# dns-server using FreeBSD static IP to TLD



## max21 (Jan 30, 2018)

This is what I want to do and why I want to try it if its possible.

I’m doing this to learn how to do thing correctly the _very first time I connect_ so not have to monk around blindly handing-over complete control at the click of a button to those who await!

My way of thinking may be incorrect -- I always wonder if I could do this with a full-blown DNS server in jail and a recursive server in another jail::  I registered a dummy domain-name to learn how to run my own dns server before attempting production with my real domain-names;  as expected, in under a week, I’m get tons of emails and a few phone calls from people offering website assistants or to gather more personal info _trojans at work_, and I’m sure the only other interested parties would be hackers anticipating any mistakes to come.  I'm happy to experience this in advance.

It’s OK , I just want to see if I can make this silly-puddy PUBLIC domain-name and my website in another jail to be accessible by me only as it is on the WildWildWest and _NOT_ just a full-blown dns-server serving a group on an internal network, I don’t have one and it would be no joy watching those who *should* be trusted in the first place.  This way I’ll be in the mix around the world so hacking is apparent, as I learn how to hide and perform some tricks of my own to devour them all by production time.  That’s what I want to see out of running my own authoritative service and/or the recursive one.  I just started reading about Bind and it sounds like lot of fun to come, just like pf use to be.  I even kind of understand some of the glory details but I CAN'T seem to perceive the meaning of the main headers in most DNS and Bind how-2’s.

All the ones I read only seems to talks about how to configure a dns-server(s) to serve an internal network; giving me the impression that that’s the cream of the crop of what it does.

*How about:*


> 1) Here is how to set up your computer so that it publishes your FreeBSD static IP address’s for your TLD.


*Instead of:*


> 2) Here is how to set up your computer so that it publishes your IP addresses.


Then it tell me to _go get a static IP from my ISP provider or do it in your router_. but It is weard that I read nothing that even came close to #1, or that I simply can't read between the lines and if so, why don't they just make it clear.  Why have a cake when you can't taste it?

I’m not that smart of a guy but once I get past simplicity I can do the darn thing.

Could someone tell me what do #2 really mean and if #1 is even possible?

How do I make my FreeBSD jail host static IP or alliance IP point to my domain-name at the TLD registrar?

*and/or*

How do I make my FreeBSD jail host _USE_ my TLD actual IP and point it my domain-name at the TLD registrar?

Should I mostly be concern about NS records and not CNAME?

Can it be as simple as that?


----------



## ShelLuser (Jan 30, 2018)

max21 said:


> It’s OK , I just want to see if I can make this silly-puddy PUBLIC domain-name and my website in another jail to be accessible by me only as it is on the WildWildWest and _NOT_ just a full-blown dns-server serving a group on an internal network, I don’t have one and it would be no joy watching those who *should* be trusted in the first place.


Why wouldn't that be fun? Better yet: what do you imagine the actual difference between those two scenarios to be?

You don't need a real domain name to learn how to set up a DNS server. In fact, it's probably best that you don't and instead start with a local domain using a private IP range in order to prevent any nasty side effects from possibly made mistakes. Another added bonus is that such a local setup would also allow you to set up (and use) a reverse DNS as well. Something which would otherwise be completely impossible without the help from your ISP.

I'm also not quite sure what you're asking. You share a bunch of quotes but I have no idea where you got those from nor do I understand what you're trying to ask.



max21 said:


> Then it tell me to _go get a static IP from my ISP provider or do it in your router_. but It is weard that I read nothing that even came close to #1, or that I simply can't read between the lines and if so, why don't they just make it clear.  Why have a cake when you can't taste it?
> 
> I’m not that smart of a guy but once I get past simplicity I can do the darn thing.
> 
> Could someone tell me what do #2 really mean and if #1 is even possible?


I can't without a pointer to the original article so that I can read the whole thing within context.

But I assume that it basically boils down to the very essence of DNS which is nothing more but to "link" an IP address with a name, usually a host / domain name. In other words: when you try to look up www.freebsd.org you get the IP address of the server. One could describe that as "publishing an IP address" I suppose. It basically makes the IP address easier accessible, which is essentially all which DNS does.



max21 said:


> How do I make my FreeBSD jail host static IP or alliance IP point to my domain-name at the TLD registrar?


By assigning that IP address to your jail. See jail.conf(5), and chapter 14 of the FreeBSD handbook is also a good read.



max21 said:


> How do I make my FreeBSD jail host _USE_ my TLD actual IP and point it my domain-name at the TLD registrar?


Define "use"?  It heavily depends on what you're going to do with it. Basically this is nothing different than setting up whatever service it is you want to use. Running a website? Configure your webserver accordingly. Use the domain for e-mail? Then you should set up a mailserver aka MTA ("Mail Transfer Agent") and configure it accordingly.

Of course to me that wouldn't count as "using" it but more so as actually hosting it.



max21 said:


> Should I mostly be concern about NS records and not CNAME?


If you don't know the difference between those two records nor what they represent then I think you should give up on the idea of hosting your own DNS server for now and start by hosting a domain with a registrant which also provides some control over the DNS records. That will help you to become more familiar with those without any risk of the whole thing blowing up. In the mean time you can read up a bit more about DNS services (this could be a good read).

Hope this can give you some ideas.


----------



## ronaldlees (Jan 30, 2018)

Bind isn't particularly friendly for a noob to set up and configure.  Maybe I'd suggest that you set up and run the unbound caching resolver on an internal network to enhance your DNS skills. Then graduate to Bind, using an internal network to practice with it.  As ShelLuser mentioned, using an internal network to practice your configuration skills on a DNS server/daemon  is a good idea.  Just because your DNS daemon is running in a jail doesn't mean it cannot be exploited.  You could have a pawned/poisoned DNS running happily along in a jail all day long, especially if the jail is mis-configured.

By "public IP," they probably mean that you in most cases want your public-side IP to be static, so that people can find it, unless you're using a dynamic DNS  provider, in which case they'd handle the details anyway. Have you ever used unbound?


----------



## SirDice (Jan 30, 2018)

ronaldlees said:


> You could have a pawned/poisoned DNS running happily along in a jail all day long, especially if the jail is mis-configured.


Don't forget about amplification attacks. Even if your jail is configured correctly you can still become an unwilling participant of a DDoS attack.

https://www.us-cert.gov/ncas/alerts/TA13-088A


----------



## max21 (Jan 30, 2018)

ShelLuser said:


> Why wouldn't that be fun? Better yet: what do you imagine the actual difference between those two scenarios to be?



I’m glad you ask!

Wired Staff told me how fun and educational DNS is; I said oh, I’m going to kick some butt!  Then he boasted about this guy from the bottom of his heart.  I followed every link and when I read what FreeBSD had to say about it. ..  it blew my freaking mind.

Anyway, Thanks for all the info, but I'm still going to take it from the top. If it blow, it will never blow again.  I did learn a few things.  Creating dns-records and pointer are one of them.  I just wanted an opinion and to let everybody know that I did seek some serious information before asking about DNS.  The only problem in that article was the fact he did not say what I needed to hear; just like 50 others or so that never indicated any possibility.  I believe not all things not said don’t mean it’s it can't be done.  That is why I asked.  I was trying to make the question as clear as possible but evidently, I fail.  It's a silly domain-name so it's expendable.

This time I’ll reword it the best I can.

*This is all I need to know:*

*1)* As we know, it is said that in order to point to your domain-name at the registrar who you brought your domain.com name from you need a real (public) IP address, which is usually provided by your ISP at an outrageous cost.  You have to open a business account. *2)* Or you can get a Free Dynamic DNS at sites like noip.com.  *3)* And the final option would be to write your host or the jail IP and MAC address in your router and use that.

Number *3* really tells me something:  The IP that you use in your router will be a regular private IP address, correct?  DHCP can never change it.  So it makes me think I already have a static IP that is as good as what one can put in a router.  We have /etc/rc.conf:

```
ifconfig_em0="inet 192.168.1.109 netmask 255.255.255.0"
cloned_interfaces="lo1 lo2 lo3"
ifconfig_lo1_alias0="inet 10.10.10.109/32"
```
However, I found no doc' or even clue here where someone asked about it. .. but we do find all over the WWW where everyone is talking about using the calls above to build internal networks.  I gave up the search and concluded that if anyone knows - only a member here got to know for sure.

...............................................
It might be old but FreeBSD is older.

*The DNS Bible:* … Don’t miss a beat .. you might need to turn off js for this page.

https://www.wired.com/2010/02/set_up_a_dns_name_server/


Thanks ShelLuser

I'll be back guys.  About dns-h*ll, bring it on so I can learn how to avoid it.  That's why I want to take it from the top where I can learn to defend myself, with out hosting help.  DNS is public but Bind or other can make my d.com private.  That's the first thing to do so not to piss off my ISP.


----------



## max21 (Jan 30, 2018)

ronaldlees said:


> Bind isn't particularly friendly for a noob to set up and configure.  Maybe I'd suggest that you set up and run the unbound caching resolver on an internal network to enhance your DNS skills. Then graduate to Bind, using an internal network to practice with it.  As ShelLuser mentioned, using an internal network to practice your configuration skills on a DNS server/daemon  is a good idea.  Just because your DNS daemon is running in a jail doesn't mean it cannot be exploited.  You could have a pawned/poisoned DNS running happily along in a jail all day long, especially if the jail is mis-configured.
> 
> By "public IP," they probably mean that you in most cases want your public-side IP to be static, so that people can find it, unless you're using a dynamic DNS  provider, in which case they'd handle the details anyway. Have you ever used unbound?


Hello ronaldlees,

I use to re-read some of your threads all night long.   I have unbound and dnsCrypt running perfectly inside another FreeBSD Virtualbox.  I remember now.. It was with in a few months after when I kelp referencing your post until I got it working.

https://forums.freebsd.org/threads/60475/

After all of that unbound h*ll, BIND and djbdns should be a piece of cake and if not, I’ll tar them up and use the djbdns setup that do both jobs.  That is going to be easy because the understandable configurations are right there in his papers and here:

https://www.vultr.com/docs/how-to-configure-djbdns-on-freebsd

I like to talk tough but in reality it’s because I don’t think I have to worry about pawned/poisoned, amplification and DDoS attacks but I’m happy to know there are only a few to study.  I have a INTEL machine that will be configured properly as a server at home now that I want to.  All I have to do is ssh over those tiny jails.  I build and test all in Virtualbox, The vBox host is my network to the jails. I think.

This machine is for development only and I will be using DNSSEC to give me something to know.  No one will connect to mydomain but me and my sister in the end.  After I learn DNS the half-hard-way, no way do I plan to run my own DNS server in production. FreeBSD and friends is enough.   I’ll let OVH or whoever worry about all of that as ShelLuser suggested.  I just want to gain some DNS experience, since I have to set it up anyway just to reach my dummy-domain.  It would be more interesting then using noip.


----------



## max21 (Jan 31, 2018)

ShelLuser said:


> . . .
> . . . .
> You don't need a real domain name to learn how to set up a DNS server. In fact, it's probably best that you don't and instead start with a local domain using a private IP range in order to prevent any nasty side effects from possibly made mistakes. Another added bonus is that such a local setup would also allow you to set up (and use) a reverse DNS as well. Something which would otherwise be completely impossible without the help from your ISP.
> . . .
> ...




The solution to my problem is the one I was trying to avoid.  My situation require *1)* pay to play or  *3)* Dynamic DNS.  So that makes my router statement is incorrect.  See router setup in link below.  This dDNS KISS*.

Another case where I learn about everything else that I don’t need.

Thanks guys. .. I see how DNS regulate the INTERNET!

https://freedns.afraid.org/


----------



## SirDice (Jan 31, 2018)

I'm not sure what you think you need but there's no reason to pay for  anything or use dynamic DNS for an _internal_ domain. I have an _internal_ domain called dicelan.home. It does use DDNS, but this is mainly to be able to resolve DHCP clients. This is easily done by linking the DHCP server with BIND. 

The Dynamic DNS you find on routers is mostly to be able to resolve your home IP address on the internet. So you can more easily connect to your home, it's not required or needed for an _internal_ domain.


----------



## max21 (Feb 1, 2018)

SirDice said:


> I'm not sure what you think you need but there's no reason to pay for  anything or use dynamic DNS for an _internal_ domain. I have an _internal_ domain called dicelan.home. It does use DDNS, but this is mainly to be able to resolve DHCP clients. This is easily done by linking the DHCP server with BIND.
> 
> The Dynamic DNS you find on routers is mostly to be able to resolve your home IP address on the internet. So you can more easily connect to your home, it's not required or needed for an _internal_ domain.




How did we go from: *registered* domain-name to *internal* domain?

EDIT -
Sorry I edited out too much.  I also said Thanks for clearing DDNS up.  It never made complete since to me either.  Only the experienced could know.  The rest of us only it’s back to the drawing board after wasting all that time.  Anyway, I happy with all I hear here even if the original question goes astray.  My over-explaining only find solutions to other issues which is still good.  Also, I remove my statement below because before you know it be on Facebook or elsewhere in the negative way.  Too much food for thought.  I'm sure you would agree.  I'll be drilling deep into your quote. You really made is so _crystal-clear_ vs any other including Wiki.  When the fat lady sing you will be the first to know.

Thank you

Now it's Datapanic time!

.
.


----------



## Snurg (Feb 1, 2018)

Hi Max, If I understand you correctly:
You can buy a certificate. I did that for testing the stuff back then to avoid the hassle with LetsEncrypt software which is quite fickle.
Nowadays there are plenty easier-to-use and more stable alternatives.
For example, try this to get a free certificate. (There are more alternatives to choose from, just look at the FreeBSD section on the LetsEncrypt website)


----------



## max21 (Feb 1, 2018)

Snurg said:


> Hi Max, If I understand you correctly:
> You can buy a certificate. I did that for testing the stuff back then to avoid the hassle with LetsEncrypt software which is quite fickle.
> Nowadays there are plenty easier-to-use and more stable alternatives.
> For example, try this to get a free certificate. (There are more alternatives to choose from, just look at the FreeBSD section on the LetsEncrypt website)




That's one down and the rest to go because I still want to connect my .com name to my machine at home if you know what I mean.  It seems that I don't know how to explain thing any more.  I got to learn to stay on topic only.   Thanks Snurg


----------



## Datapanic (Feb 1, 2018)

Have fun with DNS!  Research split DNS = what I think you're looking for.


----------



## max21 (Feb 1, 2018)

Datapanic said:


> Have fun with DNS!  Research split DNS = what I think you're looking for.





I think you right.

I hear about Split horizon also and was trying to figure the difference, something has to do with unbound too.  I felt it was something simple that's why I jump in to learn bind.  I'M ON IT!


----------



## max21 (Feb 3, 2018)

I asked the wrong question Guys.

It should have been something iike this:

*Point Domain Name To Your Home Web Server*

http://www.inopinion.org/howto/point-domain-name-home-web-server/

I google exactly this and more many time over many weeks - - (_how do I point a registered domain name to my home server._) but it never turn up much other then you need Dynamic DNS or bind.  So I choose bind so to learn.

That head-line turn-up in another link as the solution for the OP.  Anyway, here is the detail walkthrough so others don’t stay confused.  I’m beginning to think google know me so well that it got me on its prestige recommendation list, or whatever they call it.  If so, please take me off.`



> Accessing your home web server with your registered domain name is a cool idea. Isn’t it?
> . . . .
> But if are not going to start hosting business then your non-static ip address connection will do the job well.



That’s all we need to know, and if that don’t work then I will master bind99 and dbjdns, then HAProxy, just like Packet Filter no matter how long it take.

Split-DNS RULE, _I’m sure_!  I read about it all-day loooong.


----------



## rigoletto@ (Feb 3, 2018)

TLDR; if you a have a registered domain your register is the is responsible to point the dns servers which resolve your address, what can be the register itself or other one you choose to that. You must update this information with them once you have set a dns server for your purpose.

If you have a fixed IP provided by your ISP it gets easier because you can simple configure it in any dns service you like, or even your own, and forget. If you do not have a fixed IP but a dynamic one you will need to use a dns service what does provide resources for dynamic dns updates. The already pointed Freedns is a quite decent one.

I guess cloudflare also do provide dynamic dns services.


----------



## Snurg (Feb 3, 2018)

Personally, I won't dare to set up a dns server myself. One mistake and I might become DDos helper.
I am satisfied with editing /etc/hosts for my few hosts.
This way I can easily play with https without needing to have my https test server being public. This way there is no need for a static ip, too.
The browser then can call the "trust authority" via internet and verify the connection to my private test host is "secure".
Maybe this is sort of "split DNS", too...


----------



## Deleted member 9563 (Feb 3, 2018)

Snurg said:


> I won't dare to set up a dns server myself. One mistake and I might become DDos helper.



I run my own resolver using  bind9. You don't have to make it an open resolver.

But yes, dealing with a distributed denial attack on an open resolver is a problem. I've dealt with that. It's quite easy to avoid making it worse by simply not responding (using iptables) however you cannot make it go away and will need the help of your provider to black hole the traffic, and that costs money after a while. In the end, it's not a big deal unless others are relying on that server too.


----------



## Datapanic (Feb 3, 2018)

How much experience do you have as a DNS Admin?  If you can have your registar provide the DNS for your domain, I'd strongly advise going with that.  Even over at datapanic, I could have my domains point to my domain servers, but I don't want the extra hacker traffic hitting my stuff!   So I let GoDaddy handle it.

In a nutshell, 

1. go to your registar and either setup your domain's DNS NS flags or setup your domain's www (or whatever host) to point to the IP of your 'home web server'
2. firewall
2. remember to use SSL on your web server.
2. If you are setting up your own DNS server for the first time, it's going to take a lot more than asking 'how to' on this forum.


----------



## max21 (Feb 3, 2018)

About freedns services, I would pay the 60 buck for the stealth before I jump inside a shared pool (I’m glad to learn that much).  I don’t want to start paying for all these differences services that in the end I may not need.  Since FreeBSD spoiled me; if it not too complicated I rather to do it myself.  I looked into Let’s Encrypt paid cert, at $30 they more then deserver it, however after getting into http://my.dollardns.net it lead me to CAcert.org. As long as SNI is there I’ll be happy with either.  Anyway, I have not tried the non-static thing yet but I have faith that it will work and if not, I still like them.


----------



## max21 (Feb 3, 2018)

Datapanic said:


> How much experience do you have as a DNS Admin?


If you're speaking to me I have zip experience and now I want it.  My new thing is buy domain (at $12 a pop) that I care nothing about.  It’s only for learning purposes until I get it right.  If it gets compromise, I’ll learn more and more from that.



Datapanic said:


> . . .
> . . . . .
> If you can have your registar provide the DNS for your domain, I'd strongly advise going with that.  Even over at datapanic, I could have my domains point to my domain servers, but I don't want the extra hacker traffic hitting my stuff!   So I let GoDaddy handle it.


I’m glad you mention that … It just so happen that http://my.dollardns.net got a thread about that.  All of this is new to me but you helping to understand it all.  I never cared about networking.  I love only my FreeBSD desktop, PF and XP.  Anything else was just a thought and the old ... someday I will.



Datapanic said:


> . . .
> . . . . .
> In a nutshell,
> 
> ...


If the non-static thing works and works securely, which I see no reason why it should not (so far I know how to keep Comcast IP pool at bay for my area.), I’ll go with it.  If not, I most certainly will not over look this.  Knowing myself, I test the best of every darn thing that people tell me or someone else no matter what.  That is what I do; then I choose.  I promise, I give the kernel the best I can, otherwise he will not release my sanity.

1- will be included.  2- I know.  2- I did not realize.  2- It's on the back-burner for now.


----------



## max21 (Feb 3, 2018)

I forget to post the link about how to use non-static IP.  It'll be a miracle.  I'll try tommorow.

http://www.inopinion.org/howto/point-domain-name-home-web-server/#comment-9298


----------



## Snurg (Feb 3, 2018)

umm that example is for static ip. Google for something like "dyndns setup web server"...


----------



## max21 (Feb 3, 2018)

Snurg, what do you mean?  I think you miss this part:



> But if you are not going to start hosting business then your non-static ip address connection will do the job well.



Keyword *non-static*


----------



## max21 (Feb 3, 2018)

Snurg said:


> umm that example is for static ip. Google for something like "dyndns setup web server"...



Found it.  It don’t get more simpler then that.  If _Individual Opinion_ solution works, it’s time to research the pros and cons of each.  I guest they both should pass the smell test but there’s always something security-wise that someone has to say, now you back to trying to figure BIND, djbdns and split-dns.   If I do, I would follow OJ lead since this is about development and not production.  I know it would be no mistakes allowed every step of the way.  That's the easy part.


OJ said:


> I run my own resolver using  bind9. You don't have to make it an open resolver.



We’ll find out shortly.


----------



## max21 (Feb 4, 2018)

The website tutor that shows how to use the ISP IP don’t work.   If the IP block port 80 I sure they don’t want to see there IP on a domain-name server, unless I was doing it wrong all day.  I wonder wonder did they have their words all cross-up.  Maybe it probably use to work until the ISP’s caught it going on.  All that free stuff; anybody can create sub-domains on your domain and there is nothing you can do about; and with DynDNS why would I need it when my IP never change anyway.   So in most cases we back to needed a real static IP, because those system do have their shortcomings according to a few articles I read, but then again what don’t.  I’m just going to get a the suggested hosting account so I can play with HAproxy and Let’s Encrypt.   Some things should be left to the profession networking people as some of you have said already.  I’ll try again someday but not too soon.  But I do like what bind can do.


----------



## Deleted member 9563 (Feb 4, 2018)

max21 you may be interested in OpenNIC The members are there mostly for the purpose of learning about DNS. You will find much enthusiasm as well as expert help there. Join the mailing list, or catch us on Freenode #opennic.

PS: The above link is for setting up a server, but I should have given you the main page too: OpenNIC


----------



## max21 (Feb 4, 2018)

OJ, it’s going to be a minute before I try to take-on BIND and friends again.  It’s too time consuming especially for someone who knows nothing about networking.  I can't even understand all pieces to the puzzle of using a Dynamic-DNS's.  I'ts like no goddies until you pay.  I rather pay the ISP for a static-IP and take my own chances.  I best to go with the Go Daddy suggestion.  I already put BIND on the back-burner for next winter.  By then I will know a lot more.  Anyway, I always use various OpenNIC DNS’s and I tinker around at their site and others from time to time.  I just made my move to soon to try BIND, only to learn that it was not the solution for my present problem unless I had the proper tools (static-IP). Just having a public domain-name to play with is not enough, but I don't regret it.. It IS my next thing to do but not today because there are too many web tools to learn and I got to know three of them in-order to get to know the first on.  After I can do that much then I will know.  It's the key to jail-communication or networking itself, in my view.

Now I find something new to me, that is right up my ally.  I thought I had the ultimate FreeBSD disk layout and I always boost about it, but now ShelLuser went off and invented a masterpiece, months ago.  To me, now there’s a real reason to try ZFS.   All I do anyway is partitioning, multi-booting, desktops -- disk work, and with his new way, I can relax again, and do the web thing as I go on the already prepared machine.

Thanks for those great tips about BIND OJ

… not excluding all the rest above.


https://forums.freebsd.org/threads/63201/


BTW:  I take that back.  freedns.afraid.org is super cool 
.
.
.
.


----------



## Deleted member 9563 (Feb 4, 2018)

Actually one doesn't need to understand as much as you seem to suggest. You could just set it up using the defaults and cut/paste the file from the OpenNIC site and you're good to go. Done. It is admirable and a good idea to try to learn more, but it's not mandatory for a functioning setup. In my case I do have a static IP at home, but I put the nameserver on a VPS (which I also use as my VPN). As a matter of general information, a VPS is dirt cheap these days - such as $10 per year or less. Times have changed.


----------



## max21 (Feb 5, 2018)

OJ said:


> Actually one doesn't need to understand as much as you seem to suggest. You could just set it up using the defaults and cut/paste the file from the OpenNIC site and you're good to go. Done. It is admirable and a good idea to try to learn more, but it's not mandatory for a functioning setup. In my case I do have a static IP at home, but I put the nameserver on a VPS (which I also use as my VPN). As a matter of general information, a VPS is dirt cheap these days - such as $10 per year or less. Times have changed.




OJ, $10 per year = starvation here in the US, but D. T. pays Twitter even less, iirc he said $1.95.  I say; websites for a dollar, well you never get one from me.  LOL.  Just kidding, I might go that route someday, Go Daddy did.  So, its just like a train; set the route, pop in the battery, flip the switch and watch it go.  Back in my programming days, at the forum when given code or receiving help to write code, the only thing they ask of you was “step-thru-it and learn exactly what it does, and why”.  I been like that ever since.

Anyway, I can do that, but there a few things I rather hear from you because I found no details yet about things I would like to be sure of.  Could you provide some hints to these questions?  I see there are only two main options and I don’t want to take for granted that it does exactly what it sounds like.  I can guest what questions 2 & 3 mean but I would never be sure.  It be something like. ..No, we did not mean it like that. .. it’s not yellow, it’s green.


1)
What are the main benefits of running a private-use Tier 2?
If we both had our own private-use Tier 2, is there a function where can we use each other as slave-dns servers, privately?
Why would we want to do that?

_I would think the main benefit is I can use it with a Dynamic DNS from FreeDNS since I don’t want the added expense of a static IP, OR, I think with my own dns-server I can resolve my domain-name IP address on my own and it will show my website (now in development) on my computer when I type myregistereddomain.com into my web browser, and that - - only I can do that before going public with the website.  I wonder if I could do that much even without having a static IP.  I don’t know the true meaning yet but I think by using the private-use Tier 2 on DO that we can act as a slave-dns for one another privately if there is such a thing._

2)
Are there any benefits of running a public Tier 2 other than a server for OpenNIC or as a local nameserver - - which I don’t have a LAN or Network.  My development machine only have web-related jails, including owncloud someday soon?
Let's say; if we both had our own public Tier 2 server, with this options is this the only way that we can use each other as slave-dns servers, if so, when you use it for your internal network and I use it for my (if I do one with users), would all of that be totally private for each of us other then matching dns records?

_I think DNS knows nothing but privacy but I don't know so I ask.  I could be wrong but since my domain-name provider runs many dns-servers around the world there is no need for me to run a public-dns server. .. and as far as a private LAN or network which I don’t have, it would be useless unless one need it for OwnCloud or to open a online store but I thought that only require running a CDN and a database (i'm not sure).  I'm also thinking that this option might be the ONLY way to work as a slave-dns for each other.  I wonder if the rest of the world would use this public dns-server and clog it up casuing me to waste time needed for plain web development.  And I wonder why I would want to do this._

3)
What VPS provider are you using and why?


These questions might not been asked properly and I understand more then I think but why risk it when you never meant it. I don't mean to keep being a cry-baby but Its difficult to create scenarios without any previous experience.  and when it time to discuss this with an associate or on a VPN ticket, I would like to give them a clue that I kind of know what I am talking about.  Being a little dense at home, I can live with that but not on the outside Dad 

I got it while editing.  Thank OJ  That's all the step-thru I need!


----------



## Deleted member 9563 (Feb 5, 2018)

OK, I fear that I can quickly get out of my depth here as I'm just an amateur who has neither time nor ability to "step-thru-it". I'm basically just a junkyard hacker in the crudest sense of the word. My ambitious and adventurous involvement has been supported by good luck and helpful people who actually know what they're doing.

1) Knowing it's not being logged is one of the benefits which most people value. Some folks are paranoid, but most just insist on upholding the principle. It is also faster to have a lookup closer the the query. I chose to slave to what I consider the most reliable OpenNIC server. To me this has to be OpenNIC because I want access to those TLDs as well as ICANN. Regarding static DNS, I just asked my ISP and they gave me one free - you might try the same in case that's available there. In any case since I use a VPN there is a tunnel to my VPS running openVPN  regardless of my home IP. 

2) The benefits of running a public Tier 2 with OpenNIC is that you are contributing to the project. The more servers we have around the world the better. OpenNIC is not at all like all those other dns-servers around the world. It is an alternate root. This does not really have a lot of direct benefits, although some communities make good use of it. However, the very idea of keeping the internet free and open for alternative ideas that don't have one single point of failure or control (ICANN) is of interest to some people.

3) I have many VPS around the world which are chosen on varying criteria. One is even as low as 3 Eoros per year and works very well. For good bandwidth with high reliability I have a number with a company called Ramnode and in the last couple of years they have not glitched and have only rebooted once for the recent Intel kernel vulnerability fix. I pay $15 per year for each of those. I have other recommendations or comments on in between providers, but you can have a look here, but note that those are not all good and a little research is recommended.


----------

