mattg wrote: ↑
SorenR wrote: ↑
If you really want to host your own DNS then it's not really that difficult. You would want to set up a "Split Horizon" to cater for the FQDN's that is used both internally and externally.
My point is that this is NOT NEEDED to run hMailserver.
I think you missed the point.
Most residential users only have one (1) IP address and is using a hosted DNS with an optional Dynamic DNS functionality to enable an online presence.
They do not really need a Private DNS - if it were not for the fact that most RBL's reject DNS lookups from the major ISP's due to the amount of traffic they generate, same with public DNS'es like 184.108.40.206 and 220.127.116.11 from Google.
Running a Private DNS (local caching DNS) actually require very little effort. Enable the ting on your NAS or Windows Server and set your DHCP to allocate the IP address of the server (most likely 192.168.0.??) as DNS server and that's it. When LAN clients are allocated an IP address via DHCP they are also allocated the IP address of your Private DNS. AND !! Unless you really FU'd they will never know the difference.
The main issue is however that YOUR subscriber IP address is used in the RBL DNS Lookup and since - presumably - you have low traffic your lookup request will be asked and answered. That's WHY you need a Private DNS.
Hardcore private users and corporate installations will most likely use a "Split Horizon" DNS (merging your hosting DNS and Private caching DNS into one DNS) in order to maintain 112% control of their online/offline presence. Most DNS servers like BIND9 will enable you to do this relatively easy but one false setting and you are "off the grid" and there is noone to blame but yourself !!
If you are a nerd, geek or suffer from OCD you would naturally configure both DNS servers (the one at you hosting company AND your Private DNS) to look and feel the same but address different IP addresses. I can promise you that the DNS at your hosting site will have 1 (maybe 2) A-records and a truckload of CNAME's where your Private DNS will have plenty A-records and very few CNAME's. That is the result of NAT (network address translation) and PAT (port address translation).
Sometimes when running NAT you also have to decide if you want to use "Cone" of "Symmetric NAT". "Cone" is the general selection where "Symmetric NAT" is the most secure. Gaming works best with "Cone"
I do not remember hearing about these terms until yesterday when I received my new Huawei B525s-23a 4G/LTE broadband modem (with fixed IP and port 25 open) as a replacement for my regular DSL. The equipment from my DSL ISP did not have the choice and neither did my Cisco ASA5505 firewall.
I have by the way upgraded my connection speed from 15/1 Mbps (ADSL with Pair Bonding) to 75/45 Mbps over 4G/LTE (those are maximum speeds btw.). I live "out where the crows bring their own food" close to the sea where PSTN is the norm and "fiber" is a thing in your muscles. I will need to install an external 4G/LTE antennea to perfect the signal but pings are 16-22 ms so everything works as expected.
I get 5 times higher speeds, fixed IP, open ports and 1 Terrabyte data per month - and pay less... Life is good
“Those who don't know history are doomed to repeat it.”
― Edmund Burke