View: 7245|Reply: 59
soalan mengenai DNS, nameserver
[Copy link]
aku baru lepas install Plesk software (untuk tujuan hosting management) kat OS windows server 2003 guna IIS6. semua berjalan dgn lancar dgn connection IP sendiri dalam network/LAN.
skang ni aku nak masukkan satu domain ( untuk ip server ni. cuma aku kurang pasti bagaimana procedure dia, dns, nameserver, etc.
aku nak host server ni kat satu domain (, kemudian ada nameserver sendiri, cam dan kemudian bila aku nak add customer, domain customer tu nanti akan point ke nameserver domain aku tadi.
tolong yer.
*maaf kalau korang tak paham soklan aku ni, sbb bila aku baca balik aku sendiri konfius |
lagi satu, primary & slave server ni ada kaitan tak dgn dns, nameserver ni? camne nak dptkan ip utk primary/slave server ni? |
skang aku ada dapat internal dan external ip, termasuk utk ns1, ns2, www dan smtp. bole guna ke nameserver yg sedia ada ni atau kena register nameserver yg baru je? |
1st step kau kena register domain name kau... kat mana2 la cth exabytes..
kau akan dapat account login to control panel kat that server (cth exabytes).. dalam tu kau bole set kan nameserver1 and nameserver2..
aku tau kau nak host kau punye website in-house .. means kau dah ada server sendiri and fix-ip sendiri..
kau hantar email to support exaybtes to make sure dns server (exaybytes) point all request to ip kau..
melalui cara itu laa.. semua access ke website kau akan ke server kat opis kau tu.. sekian... kalau ada kekurangan harap di perbetulkan.... |
domain dah ada.
so basically aku just mintak kat provider registerkan nameserver aku lah kan? ip tu pulak ip internal kan, iaitu 192.168**.**. kemudian kat domain aku akan point ke ns1 dan begitu? |
Originally posted by iweed at 15-11-2007 11:42 AM
aku baru lepas install Plesk software (untuk tujuan hosting management) kat OS windows server 2003 guna IIS6. semua berjalan dgn lancar dgn connection IP sendiri dalam network/LAN.
skang ni aku nak masukkan satu domain ( untuk ip server ni. cuma aku kurang pasti bagaimana procedure dia, dns, nameserver, etc.
aku nak host server ni kat satu domain (, kemudian ada nameserver sendiri, cam dan kemudian bila aku nak add customer, domain customer tu nanti akan point ke nameserver domain aku tadi.
tolong yer.
*maaf kalau korang tak paham soklan aku ni, sbb bila aku baca balik aku sendiri konfius ...
just want to be clear, are you trying to be webhosting manager and at the same have your own DNS servers? or you just want to provide DNS parking service only?
Originally posted by iweed at 15-11-2007 09:39 PM
domain dah ada.
so basically aku just mintak kat provider registerkan nameserver aku lah kan? ip tu pulak ip internal kan, iaitu 192.168**.**. kemudian kat domain aku akan point ke ns1 dan begitu? ...
if you want to host your own dns servers, you don't need to park your domain with your ISP provider. but, if it's free, it doesn't hurt. i don't have much time to describe in detail right now, but when i have time, i'll explain.
Reply #6 oobi's post
yes, and now im trying the plesk webhosting application trial version. i just dont understand how this dns, nameserver works.
and yes i think we do have our own dns servers (i got the internal and external ip which include the ns1, ns2, www and smtp, if that what u mean).
the plesk hosting server is now up and running in the network. now i want to test it using real domain, with own ns1 and ns2. or can i just use the already existing dns? |
Reply #8 iweed's post
okay, oobi try explain as simple as possible.
dns server ni, digunakan untuk translate domain name, instead of browsing the internet with IP address.
for example, you have a website with name. in dns server, this ties to IP address so, when users want to get to your website, they just type the name. without dns server, users will have to remember your website IP address.
the same goes with email. with dns server, customers can email you at [email protected]. otherwise, your customer will have to use myemail@youremailserverIPaddress to send you an email.
main dns server is also known as primary dns server. this is the server that you use to create your zone files, and do any update on the entries. secondary dns server is also known as slave dns server. this is backup server to your primary dns server and you don't touch this server in any way, except to slave zone files from your primary dns server.
for small company, you don't really need to host your own dns server. but, for big company, you need your own dns servers. when you have your own dns server, you don't have to depend on your ISP dns servers. so, if your ISP dns servers have issues, you're not affected as you're relying on your own dns server. you need to have at least two dns servers just in case any one of them goes down.
your dns servers host only your zone files (usually). in zone files, you have entries for your servers, such as www, mail, aliases, etc. besides that, your dns servers must also host database of network names and addresses for other internet hosts. this is important because whenever you query for a domain name and your dns cannot resolve it, it will use the database to pass the request to other server(s).
if you use windows server, it comes with dns software server - you can add whenever you want to (mudah untuk faham). if you used unix flavor platform, you can use BIND. BIND ni susah sikit nak faham unless you're familiar with unix.
kalau nak faham lebih mendalam, google subject on DNS. it's a fun subject.
if you want your dns servers accessible to your client, you need to put them on dmz. otherwise, you have to open access on firewall to allow them access to your dns - not advisable. that's why company always have two sets of dns servers, internet and intranet.
also, don't confuse between internal and external IP. dns servers have one IP only (either internal or external). your client can't see your internal IP, only external. for company website and email, you enter them to your external dns servers, so that people can reach the website and send email to you.
again, i want to stress here, you don't need your own dns servers if your ISP can park your domain for free, A record for your www and MX record for your email server. if you plan to have more entries, then it's better to have your own dns server(s).
thank you for the explainaton bro.
ive been reading around google and try and error but still unable to solve this dns thing, until you mentioned about dmz. one question, without putting this server in dmz, can it be accessed by outsider, by using other domain and register a new dns? (this is for testing purpose)
and about internal and external ip. this is some info ive gathered:
internal ip - 192.168.**.** - 192.168.**.**
server www - 192.168.**.**
server smtp - 192.168.**.**
external ip - 212.***.***.***
and so on.
my question is, after putting the server in dmz, will it be using or share with the already existing ns? i was wondering, what the ns will be to be put in to my clients domain when adding a new user account. |
......................... |
ooo yaa... alang2 oobi dah ada ni.. aku nak tanye skit laa..
kat windows dns server.. internal.. cammana aku nak set ip address.. cth aku nak set kan to ip yg tak wujud.. untuk elakkan user dari masuk website yg tak ikut IT policy.. aku ada baca ni salah 1 cara nak bock connection... u tau kaa? |
Originally posted by testas at 16-11-2007 02:56 PM
ooo yaa... alang2 oobi dah ada ni.. aku nak tanye skit laa..
kat windows dns server.. internal.. cammana aku nak set ip address.. cth aku nak set kan to ip yg tak wujud.. untuk elakk ...
oobi tak de dns server depan mata dan dah lama tak touch this stuff (kena refresh balik ni), so i try my best untuk walk you through.
first, open up your dns console. then, browse to a place to create new zone file (and its reverse lookup zone). open up that zone file and create an A record of the address you want to block and tie it to non-existence IP address (make sure you check the box to automatically create reverse lookup).
for example, if you want to block first, create a zone file for inside zone file, create an A record for www (this will point to
haku pernah configure sendiri dns masa tukar to dedicated server dolu2..
mcm mana tah haku buat..
seingat kat domain yg kita nak set as nameserver tu kena masukkan ip address server kita..
kalau kau register domain ngan mmg kau boleh setting sendiri...
lepas kau settle part point nameserver to ip address server kita then kat dns server option tu kau kena adjust sket2 je kot..part neh aku tak berapa nak ingat dah..snn ak google kat internet gak utk configure..
after all part set ip address kat nameserver tu yg paling penting katanye |
Originally posted by iweed at 16-11-2007 02:42 PM
ive been reading around google and try and error but still unable to solve this dns thing, until you mentioned about dmz. one question, without putting this server in dmz, can it be accessed by outsider, by using other domain and register a new dns? (this is for testing purpose)
if you don't want to put your dns servers on dmz, you can still make it accessible to external users. but, you need to open the access on your firewall/router - strongly not advisable as you open your internal network to unknown users. so, it's best to put your dns servers on dmz if you intent to make it accessible to external users.
Originally posted by iweed at 16-11-2007 02:42 PM
and about internal and external ip. this is some info ive gathered:
internal ip - 192.168.**.** - 192.168.**.**
server www - 192.168.**.**
server smtp - 192.168.**.**
external ip - 212.***.***.***
and so on.
your internal dns servers (192.168.x.x) is for your internal users only. don't advertise to external users. for external users, use external dns server (212.x.x.x), and these are two separate dns servers and have different zone files (majority of them as both serve different set of users).
if you want your website, www, and your email, smtp, available to external customer, move them to dmz (don't put them on your intranet). otherwise, you have to open necessary access (ports) on your firewall/router (major security breach) - strongly not advisable.
these are what I recommend:
internal ip (for internal users) - 192.168.**.** - 192.168.**.**
external ip (for external users) - 212.***.***.*** - 212.***.***.***
server www - 212.***.***.***
server smtp - 212.***.***.***
Originally posted by iweed at 16-11-2007 02:42 PM
my question is, after putting the server in dmz, will it be using or share with the already existing ns? i was wondering, what the ns will be to be put in to my clients domain when adding a new user account. ...
when you put your dns servers on dmz, yes, it can be used by others (as references only) because your dns servers only host your zone files. once your dns is up and running, your dns servers will be part of network database (contains network names and ip addresses). so, when i made a query for your website, my dns servers will try to resolve it. since my dns servers only host our zone files, it will forward the request to network database. then, network database will run the query against its entries and will forward that request to appropriate dns servers, your dns servers. so, that's basically how the name gets resolve.
if you have clients and you want them to use your dns servers, then give them the addresses of your ns1 and ns2 - you need to host your client domains on your dns servers.
for example:
your domain is create a zone file for on your dns servers. in it, you have:
www A ---> this is your main website
mail MX ---> this is your email server
your client domain is create a zone file for on your dns servers. in it, you have:
www A ---> this is your client main website
mail MX ---> this is your client email server (share with yours)
your client2 domain is create a zone file for on your dns servers. in it, you have:
www A ---> this is your client2 main website
mail MX ---> this is your client2 email server (share with yours)
keep in mind, "mail" in dns entry is the name of your email server. if the name of your email server is exchange, then put exchange instead of mail.
so, when people go to, it will resolve to when people email you at [email protected], it will resolve to
so, when people go to, it will resolve to when people email you at [email protected], it will resolve to
so, when people go to, it will resolve to when people email you at [email protected], it will resolve to
on your email server, make sure you add routing entries for, and
sorry kalau ada tersilap sana sini sebab oobi dah lama sangat tak touch dns subject ni. so, make sure you double check.
tenque again for the explaination.
guess i need to wait for the server to be running in dmz. will try to explore more on the dns and zone files setting. |
bro oobi, saya masih ada sedikit kekonfiusan di sini.
saya cuba terankan balik. sekarang ni dns/ns setting kat sini lebih kurang camni:
internal ip - 192.168.**.** - 192.168.**.**
server www - 192.168.**.**
server smtp - 192.168.**.**
external ip - 212.***.***.*** - 212.***.***.***
server www - 212.***.***.***
server smtp - 212.***.***.***
sekarang ni say nak cuba up kan satu lagi server. saya namakan ia server plesk. server plesk dan server www adalah dua mesin yg berbeza. saya dah request dan akan diberikan satu public ip untuk server plesk ni. server plesk ni nanti saya akan jalankan di atas satu domain name baru.
so saya nak double comfirkan balik isu ni:
1. apakah nameserver yg akan saya gunakan untuk domain tu nanti? dan apa pula nameserver yg akan digunakn untuk domain client2 saya tu nanti?
2. berkenaan zone files. selepas saya mendapat satu public ip tu, public ip tu nanti saya perlu pointkan ke ip internal saya, bukan? iaitu ip server plesk ni
p/s: server plesk ni belom dimasukkan dlm dmz. skarang saya nak test ia guna public ip diluar dmz |
before oobi explain further, let me clarify about dmz. dmz is a zone accessible to public. so, if you have servers on dmz network, your servers accessible to public. anything outside your firewall is on dmz. oobi tengok you confuse about dmz because in your last sentence you said about your server is not on dmz because you want to test it using public IP. basically, a network looks like this:
your internal network <--> your firewall <--> your dmz network
once you put your server on dmz, it's accessible to anybody. if you want to serve customers, you put your server on dmz. so, oobi tak faham your last sentence about dmz and public (what do you understand about dmz and what do you mean by public?).
Originally posted by iweed at 19-11-2007 12:15 PM
1. apakah nameserver yg akan saya gunakan untuk domain tu nanti? dan apa pula nameserver yg akan digunakn untuk domain client2 saya tu nanti?
2. berkenaan zone files. selepas saya mendapat satu public ip tu, public ip tu nanti saya perlu pointkan ke ip internal saya, bukan? iaitu ip server plesk ni ...
1. if you want to use your plesk server to serve your clients, then the server must sit on dmz zone. the nameservers it will use are your dns servers on dmz, ns1 and ns2.
2. what do you mean by public IP? are you saying an IP address you obtain from your ISP for your plesk server? if so, then you need to create the zone file for your plesk server domain on ns1 (replicate by ns2).
keep one thing in mind: if you want to use a server to serve customers, always put them on dmz (outside your firewall). for internal users, always put them inside your firewall. understand this first and you'll understand the rest. unless your clients are internal to your company (such as sales group, MIS group, marketing group, etc.), then you can put them inside the firewall.
[ Last edited by oobi at 19-11-2007 01:32 PM ] |
okay. saya faham pasal dmz ni.
cuma sekarang ni plesk server tu masih di luar dmz, iaitu masih dalam internal network. as u said earlier, kalau nak bagi server plesk tu accessable to anybody (tanpa perlu dimasukkan ke dlm dmz), perlu setting access kat firewall bukan? saya diberitahu network admin kat sini boleh assign satu unuse public ip (dari dns server yg sedia ada) untuk plesk server ni, tanpa perlu masukkan server tu ke dlm dmz. boleh oobi clarify pasal ni?
ingin saya jelaskan sekali lagi, apa yg saya nak buat sekarang ni adalah nak testing server plesk ni menggunakan domain name dan ianya akan accessable dari luar tanpa perlu dimasukkan ke dalam dmz. |
Reply #19 iweed's post
yes, boleh buat. macam yang oobi kata sebelum ni, your network admin kena buka access on the firewall to allow the traffic through. and you can create zone file on both dns servers, internal and external. external untuk your client supaya mereka boleh access your server without having to type the IP address (public IP), while internal for your usage.
my suggestion is, when you create zone file on dmz, use different name so that you can make sure it works. so, kalau on ns1i you use, kat ns1 you put that way, when you type from your internal network, it will go outside your firewall first and then come back in (and easier for you to differentiate between the two).
| |