Call me a newbie I guess. It's funny that I've been working Linux systems for longer than I care to admit and over that time configured many machines (and small networks), but they've always been on private networks. Now, I do think I understand what is required for public networks, but something is puzzling me.
From my experience, taking responsibility for basic services like mail delivery, website hosting and DNS resolution should only be done if it must be done. I know people can get enthusiastic and decide to run their own web, mail and DNS server, but often -- and despite the warm fuzzies -- they're underlying system results in a less robust service. The source of which is a lack of security, configuration, fault tolerance, dutiful administration or timely response to problems. I don't want to be paged by a computer in the middle of the night and feel compelled to respond to it (unless it's making me boxes of dough perhaps, and that hasn't happened to date.)
I do see why the responsibility for web and mail servers are taken on by companies, whose requirements are not going to be met by a basic shared host, but why do people need to take on the responsibility of a DNS server for what could likely be just one physical machine? I seem to read that people are even running the primary and secondary DNS server on the same physical machine, I mean talk about defeating the purpose...
I guess I am cranky because I've always found Bind the least fun thing to configure.
It might explain things if I admit that I've never even registered a domain myself. I was under the assumption that the company that I registered a domain with, would manage the DNS records; possibly granting me access to rudimentary configuration.
Can someone enlighten me on this weird world of DNS servers with 3 records and no fault tolerance? I really do want to know, as I have recently been configuring a dedicated server for the company I work for, and find myself confused by this area.
I saw a mention of these, but I guess I would also like to be dealing with as few third parties as possible. It would be nice if either the registrar or the hosting provider offered this, (and I bet some do), but it doesn't seem like standard practice or maybe it's just unpopular with users who want to run the entire show.
In an office situation, i've often set up internal DNS for various reasons. 1) management purposes, I.E can provide internal zones so *nix/windows boxes play happy with each other wihtout having to memorize IP's, install samba or edit host files left and right. You can alsomanage/monitor where your employees are going while on the job.
I have to say the exact opposite (with mail perhaps being an exception) I prefer to manage as much as I can myself, partially just to learn whatever it happens to be if I dont know how to do it, second because as much as its your responsibility and possibly a pain, when say, your upstreams DNS dies and your office keeps working without a hiccup...
If you dont want or need to manage these things, its more than likely your provider will be happy to let you do so.
For me, it's not about avoidance, it's about the quality of the service I'll provide if I take it on, not ignoring the likely given resources I'll have at my disposal.
The server packages I see are nearly always lacking redundancy. There might be options to achieve some degree of it, but the cost quickly increases. For instance, a low-end server might cost ~$60/month, but getting a redundant NIC, PSU (not so common) and a 2nd drive running in mode 1, can easily double the cost. I know nothing is stopping customers from spec'ing this type server, but how often does it occur?
At least in my case, the current machine has zero redundancy and the thought of running all these essential services on such a machine makes my hair stand on end. This is currently only a tentative project, so I can cope, but if things get more serious I might find myself doing some serious arm twisting to get something more trustworthy.
The service is only as good as your knowledge is. You're absolutely right -- if you don't have the time, knowledge or ability to run a service to your level of satisfaction, then thats when you outsource to someone else.
Others consider that they're already paying for a dedicated server which is quite capable of running email and DNS, so why should they pay more?
In response to the multiple DNS servers on the same box -- they no doubt look at it like this: "My registrar requires two DNS servers, I only have one server, and if the website is down, the DNS doesn't matter anyway"
I prefer to run Mail Toaster for my mail, and I run a secondary mail server on a different box to catch any mail that might otherwise bounce if my primary were down.
I run Nictool for my DNS needs, which has a beautiful graphical interface, and automatically syncs the changes to all four of my DNS servers.
Once again though -- despite having pretty convenient graphical interfaces to things -- the services are only as good as your knowledge is. If you don't understand how to properly configure mail and DNS services, then you shouldn't be running them. (exception being to learn -- but hopefully you're not learning on things that are important to you)
May this post be indexed by spiders, and archived for all to see as my internet epitaph. MikeSchroll.com
I guess I am slightly paranoid about using web interfaces for remote administration. I am fine with commandline admin, but I have to admit that I am not a fan of the syntax of Bind. Isuppose if the site became complex enough, it would perhaps be the lesser of two evils.
Again it's not about an inability to do the administration, it's just that in my experience these servers* will not run flawlessly indefinitely. When they break down, and since I assume they are essential if they were running in the first place, they really ought to be attended to immediately. That is where the honesty about "will I fix this at all hours" comes in.
Another purpose for running Bind is for "custom nameservers". Hosts like to look professional, and what's more professional than getting your customers to type in "ns1.hostingdomain.com" when they're setting up their DNS. It also allows a control panel to quickly change DNS settings without the customer having to do any hard work.
once you know bind, you can tweak your config to make it pretty simple to deal with zone files and what not.
If your main point/concern is with the lack of redundancy your setup would have, then simply dont do it. Theres no absolute reason to run those services if your provider is willing to or if you can do it for free externally (or pay for it if you want).
Web interfaces have come a long way since webmin first came out. Though I despise control panels (they have their place, I know. doesnt mean I have to like it), I dont mind using purpose specific web ui's for certain things. but I generally find ssh'ing to a machine, runnning my commands can be faster so *shrug*
Generally for a small enviornment thats fairly static, the only reason deamons like bind/mysql etc only go down when its administered badly or there is a hardware issue (granted this isnt always the case, but it generally is)