- Posts: 783
- Thank you received: 0
MX Records and Domain Name Space
- skepticals
- Topic Author
- Offline
- Elite Member
-
Less
More
17 years 6 months ago #22259
by skepticals
MX Records and Domain Name Space was created by skepticals
I have been reading a great deal on MX records and Domain Names and the like. I think I am making the topic over complicated.
I want to setup an internal mail server. I have external DNS through my ISP. I have an .us domain currently registered.
I register a domain with .us and then it points to a nameserver (my ISP's) and my ISP's DNS points to the servers? Is that how it works?
Are the traffic decisions made based on the MX records on my ISP's DNS? If I register www.company.us and an end user sends an email address to user@company.us, this will make its way to the ISP's DNS sever and the MX records will point to my internal mail server? Is this the same idea for web pages too?
Also, if I were to setup a web server using MS windows and IIS, when would I name the server something like company.us instead of company.local? I am used to registering domain names through a registrar, is this how I would register a windows server? or would I simply have the web pages relayed to my web server? It was suggested to me that I should put the web server in the DMZ not on my internal domain. Does it have to be on the .us domain?
I'm not sure if I have been very clear. I am seeking general knowledge and scenarios. Any thoughts?
I want to setup an internal mail server. I have external DNS through my ISP. I have an .us domain currently registered.
I register a domain with .us and then it points to a nameserver (my ISP's) and my ISP's DNS points to the servers? Is that how it works?
Are the traffic decisions made based on the MX records on my ISP's DNS? If I register www.company.us and an end user sends an email address to user@company.us, this will make its way to the ISP's DNS sever and the MX records will point to my internal mail server? Is this the same idea for web pages too?
Also, if I were to setup a web server using MS windows and IIS, when would I name the server something like company.us instead of company.local? I am used to registering domain names through a registrar, is this how I would register a windows server? or would I simply have the web pages relayed to my web server? It was suggested to me that I should put the web server in the DMZ not on my internal domain. Does it have to be on the .us domain?
I'm not sure if I have been very clear. I am seeking general knowledge and scenarios. Any thoughts?
17 years 6 months ago #22262
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: MX Records and Domain Name Space
Hi,
You are mostly right with your post. Basically, you register a domain, for example yourcompany.us, when you register this domain, it needs to know which domain name servers are Authoritive for that domain (i.e. manages the dns records). The root servers point to the .us and then the .us servers will have a record that points yourcompany.us to the authoritative (or secondary) name servers.
You are different records within DNS. For example, you have an mx record, host record, cname record, etc....
MX Record - This is the one that e-mail uses, it will look for the mx record thats assigned to yourcompany.us which will be the ip address of the mail server
host Record - this is any name you assign in front of yourcompany.us. i.e. www.yourcompany.us would then have an ip address of your webserver. Another host record could be portal.yourcompany.us which could be a sharepoint portal server.
cname Record - this is when you create another name in front of yourcompany.us that points to a host record (or another cname but its not recommended). So, if you have a webserver running IIS that has a website and ftp site you could setup a host record called webserver.yourcompany.us and then two cname records ftp & www that points to webserver.yourcompany.us.
You would usually setup the FQDN in IIS using a host header within IIS, this identifies the website within IIS that response to that FQDN.
Does that answer everything ?
You are mostly right with your post. Basically, you register a domain, for example yourcompany.us, when you register this domain, it needs to know which domain name servers are Authoritive for that domain (i.e. manages the dns records). The root servers point to the .us and then the .us servers will have a record that points yourcompany.us to the authoritative (or secondary) name servers.
You are different records within DNS. For example, you have an mx record, host record, cname record, etc....
MX Record - This is the one that e-mail uses, it will look for the mx record thats assigned to yourcompany.us which will be the ip address of the mail server
host Record - this is any name you assign in front of yourcompany.us. i.e. www.yourcompany.us would then have an ip address of your webserver. Another host record could be portal.yourcompany.us which could be a sharepoint portal server.
cname Record - this is when you create another name in front of yourcompany.us that points to a host record (or another cname but its not recommended). So, if you have a webserver running IIS that has a website and ftp site you could setup a host record called webserver.yourcompany.us and then two cname records ftp & www that points to webserver.yourcompany.us.
You would usually setup the FQDN in IIS using a host header within IIS, this identifies the website within IIS that response to that FQDN.
Does that answer everything ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
- skepticals
- Topic Author
- Offline
- Elite Member
-
Less
More
- Posts: 783
- Thank you received: 0
17 years 6 months ago #22264
by skepticals
Replied by skepticals on topic Re: MX Records and Domain Name Space
Thanks for the reply. Very helpful; however, I am still unclear about a few things.
Currently, I am assuming that company.us is using the ISP's DNS server because they are hosting the web page and email. Is this a safe assumption/common practice? If so, this means I need to contact them about changing the MX record for the mail?
Regarding the mail server. I have read several books and articles that contradict one another. Some say to put an email relay server in the DMZ and the mail server on the internal network. I plan to install a Barracuda spam filter and it appears that I put this on the internal network as well. Dose this seem accurate? If so, would I use an external IP address on my firewall and NAT that to the Barracuda, which forwards everything to the mail server?
I was always wondering about the www. versus no www. in a URL. Is www just a common way of pointing to the web server? I could use anything I want, but most people use www, is this the case? or is www assigned for web servers only?
I'm not sure exactly what you mean by "You would usually setup the FQDN in IIS using a host header within IIS, this identifies the website within IIS that response to that FQDN." I am assuming you mean I have to enter in www.company.us somewhere in the IIS?
If I create a host record called webserver.yourcompany.us and a cname record www that points to webserver.yourcompany.us, does this mean that my web server has to joint the domain? or am I mixing Window's domains and DNS domains?
Currently, I am assuming that company.us is using the ISP's DNS server because they are hosting the web page and email. Is this a safe assumption/common practice? If so, this means I need to contact them about changing the MX record for the mail?
Regarding the mail server. I have read several books and articles that contradict one another. Some say to put an email relay server in the DMZ and the mail server on the internal network. I plan to install a Barracuda spam filter and it appears that I put this on the internal network as well. Dose this seem accurate? If so, would I use an external IP address on my firewall and NAT that to the Barracuda, which forwards everything to the mail server?
I was always wondering about the www. versus no www. in a URL. Is www just a common way of pointing to the web server? I could use anything I want, but most people use www, is this the case? or is www assigned for web servers only?
I'm not sure exactly what you mean by "You would usually setup the FQDN in IIS using a host header within IIS, this identifies the website within IIS that response to that FQDN." I am assuming you mean I have to enter in www.company.us somewhere in the IIS?
So, if you have a webserver running IIS that has a website and ftp site you could setup a host record called webserver.yourcompany.us and then two cname records ftp & www that points to webserver.yourcompany.us.
If I create a host record called webserver.yourcompany.us and a cname record www that points to webserver.yourcompany.us, does this mean that my web server has to joint the domain? or am I mixing Window's domains and DNS domains?
17 years 6 months ago #22265
by Smurf
This is common if you have purchased your domain name with hosting services. If you have your own DNS services, then you can register the domain and tell them the IP Addresses of your Primary DNS Server and a Secondary DNS Server that will host the DNS records (you do need to have a minimum of two DNS Servers hosting your domain records.
It is best practice to have a mail server in the DMZ that just does AV/Spam scanning before it is forwarded to an internal mail server. This is performing gateway protection to ensure that everything is clean before hitting your internal network (well, hopefully everything will be clean before it hits the internal network)
www is the standard way to address a website. Most users know that websites start www. There is nothing stopping you setting up a website of mywebsite.company.us, DNS is just a name to ip service to help users remember how to get to a host. The host can be running www services, ftp service, email services, nntp services, ntp services, pretty much anything. For example, you may setup a news service on nntp.yourcompany.us. Its much simpler to remember this address then 10.235.98.243. for example. You can also now have a domain name setup so if a host is omited and just the domain entered, i.e. someone just types company.us, it still resolves to an IP Address. Its best practice to also have the www record for your public website.
IIS allows multiple websites to be hosted on the same iis server. Without the use of host headers to distinguish each website, each website would need a seperate ip address to address each one. In a large web hosting environment this would be no good if you had thousands of companies taking hosting services. Therefore in IIS you can setup a website, its ip address is 10.10.10.10 for example and you can assign a host header to that site as www.company.us . You can also have another website on ip address 10.10.10.10 that responds to a host header of www.anothercompany.us , both on the same server with the same ip address.
No, your webserver doesn't need to join the domain, infact you would generally have the webserver in the DMZ as it normally doesn't need direct access to any internal servers, unless it queries a database server for online transactions or something but then you normally have a middleware server which controls all the communications.
If i can help with anything else then please let me know.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: MX Records and Domain Name Space
Currently, I am assuming that company.us is using the ISP's DNS server because they are hosting the web page and email. Is this a safe assumption/common practice? If so, this means I need to contact them about changing the MX record for the mail?
This is common if you have purchased your domain name with hosting services. If you have your own DNS services, then you can register the domain and tell them the IP Addresses of your Primary DNS Server and a Secondary DNS Server that will host the DNS records (you do need to have a minimum of two DNS Servers hosting your domain records.
Regarding the mail server. I have read several books and articles that contradict one another. Some say to put an email relay server in the DMZ and the mail server on the internal network. I plan to install a Barracuda spam filter and it appears that I put this on the internal network as well. Dose this seem accurate? If so, would I use an external IP address on my firewall and NAT that to the Barracuda, which forwards everything to the mail server?
It is best practice to have a mail server in the DMZ that just does AV/Spam scanning before it is forwarded to an internal mail server. This is performing gateway protection to ensure that everything is clean before hitting your internal network (well, hopefully everything will be clean before it hits the internal network)
I was always wondering about the www. versus no www. in a URL. Is www just a common way of pointing to the web server? I could use anything I want, but most people use www, is this the case? or is www assigned for web servers only?
www is the standard way to address a website. Most users know that websites start www. There is nothing stopping you setting up a website of mywebsite.company.us, DNS is just a name to ip service to help users remember how to get to a host. The host can be running www services, ftp service, email services, nntp services, ntp services, pretty much anything. For example, you may setup a news service on nntp.yourcompany.us. Its much simpler to remember this address then 10.235.98.243. for example. You can also now have a domain name setup so if a host is omited and just the domain entered, i.e. someone just types company.us, it still resolves to an IP Address. Its best practice to also have the www record for your public website.
I'm not sure exactly what you mean by "You would usually setup the FQDN in IIS using a host header within IIS, this identifies the website within IIS that response to that FQDN." I am assuming you mean I have to enter in www.company.us somewhere in the IIS?
So, if you have a webserver running IIS that has a website and ftp site you could setup a host record called webserver.yourcompany.us and then two cname records ftp & www that points to webserver.yourcompany.us.
IIS allows multiple websites to be hosted on the same iis server. Without the use of host headers to distinguish each website, each website would need a seperate ip address to address each one. In a large web hosting environment this would be no good if you had thousands of companies taking hosting services. Therefore in IIS you can setup a website, its ip address is 10.10.10.10 for example and you can assign a host header to that site as www.company.us . You can also have another website on ip address 10.10.10.10 that responds to a host header of www.anothercompany.us , both on the same server with the same ip address.
If I create a host record called webserver.yourcompany.us and a cname record www that points to webserver.yourcompany.us, does this mean that my web server has to joint the domain? or am I mixing Window's domains and DNS domains?
No, your webserver doesn't need to join the domain, infact you would generally have the webserver in the DMZ as it normally doesn't need direct access to any internal servers, unless it queries a database server for online transactions or something but then you normally have a middleware server which controls all the communications.
If i can help with anything else then please let me know.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.175 seconds