Hosting Your Own Domain on a Windows Server for Free - Part 1 of 2 - DNS Hosting

Table of Contents

  1. Purpose
  2. Introduction
  3. I'm using a free hosting service, what is the problem ?
  4. Okay, I'm willing to change. What should I do ?
  5. What do you have in your hands ?
  6. Okay, I've a local webserver, so what ?
  7. Okay, people could come in visiting my website, but they don't
  8. Conclusion

1. Purpose top next section

To build on a Windows machine a real server for not only hosting your web sites, but also directly hosting your domain names, including e-mailboxes, all for free.

2. Introduction top previous next section

Not that long ago, the situation of the majority of site builders was :

There was a solution to host your sites on your machine anyway : passing through a "dynamic DNS" system. Let's not talk about that, it's outdated(²) :D

(²) if you're interested, consider upgrading to degrouped broadband for 30 €/month (Router WiFi MIMO, 200 TV & 49 countries phone, 28 Mbps/1Mbps, 10 GB disk space for web pages, illimited emails, all included and no more POTS monthly fee), as DynDNS systems are NOT free. If you ***really*** are still interested , here's what I know of : HDyn from France (50 €/year all inclusive), DynDNS from France (30€/year) or DynDNS from U.S.A. (25U$D/year for custom DNS). Again, what I explain below avantageously replaces those costly systems :D
NB : 1 € ~= 1.3 U$D

Now the situation is that a lot of people have broadband access, and a fixed IP@ given to their broadband router by their ISP, and that a lot of people know how to build a webserver, even on Windows. There are new possibilities open to every man. Given a vast majority(³) of people use Windows on PCs, I think they may find this article interesting, in that it will show (in two parts) :

  1. How to build a Windows webserver with current state-of-the-art hardware (broadband NAT router etc)
  2. How to host your own DNS server for your own domain names
  3. How to change the registrar's data (DNS, MX) for the domain names to point to your server
  4. How to manage your own mailboxes in a secure way, preventing spammers from doing you too much harm

(³) for the other systems' users, if they've a webserver they've all the necessary tools to do the rest - they have SMTP daemons, firewalls, know how to open the good ports only, and have BIND (named) available. Passez votre chemin les gars :D

3. I'm using a free hosting service, what is the problem ? top previous next section

The problems are mutiple:

  1. You share a public webserver with a lot of other sites, so yours are not very performant
  2. You are limited in the choice of tools (versions, patches etc) and also in the functions available (modules or functions disabled by configuration for "security purposes", the most obvious is "mail()" in PHP. Also, being in "safe mode" is a pain in the neck)
  3. If ever it offers MySql RDBMS (some still don't!) you'll NEVER be able to get your data back as soon as their volume exceeds MySqlAdmin's or CPanel's transfer capabilities, especially in safe mode (30 s execution time). Some even don't allow you to do the "SELECT INTO OUTFILE / LOAD DATA INFILE" way. Moreover, it's awful to use and can't be set to a given charset (ie, it's UTF-8 and nothing else ; thanks for the Latin-1 accents in the tables' data :/ ). You will also probably be limited in DB size which can get catastrophical for your website's uptime
  4. The (free) hosting company instrumentates your HTML code to add its own advertisements - that's the price to pay for "free hosting" - , and your site ends up cluttered with pop-overs, flash animations, unsecure javascript code, and doesn't validate any more
  5. The ***actual*** website's URL displayed in the visitor's browser is a baddy baddy one like http://www.multimania.com/domainname/index.html or http://www.domainname.org.hebergement-dynamique.org/index.html
  6. The SE don't find your ***actual*** website (at the hosting facility) as linked to the domain name (at the Registrar) and you never show up in Google under that name but under the ugly real URI
  7. The Registrar where you acquired the domain name "owns" the domain and even if it offers DNS and MX services (catch-all email addresses with redirection to your private one, etc) you can't define subdomains or block spammers from using those publically-available data to send you insane messages about ViAgra, MICR0S0FT Office available for X U$D, 0EM software or pills to no longer be "like the other guy"
  8. If you want to "hide" the ***actual*** website's URL from the browser, you have to find a way to make the browser display the domain name in stead. This can only be done in some ways :
    1. Telling the Registrar to redirect calls to the domain name (http://www.domainname.com) to an other hosting facility "owning" the domain name (see below)
    2. Telling the Registrar - if it offers this feature - to build a FRAMESET around the domain name to hide the redirect to the ***actual*** facility

Redirections as above are bad, be them permanent or temporary [HTTP "error" codes 301, 302], and require that you:

Example of such an index.html page: (the infamous "frameset à zéro")

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=ISO-8859-1">
<meta name="generator" content="Wordpad">

[meta stuff here, hoping to attract SE by carefully-chosen keywords]

<meta name="creation" content="01/01/1997">
<meta name="last-modified" content="20/12/2005">

<title>La Guilde des Sages d'Eä</title>
</head>
  <frameset rows="*, 0" frameborder=0 border=0 framespacing=0>
    <frame name=a src="http://www.fecj.org/JdR/">
    <frame name=b scrolling=no noresize src="http://www.fecj.org/blank.html">
  </frameset>
</html>

The only advantage of this solution is that it offers a way to track activity in the main frame from the other one (blank.html). You could detect the person leaving the site (while they didn't leave the frameset ;-) and the OnUnload() event handler is there to catch the real site exit, for example to show one last "bye bye" window.

Example of such a blank.html page

<?php
@session_start();
header("Content-Type: text/html; charset=iso-8859-1"); 
if (!isset($sess_pseudo)) $sess_pseudo='';
if (!isset($globFTitre)) $globFTitre="you are a robot";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>dummyW3C</title>
<script language="JavaScript" type="text/javascript">
<!-- Hide from JavaScript-Impaired Browsers
function ByeWin() {
  windowIMA=window.open("",'a','resizable=1,width=303,height=401');
  // usually I add toolbar=no,location=yes,directories=no,menubar=no,scrollbars=no,status=yes,
  windowIMA.document.write("<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><title>Bye Bye<\/title>"
+"<meta name='generator' content='Wordpad'>"
+"<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'>"
+"<meta http-equiv='Content-Language' content='fr'>"
+"<meta http-equiv='imagetoolbar' content='no'>"
+"<\/head><body bgcolor='#000000' text='white'><center>"
+"<p><?echo $globFTitre;?><\/p><p>Thanks for your visit <? echo $sess_pseudo;?><\/p>"
[blah blah blah]
+"<br><br><a href='javascript:self.close()'><font color=red>fermer cette fenêtre<\/font><\/A><br>"
+"<\/center><\/body><\/html>");
windowIMA.document.close();
}
// End Hiding -->
</script>
</head>
<body onUnload="ByeWin()">
</body>
</html>

The window can also be set to close itself after a short duration (via SetTimer() of course).
I also designed an "auto-frameset" feature for some old website of mine ; the index page, when called the first time, builds a frameset exactly like the above, calling itself in return with a parameter to indicate "second call". Use a session variable if you want. Poses no problem technically, but same drawbacks as above.
SO FOR ALL THOSE REASONS if you still use such a system, I can but recommend to either rent a virtual host on a mutualized server somewhere, buy a dedicated server & rent bandwidth, or continue reading for doing it for free :D

4. Okay, I'm willing to change. What should I do ? top previous next section

The first thing to tell yourself is that I'm not the kind of guy that would research difficulty for the grand glory of defeating windmills : if I can find - and I have - a clean & fast way of obtaining results, I will show it to you. This said, we will see in the second part (about emails, MX, SMTP, POP) that after spending a lot of time trying spammers' kiddy scripts & toys, supposedly free tools and professionnal packages at 300 U$D minimum, I finally did a best-fit program myself in two days using Delphi ;-)

The second thing is that I wouldn't recommend building a webserver + DNS server + SMTP/POP server on Windows unless I took great care of precising that, in order to reach maximal (not "optimal" ;-) server stability:

Then here are the technical steps I will suggest to follow. If you already have fulfilled some of the steps, pass rapidly over the relevant sections. Or read them, it can't do any harm.

Honestly, I must admit there are probably other solutions, or variants depending on the Registrar (mine (Gandi), for instance, would allow me full DNS operation on their servers, still for free - so operating my DNS server isn't in fact necessary - but I chose to stay almost independent) but let's stick with the general steps above in this general tutorial/article, thanks ;-)

5. What do you have in your hands ? top previous next section

Okay, you already use your own machine - connected all the time to Internet via the fixed IP@ given to your NAT router by your ISP (I hope acronyms are clear, if not ask ERT :D - to test your websites before uploading them to the remote hosting.

OR you have a connected PC but you didn't realize yet that it MAY very well be used as YOUR webserver - for free ! -

Let's suppose you've done the right choice : an Apache webserver installed on your Windows box. (installing it is a matter of 2 minutes download time, 30 seconds installation time anyway - 10 minutes if you never did it and want to read every line of httpd.conf to make sure you are not running at risk ; in that case, why not have a peek at Nicholassolutions's article on ERT.com ? ;-)

6. Okay, I've a local webserver, so what ? top previous next section

If you've a working webserver, accessing http://localhost/ should bring up either "it's working" or "under construction" depending on the Apache version. Or your website's root page, of course ;-)
If you get a 404 error ("website not found") then check your httpd.conf file, it's the basis of everything. You have to have those lines valid : (Windows version)


Listen 80
ServerAdmin webmaster@domainname.com
ServerName localhost:80
#REM I always use a specific folder/directory to store the web pages, thus :
DocumentRoot "W:/www"
<Directory "W:/www">
    Options Indexes FollowSymLinks
    Order allow,deny
    Allow from all
#suggestions :
    AllowOverride None
    AcceptPathInfo On
</Directory>

#eventually those if you use PHP5 :
#load appropriate module
LoadModule php5_module d:/php/php5apache2_2.dll
# configure the path to php.ini
PHPIniDir d:/php
# set a default type (good practice)
DefaultType text/plain
# enable PHP parsing
AddType application/x-httpd-php .php .htm .html .phtml .shtml
#EoPHP

#change that one if you want to have silently HTML static pages transformed into PHP-generated dynamic pages :
DirectoryIndex index.php index.phtml index.html index.htm index.shtml index.cgi

#uncomment the following line, we will use it afterwards ;-) (Apache 2.2 only)
# Virtual hosts
Include conf/httpd-vhosts.conf

Now let's suppose you got it working ;-)

The next step is to make sure people can come to your website from the "exterior".

For this, you've to use no more http://localhost in your browser (that is what's called "loopback address" <=> IP@=127.0.0.1 <=> host="localhost") but your external IP@

The external IP@ belongs to your broadband router and is given to you by your ISP ; given you use a router, you probably use one kind of 'box like those ones : FreeBox, 9box (note IP@ is dynamic and UL is 128kbps), LiveBox (40€/month for 18Mbps/800 kbps max + 3€/month for the LiveBox itself + IP@ is dynamic and a fixed one is at 18€/month, transfer volume unlimited, 5 email boxes only, +PHP at 9€/month (no MySql DB) with 100 MB disk space only for your personal pages), DartyBox, ScarletBox, Club-Internet, AOLBox (note no fixed IP@ available, and no engagement on UL minimum speed), etc).

You get different surf speeds (DL/UL) and extra services (fixed phone calls, mobile phone calls, TV) for very different prices. A comparison of broadband offers can be found here. The fastest & technically-best solution is the degrouped FreeBox : 28Mbps (ATM) DL, 1 Mbps UL, fixed IP@, 30€/month all included (no options to take), transfer volume unlimited, email boxes unlimited, full *AMP available at no cost with 10 GB disk space for your home pages.

Beware that you've to choose a provider giving you enough UL bandwidth and a fixed IP@ ; some are still selling a fixed IP@ at 18 €/month (Livebox at low-cost) or at an unspecified price (option "dégroupage total" for DartyBox ~= ScarletBox) or have ridiculous UL speeds like 128kbps. A reasonable minimum is 320 kbps which amounts to only 40 KB/s, after all ;-) The goal is to reach sub-second transfer time for normal web pages, ie 50 KB maximum in size. You can't get this with multiple clients connected on a 128 kbps UL connection...


Now back to the beef : those boxes implement NAT which means they are kind-of a "firewall", in the sense that they map the specified external ports to your external IP@ to internal addresses and ports on your LAN (even if you've only one machine, it's considered in the LAN) and block any unspecified traffic. In our case, we need to tell it to map any address, port 80 to your webserver's internal IP@ (192.168.0.x or 172.169.0.x) on port 80.

To do so, you need to access the router in a specific way. Some offer a console access (*nix, Windows), some require an Ethernet cable to a specific port, some require the connection to the ISP's website first (nor practical when you lost the line ;-) and some use an embarked webserver anyway, which is accessible only from the LAN (internal IP@ range). The most common is the latter. Let's go :

config

What we want to ensure by using that configuration page is :

(²) Please take note that only WEP is available on Windows 2K. WEP is weak compared to WPA. Don't use WiFi, use Ethernet. Your 'Box is probably a 100Mbps Ethernet switch anyway ;-)

Save to the router's memory, allow it to reboot if necessary (especially if you changed the password ;-) and you should be ready at last to continue...


Now it's time to get your (fixed) IP@ and (fixed) host name on the Internet. How ? Various ways. Either access the router and it will be shown in the "connection status" part, or go to the 'Net to that address and your external IP@ will be shown to you, along with your host name (copy-paste those info somewhere on your machine), and also testing your xDSL line speed, so that you know if you've been escrooked or not :D. You could also obtain the hostname from the IP@ alone by a reverse DNS lookup :try nslookup 82.200.1.2 in a "DOS" window, or go to websites offering DNS lookup services (they are a plethora, start with a Google search).
Let's assume that you obtained the answer : IP@ = 82.200.1.2 and host name="you59-2-82-200-1-2.provider.net"

NOW you should be able to access http://82.200.1.2/ from your browser and end up displaying your website in your browser ;-)

If your software firewall asks for a confirmation of the remote access to your machine, you've to click on "accept" with "build a rule" so that from that point on in time, EVERYBODY can access your webserver.

If you get a silent failure (browser fails, no other visible reason) then it's probably your software firewall (the infamous XP's ? ;-) that is blocking. Deactivate it and install a real serious one (see above), or find a way to let it "open" the port 80 accesses to your system.

If it ***still*** doesn't work after you deactivated the firewall (and also the antiviral "solution" you have ; McAfee's and Norton's "Security Suites" are known to assume a lot of things in your back ; deactivate them 20 seconds for testing purposes, then if it worked as expected, reactivate and research the proper way to make them shut their mouth on port 80 accesses to your webserver ;-) then you screwed up something in the above part. Same player shoots again.

If you still don't succeed, then this tutorial is probably faulty or incomplete, please tell me about your problems ;-)

7. Okay, people could come in visiting my website, but they don't top previous next section

Yeah. True. Normal. Your webserver hasn't been "advertised" on the 'Net and nothing points to it. Only someone guessing your fixed IP@ could see it (there ARE robots exploring the web in search of victims for their mass mailing/zombification, so be warned against the inherent risk of having a permanent IP connection open... Nothing is safe forever. Make backups and don't store sensitive information on the server. If you feel ***very*** uncomfortable at the idea anybody could peek into your computer, the solution is simple : you've the choice between (a) never connecting too long to Internet and (b) not running Windows :D)

At this point, you could redirect at the domain name's Registrar level the web accesses to your system, in the old fashioned way explained on top, with its many drawbacks, especially for SE an your position in Google, Yahoo and such directories

What we will do now is the fun part :D
We will:

  1. Prepare YOUR webserver to receive Web accesses to your domain names
  2. Install a DNS server on your machine
  3. Configure the domain name at the Registrar level so that YOUR DNS server owns the domain name
  4. Last checks and going live

7.1. Prepare the webserver top previous next subsection

I must admit there are at least three possibilities to manage multiple domain names on a single webserver (yes, what you are building is a "mutualized" webserver, at least if you perform those steps for more than one domain name of yours ;-)
Summary : .htaccess, RewriteRule, software redirects to subdirectories from the main index.html page, or virtual hosts.

The best solution is Virtual Hosts

On an Apache server, depending on its version, you may either find that configuration part at the end of httpd.conf (1.3.x, 2.0.x), or in the separate (2.2.x) httpd-vhosts.conf file (remember when I uncommented the related line in httpd.conf ? ;-)
The structure of a virtual host entry is similar to what you are now accustomed to for a web server :D Almost any directive can go into a virtual host "container". Here's an example of a minimalistic virtual host definition:


<VirtualHost *:80>
  ServerName www.yourdomain.com
  ServerAdmin webmaster@yourdomain.com
  DocumentRoot "W:/www/yourdomain"
</VirtualHost>


As you may guess, the important part is the DocumentRoot change. This virtual host entry means : when people come in using the host name www.yourdomain.com (in other words, using http://www.yourdomain.com in their browser), the Apache webserver will use as a root for your entire website's documents (scripts, HTML pages, images, files etc) the new DocumentRoot specified.

The good thing is that this way, people can't get out of THIS DocumentRoot : for them, nothing exists above "/" = the root of your webserver = THAT DocumentRoot settings.

I suggest that you check locally your web site, using http://localhost/domainname . Try to make sure you don't need files external to the DocumentRoot, relative pathes going over the ./domainname directory, etc


Now that we're ready to receive them, all we've to do is enable people to actually come to YOUR webserver for this domain name ;-)


7.2. Install a DNS server top previous next subsection

Well, we don't have a lot of choice on Windows, at least for free ;-)

What I used is the ISC BIND 9 port for Win32 available at ISC Website (ZIP 3.7 MB)

The 7.2 MB files therein include the documentation (2 MB) and all the necessary tools (named, dig, a real nslookup, named-checkconf etc) as if you were on a nice *nix or linux box, and all that for 1.31 MB disk space - a misery - once installed

The installation is straightforward. Only make sure you chose the right place for the ./dns/ directory holding the DNS config files : it has to be in a safe place - not in the middle of the webserver files! - and backed up regularly, like all the rest of important user & server config data. (this obviously includes the Apache ./conf subdirectory's contents)

The installation will create a separate .\named Windows user for the service to run as ; if you specify a password, don't forget to add it to the user at the "users management" level in Windows

To check if the DNS server is properly configured on the form, it's easy : launch the service from the "Services" management console. I suggest you add a link on your desktop (or to your "Start Menu"), pointing to %WINDIR%\system32\services.msc (WINDIR is usually C:\WINNT or C:\WINDOWS). If the service starts, BIND is okay with the structure of your configuration files, the user named is allowed to run, etc

Of course, you didn't win the Great Prize yet : no real DNS query has come in (port 53/firewalling issue), your domain is not configured yet, and nobody knows your DNS server ;-)

Let's take care of your domain name first. Find the place where you installed BIND (say, c:\dns). In ./etc, you'll find some files amongst the ones we will modify or build:


named.conf
localhost.zone - (*)
localhost.rev - (*)
rev.monip - (*)
domainname.zone - (*)

(*) can bear any other name at your pleasure

If you don't find some files, no worry, we will build them anyway ;-)

Let's start with the main file for DNS : named.conf. That file has to be named like that. Amend it for your domain name(s) in the following way:


//named.conf for domainname.com
//
// acl clause if required 
// defining first avoids forward name references
//none acl "name" {...}; 
//

logging{
  channel simple_log {
    file "c:\\dns\\etc\\bind.log" versions 3 size 5m;
    severity warning;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
};

// usually requires at least a file statement
// unless you are using the system log
options {
  directory "c:\\dns\\etc";
  forwarders { //VGR REM in here your ISP's DNS servers (**)
    212.27.54.252;
    212.27.53.252;
  };
  version "chut"; // in here we "hide" the DNS server's signature, but it will be footprinted anyway
};

// other clauses/statements (as required)
// zones clauses including 'required' zones
zone "localhost" IN {
  type master;
  file "localhost.zone"; // (*)
  allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
  type master;
  file "localhost.rev"; // (*)
  notify no;
  allow-update { none; };
};
zone "domainname.com" {
  type master;
  file "domainname.zone"; // (*)
  allow-update { none; };
};
// reverse mapping example
zone "1.200.82.in-addr.arpa" IN { // in here your ARPA address : first three numbers only of your IP@, in reverse order
  type master;
  file "rev.monip"; // (*)
};
//VGR REM server's name is you59-2-82-200-1-2.provider.net


(**) if you don't have them (look on your subscription paper ;-), or are too lazy trying to find it on your ISP's website, or don't trust your router's config (do ipconfig /all in a "DOS" console (cmd.exe), you'll see the DNS servers obtained by your 'box), then you may give a try to this nice site

Let's continue now with file rev.monip (or the other name you chose):

caveat : we should probably not allow "zone transfers" althought the security risk is near zero



; rev.monip

$TTL 86400   ; Default TTL in secs(1 day)
@	IN SOA domainname.com. postmaster.domainname.com. ( 
	2006051501      ; Serial number yyyymmddvv
	10800   ; Refresh  (3, was 8 hours)
	3600    ; Retry (1, was 2 hours)
	604800  ; Expire (7 days)
	86400   ; 
)
	IN      NS      ns1.domainname.com.
2	IN	PTR	www.domainname.com. ; in here, YOUR LAST IP@ number and YOUR first domain name


beware of keeping the empty lines at the end of files, and also of the dots which have a very special meaning in DNS config files.

Let's continue now with file localhost.zone (or the other name you chose):


$TTL	86400 ; 24 hours could have been written as 24h
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@  1D  IN	 SOA @	root (
	2006051501 ; serial
	3H ; refresh
	15 ; retry
	1w ; expire
	3h ; minimum
)
@  1D  IN  NS @ 
   1D  IN  A  127.0.0.1   


Let's continue now with file localhost.rev (or the other name you chose):


$TTL	86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@       IN      SOA     localhost. root.localhost.  (
 	2006051501 ; Serial
      3h      ; Refresh
      15      ; Retry
      1w      ; Expire
      3h
) ; Minimum
        IN      NS      localhost.
1       IN      PTR     localhost.


Let's continue now with the really important file domainname.zone (or the other name you chose):


; /var/named/domainname.com
;
; VGR REM this is domainname.zone
;
; This line must be at the beginning of the file, it indicates that
; the name server being master for all the following addresses
;

$TTL 86400   ; Default TTL in secs(1 day)
@	IN SOA ns1.domainname.com. youremail.yourisp.com. ( 
	2007020904      ; Serial number yyyymmddvv
	10800   ; Refresh  (3, was 8 hours)
	3600    ; Retry (1, was 2 hours)
	604800  ; Expire (7 days)
	86400   ; 
)
;
; Descriptions of name servers for this domain
			IN	NS	ns1.domainname.com.
			IN	NS	ns6.gandi.net.
ns1			IN	A	82.200.2.1
www			IN	A	82.200.2.1
ftp			IN	A	82.200.2.1
domainname.com.	IN	MX 1	mail1.domainname.com.
mail1			IN	A	82.200.2.1

;eof


This file is the one you'll have to manage for your domain name. Each time it changes, you have to increment the serial number, save the file and then relaunch the ISC BIND service.
The line in bold above will be explained hereafter.
Your DNS configuration is done.

To check if the DNS server is properly configured on the ground, simply try to restart the ISC BIND service. It should work. If not, check config files ;-)

In the tools provided with BIND (not in ./etc but in ./bin), you have the necessary tools to check zone files and named.conf settings. RTFM ;-)

There is also a way to remotely check your DNS configuration : go to http://www.ip-plus.net/tools/dns_config.fr.html and choose "DNS Check Tool", then enter your domainname.com in the first box (no trailing extra dot ! ), and in the second box your webserver's IP@ (82.200.1.2) or host name (you59-2-82-200-1-2.provider.net, that's why I had put it at the end of named.conf : to be able to copy-paste it quickly ;-) and then press "Submit"
Nota Bene : this site is available in four languages, choose the one you like the most.

After a short while, you'll see a DNS report like this one. One important thing is that it has no errors, althought some "errors" are not real errors if you ask me.
I will put in bold below the important lines to check for success or errors


DNS check tool  	Back

Domain domainname.com, DNS server you59-2-82-200-1-2.provider.net

Found IP address "82.200.1.2" for server "you59-2-82-200-1-2.provider.net"


Setting Source IP Address to : "164.128.36.54" 

Check if the server "you59-2-82-200-1-2.provider.net" is configured for "domainname.com" ... ok.

Check SOA Record ...
Server: you59-2-82-200-1-2.provider.net
Address: 82.200.1.2

Query about domainname.com for record types SOA
Trying domainname.com ...
domainname.com            	86400	IN	SOA	ns1.domainname.com youremail.yourisp.com (
			2006051505	;serial (version)
			10800	;refresh period (3 hours)
			3600	;retry interval (1 hour)
			604800	;expire time (1 week)
			86400	;default ttl (1 day)
SOA Record ok

Check NS Records ...
Server: you59-2-82-200-1-2.provider.net
Address: 82.200.1.2

Query about domainname.com for record types NS
Trying domainname.com ...
Query done, 2 answers, authoritative status: no error
domainname.com            	86400	IN	NS	ns6.gandi.net
ns6.gandi.net is secondary nameserver
domainname.com            	86400	IN	NS	ns1.domainname.com
ns1.domainname.com is primary nameserver
Additional information:
ns1.domainname.com        	86400	IN	A	82.200.1.2
ns6.gandi.net       	172497	IN	A	217.70.177.40
Found IP address "217.70.177.40" for server "ns6.gandi.net"
Found IP address "82.200.1.2" for server "ns1.domainname.com"

Check SOA Record for Consistency on all Servers  ...
domainname.com            	NS	ns6.gandi.net
ns1.domainname.com	youremail.yourisp.com	(2006051505 10800 3600 604800 86400)
domainname.com            	NS	ns1.domainname.com
ns1.domainname.com	youremail.yourisp.com	(2006051505 10800 3600 604800 86400)


Check Zone Transfer
This may take a while, please wait ... /opt/wwwtools-1.0/checkdom/hostsqs  -Z -a -l -v -A -G -D -S   -P 82.200.1.2 domainname.com 82.200.1.2 2>&1
 done.
*** WARNING ***  !!! ftp.domainname.com address 82.200.1.2 maps to www.domainname.com
*** WARNING ***  !!! mail1.domainname.com address 82.200.1.2 maps to www.domainname.com
*** WARNING ***  !!! ns1.domainname.com address 82.200.1.2 maps to www.domainname.com

No errors found in "domainname.com"
3 warnings found in "domainname.com"

As you may see, the fact of mapping multiple hosts to the same IP@ is a ground for unconsequential warnings. You can get rid of those "extra servers" and just keep "www". Deleting "ftp" won't prevent you from connecting remotely to your server, provided you use the fixed IP@ or www.domainname.com as the host, that you've an FTP server listening, and the router is configured to let you in on the port listened to (usually 21, but it's a good idea to change it if it's a private FTP access that you want to build).

Now about the secondary DNS server. Remember we are building our own "name server" (DNS) on a single machine, and we don't have a secondary name server. Halas, it is required for DNS configuration. Thanks God, there are free "secondary DNS server" services around - some even dare to make you pay for it ! - and my Registrar (Gandi, again) even has the niceness to enable you to specify "ns6.gandi.net" as a secondary server. If ever you are at an other Registrar and experience difficulties, you may have a look at the well-written FAQ about it.


7.3. Configure the domain name at the Registrar level top previous next subsection

Speaking of the Registrar, now is time to perform our last operation as far as DNS config is concerned.

Go to your domain names' administration console, select your domainname.com, click on "DNS servers", "modify" and enter this:


primary name server : you59-2-82-200-1-2.provider.net (that's your server's host name ! )
secondary name server : (your choice ; ns6.gandi.net in my case)

Save, wait for DNS propagation. After a while (0 to 72 hours depending on the domain name's extension and Registrar's efficiency ;-) all over the world, people accessing http://www.domainname.com will end up on your website using your disks with your databases, on your webserver.

The two last details you need to know are :

  1. country TLDs (.fr, .de, .uk etc) take longer to propagate than .org, .net and .com ones
  2. there is an "administrative distinction" that I learnt with pain between .org and (.com and .net) : naively, I thought a "technical contact" could change the DNS settings at will. Not at all ;-) (or more precisely, "no longer" following the liberalization of competition between registrars for .com and .net) : the domains belonging to the first category (.org) you can modify as you wish. The ones belonging to the other two you can NOT change the DNS servers UNLESS they are (all) REGISTERED at the Registrar's beforehand. Hopefully, there is a simple "register a name server" link on Gandi's interface ;-)

7.4. Last checks and going live

In fact, don't worry of "going live" : you already are ;-)

As long as your DNS server (ISC BIND service), your webserver (Apache service or console process), your database server (MySql service) and your router runs and maintains the xDSL connection, your server is live on Internet.

The last checks I was thinking about are:

9. Conclusion top previous section

I hope you found the explanations crystal clear and the solution elegant. For very few resources, you can manage your own domains yourself at no cost.

As an example of resources used : my server runs for some hundreds of hours now (remember it's Windows ;-), and my Apache consumes 64 MB or memory, the DNS server 5.8 MB and the SMTP server 2.8 MB
The SMTP part is to be covered in "part 2".

The shameful drawback is that I will probably encourage people to use more Windows servers and help Microslop gain market share from *nix and linux. Thanks God, I have good hope that people will use Apache and not the buggy & clumsy IIS, so stats on Netcraft are probably due to go in the right direction.

Best regards,
Vincent Graux (VGR) for European Experts Exchange and Experts Round Table and Edaìn Works  back to list of articles
Last update 2021-03-15 16:05:43


you may continue reading Part 2 if you like