Making an external DNS server with Windows Server 2008 - dns

I have a server (my laptop :P) that is running a web page with Windows Server 2008 and I would like to know if it is possible to make my own domain name instead of paying for a service? I know Windows Server 2k8 has a DNS service, but how easy is it to get this to work externally? Sounds like it would be tough because don't domain names have to connect with an ISP? Please let me know.
Thanks

It's really quite easy to "running a domain" (a website, e-mail, etc.) on your computer without paying a hosting service:
Have a computer connected to the internet 24/7 that runs DNS.
Buy a domain-name from a domain-registrar. Let's call it mydomain.com.
Configure mydomain.com to have an NS record that points users to the computer from step 1. That way, any subdomain queries like www.mydomain.com and mail.mydomain.com will get sent to that computer.
Add DNS entries on the computer from step 1 to send users to the right computer. Like redirect all www.mydomain.com to 12.34.56.78 (if that's your webserver's IP.)
Once you've done that, any DNS requests that query for www.mydomain.com will get sent to your computer's DNS, and it will reply with 12.34.56.78.
It's gets tricker if you don't have a static IP for the computer from step 1, but there are free services to get around that, such as afraid.org.
Of course, seeing how cheap hosting is nowadays, you might be better off just hosting it. It really saves your a lot of extra hassle, at a small cost to customization.
EDIT: After re-reading the question, I realize you may have meant just setting up a DNS domain within your LAN or some other private network. I think the "external" threw me off...

Related

Why cant i access websites via proxied Cloudflare?

I Live in Estonia.
The second day I observe some kind of problem with the opening of some of my sites.
Example:
https://cp.nasdaq.ee - sometimes it works, sometimes it doesn't
https://185.252.232.227:8888/ - this is the same site cp.nasdaq.ee, but via IP - always opens properly
If the site is down and i enable the VPN, then it starts working.
In all other countries, the site opens without problems https://www.host-tracker.com/ru/ic/4/697585f4-486b-4c8e-b530-e3f0b6c96972/
This problem have all of my friends (5 men) who live in Estonia.
Perhaps the problem is somehow related to the fact that cp.nasdaq.ee has NS servers in the Cloudflare.com zone, but not all sites connected to Cloudflare have the problem.
I observe the problem only for those sites that are connected to Cloudflare and their A-record leads to ip 185.252.232.227.
If IP 109.205.176.239, 62.171.151.28, 62.171.151.28 are specified, then sites open without problems.
For your information,
all IPs listed are for VPS owned by Contabo.com hosting, the server is located in Germany.
The problematic IP 185.252.232.227 is from one VPS on Contabo, and all the other IPs I listed are from another VPS on Contabo.
And if i turn of status Proxied at CLoduflare.com and set DNS ONLY - then website works well!
Here is such an incomprehensible problem ...

Is there a way to have a domain name point to a Minecraft server and website?

I have a website for my Minecraft server. I need to set the same domain name up for both. So, if I went to my browser and typed www.ChaoticMC.com it would take me to my Website and if I was in Minecraft and I typed in chaoticmc.com it would take me to my server. I have already done the Minecraft server part but I can't figure out how to do the Website part too. I hope I posted this question in the correct place if not, I am sorry.
(I'm assuming you're using an HTTP proxy like CloudFlare, or your server and web site are on different computers, and therefore the straightforward approach of using the same IP and different ports won't work. I'm also assuming you meant to put both sites on "chaoticmc.com", not one on www and the other not.)
What you want to do is possible, but not necessarily a good idea. Using an SRV record, you can have a web server and Minecraft server on the same address. Some computer configurations (be it faulty routers, buggy antivirus, or just bad DNS resolvers) will not see SRV records, and players with those configurations will not be able to connect to your server. If this doesn't concern you, then you can carry on, otherwise just use separate domains. It's less hassle.
Minecraft supports SRV records, but browsers don't, so you'll need to replace your existing DNS record with one for your web server.
First, create a separate A or AAAA record that points to your Minecraft server. It doesn't matter what you name it, as long as it's different from your web server. Let's say it's "play.chaoticmc.com".
Next, create an SRV record with the name "_minecraft._tcp", a priority and weight of whatever you like (since you only have one SRV record, they don't matter), and a port of 25565 (or the port your server is on if it's non-standard).
Set the target to the record you created previously, which in our example would be "play.chaoticmc.com".
On CloudFlare, the "service name" is _minecraft, protocol is TCP. The rest is the same.
On more primitive DNS providers, you may need to specify it purely as text, in which case it will be "SRV 1 1 25565 play.chaoticmc.com." for our example. (note the trailing period)

Setting up domain with WAMP / XAMPP

I was wondering about security with setting up a domain for WAMP / XAMPP.
Lets say that I want to publish website hosted on my PC with WAMP or XAMPP.
So, I have to register a domain.. and set it in WAMP / XAMPP. But, what would happen, if I set some already used domain in WAMP? For example if I set stackoverflow.com, which is already registered. What would happen? I guess that people will not see my website, but this one (stackoverflow), but how does WAMP or XAMPP recongnise that it is my website?
I am begginer with this matter, so please, dont be angry if its something obious :)
I think you are forgetting about DNS Servers and what they do.
When your browser see's any domain name you enter in the address bar, it goes to a DNS Server and asks, "Please give me the IP address for this domain name". Domain names are only there for us humans as its easier to remember stackoverflow.com than it is to remember an ip address, and that gets even more difficult for us to remember if it is on the IPV6 network.
So unless you can get all the DNS Servers in the universe changed to point the domain name stackoverflow.com to your routers external IP you wont effect anything by setting WAMP or XAMPP to use any existing domain name.
But lets say you do set WAMP/XAMPP to use an existing domain name. You would amend your HOSTS file to tell the Browser where to find that domain like this
127.0.0.1 localhost
127.0.0.1 stackoverflow.com
::1 localhost
::1 stackoverflow.com
This has the effect of seeding the local machines DNS Cache with these addresses. Now the browser will always check the DNS Cache before committing to the expence of asking a DNS Server to get the ip address, so your browser thinks that stackoverflow.com lives on your PC i.e. for IPV4 127.0.0.1 or for IPV6 ::1
All this will do is stop you getting to the real stackoverflow.com because the browser will attempt to connect to 127.0.0.1 every time you use stackoverflow.com as a domain name in the browser address bar instead of going to the real ip address for SO.
Reply to your comment
When you register a domain, you normally get access to an admin panel of some sort, where you set the ip address to use for this domain. This will set the DNS Server of who you purchased the domain from and this is then automatically propergated to all top level DNS Servers.
At that point you would set this to the External IP/WAN IP address of your router.
But be aware, if your ISP allocates IP addresses to you dynamically i.e. not a Static IP address you cannot do this, as your ISP Allocated IP Address is liable to change over time.
As a final note
WAMPServer and XAMPP are designed to be single seat developer tools and not LIVE Servers. That is not to say that the Apache in them is somehow less capable but that there is so much more to securing a web site than first meats the eye.
Also, you may not realise, but a Windows desktop OS is not a good target to run a live web server on. They are configured to be clients and as such have various limitations, mainly that a desptop OS can only manage around 20-30 external connections MAX. So if your site actually takes off, you are going to have a lot of complaints about the speed and accessibility of your site.
This destop limitation cannot be reconfigured.

Why can't I spoof Facebook with my own DNS server?

Reading a lot about servers, load balancing and similar topics, a question came to mind.
DNS servers are servers which gives you the IP for a given domain name. Is there a "dictator" knowing all the valid DNS servers in the world? If I want to make a DNS server, and someone requests a website it doesn't have. How would it know which other DNS to redirect the request to? What if I tell facebook.com to have a spoof IP, and everyone getting the IP from my DNS server would be communicating with a spoof facebook server? Obviously, this isn't how it works (at least not at a big degree), because then someone would have done it already to attack hundreds of people.
When one registers a domain, one has to specify the name server for that domain. What happens during this process? Is a request sent to this DNS server to notify it there is a new domain to save in the database? If so, how can anyone own the top domains like .com? And why cannot I for example make my own top domain name if I can make my own DNS server?
After looking at nginx as a load balancing system, I'm starting to wonder a bit. Is it so that a request to http://www.google.com/ works like this? The computer asks a DNS server for the IP address for google.com, and then requests it? This will only be one IP, and all requests to Google ends up at this one server? And then this IP will be connected to a nginx server, or a more basic hardware unit to route the request internally to other servers? So all requests go to one server before it redirects the request to a data center?
After looking up google.com, it says the name servers are ns1.google.com etc.. But what is the point of them, if you need a different name server to get to ns1.google.com in the first place?
Obviously what I've written doesn't make sense, because if it were true, the web as a whole would be unusable because of people exploiting the possibilities for malicious causes. And I can't imagine how ONE server could handle ALL the requests thrown at google.com.
I've tried searching Google, but all I get is theoretical explanations that led me to where I am now. It would have been great if someone would point me to some articles that explain this thoroughly, and hopefully a lot of other people will find this question useful.
Anyone can run a DNS server, but the challenge is getting someone to use it. Normally the DNS server IP is provided as a DHCP option or is statically assigned. If you can get someone to use your server, you can return any IP for any hostname, including creating new top-level domains (subject to any filtering at the client, of course. Web browsers might have difficulty with a new TLD, for example). Note that with DNSSEC, this will eventually change, as the name record will be digitally signed and your server won't be able to fake the signature exactly.
DNS servers operate in a tree. When one server receives a request for a domain it does not control, it forwards the request on to another DNS server. The other DNS server may be the one which returns the IP (this is called the authoritative server), or it may return a NS record which points to another server which then must be queried. The DNS root servers provide for resolving TLDs.
A DNS server does not need to always return the same IP for a given name. It may choose to return a different IP based on region, client IP, or even per-request. This is the most typical way to load balance. Multiple DNS servers can also load balance the DNS requests by using anycast routing, where many servers share the same public IP and traffic is routed to them randomly by publishing multiple routes for the same IP.

DNS-based strategies for showing a nice "Currently Offline" page when the server is down

How can I make that a site automagically show a nice "Currently Offline" page when the server is down (I mean, the full server is down and the request can't reach IIS)
Changing the DNS manually is not an option.
Edit: I'm looking to some kind of DNS trick to redirect to other server in case the main server is down. I can make permanent changes to the DNS, but not manually as the server goes down.
I have used the uptime services at DNSMadeEasy to great success. In effect, they set the DNS TTL to a very low number (5 minutes). They take care of pinging your server.
In the event of outage, DNS queries get directed to the secondary IP. An excellent option for a "warm spare" in small shops with limited DNS requirements. I've used them for 3 years with not a single minute of downtime.
EDIT:
This allows for geographically redundant failover, which the NLB solution proposed does not address. If the network connection is down, both servers in a standard NLB configuration will be unreachable.
Some server needs to dish out the "currently offline page", so if your server is completely down, there will have to be some other server serving the file(s), so either you can set up a cluster of servers (even if just 2) and while the first one is down, the 2nd is configured only to return the "currently offline page". Once the 1st server is back up, you can take down the 2nd safetly (as server 1 will take all the load).
You probably need a second server with 100% uptime and then add some kind of failover load balancer. to it, and if the main server is online redirect to that and if it isn't redirect to itself showing a page saying server is down
I believe that if the server is down, there is nothing you can do.
The request will send up a 404 network error because when the web address is resolved to an IP, the IP that is being requested does not exist (because the server is down). If you can't change the DNS entry, then the client browser will continue to hit xxx.xxx.xxx.xxx and will never get a response.
If the server is up, but the website is down, you have options.
EDIT
Your edit mentions that you can make a permanent change the IP. But you would still need a two server setup in order to achieve what you are talking about. You can direct the DNS to a load balancer which would be able to direct the request to a server that is currently active. However, this still requires 100% uptime for the server that the DNS points to.
No matter what, if the server that the DNS is pointing to (which you must control, in order to redirect the traffic) is down, then all requests will receive a 404 network error.
EDIT Thanks to brian for pointing out my 404 error error.
Seriously, DNS is not the right answer to server load-balancing or fail-over. Too many systems (including stub clients and ISP recursive resolve) will cache records for much longer than the specified TTL.
If both servers are on the same network, use routing protocols to achieve fail-over by having both servers present the same IP address to the network, but where the fail-over server only takes over if it detects that the (supposedly) live server is offline.
If the servers are Unix, this is easily done by running Quagga on each server, and then using OSPF as the local routing protocol. I've personally used this for warm standby servers where the redundant system was actually in another data center, albeit one that was connected via a direct link to the main data center.
Certain DNS providers, such as AWS's Route 53, have a health-check option, which can be used to re-route to a static page. AWS has a how-to guide on setting this up.
I'm thinking if the site is load balanced the load balancer itself would detect that the web servers it's trying to redirect clients to are down, therefore it would send the user to a backup server with a message dictating technical problems.
Other than that.....
The only thing I can think is to control the calling page. Obviously that won't work in all circumstances... but if you know that most of your hits to this server will come from a particular source, then you could add a java script test to the source, and redirect to a "server down" page that is generated on a different server.
But if you are trying to handle all hits, from all sources (some of which you can't control), then I think you are out of luck. As other folks are saying - when a server is down, the browser gets a 404 error when it attempts a connection.
... perhaps there would be a way at a point in between to detect 404 errors being returned by servers and replacing them with a "server is down" web page. You'd need something like an HTML firewall or some other intermediate network gear between the server and the web client.

Resources