy a domainname?  A lot of people are against godaddy, so I'll shy away from them.

 

http://www.aitdomains.com/

They have a $6.95 special deal at the moment - I've always had good service from them. I combine them with ZoneEdit except for the domains I host with their parent company, where they handle it all for me.

Only downside:- I don't think they offer a way of keeping your email address out of the whois database. Solution:- SpamAssassin!

----------

