Setting up authoritative DNS for the home lab

Now that we've had IPv6 enabled for a while and have been monitoring the Comcast Prefix Delegation for stability (the delegation hasn't changed since we start monitoring it a couple of weeks ago), it's time to get some DNS names in place for my servers so they can be easily accessed from outside my local network.

I had the idea that I could go to my current website and DNS provider, Wix, and just delegate a new sub-domain called labs.siegelgroup.net to a virtualized DNS server I had spun up on my local LAN. So off I go to my dashboard to make an NS entry for labs.siegelgroup.net that points to my DNS server, and find that Wix doesn't support editing or additions of NS records. Fail #1.

So much for that plan! I will just have to run DNS locally and put some AAAA records into wix for the handful of things I want to be visible from outside the network.

Fail #2! No luck there, either. It looks like wix has no IPv6 support at all and is still debating whether or not they should implement IPv6 for their sites. If you are a wix user, please visit the URL and upvote the feature request. I don't know how much business they may have lost over this, but there are plenty of places to host your web site that have v6 support and it's not very smart for a web hosting company not to have this in place. If you host any kind of application service on the Internet, you should care about this. Your clients may not be clamoring for it just now, but one day they are going to wake up and realize they need you to have it and there's nothing worse than scrambling out of desperation to meet the needs of your clients, especially with something that has the potential to be complex in your environment. Come to think of it, it's no fun as a client to have to change vendors because you wake up one day and find out you missed something in your supplier evaluation that's going to turn out to be important one day.

My options this point:

1) Leave my web site at wix but move the DNS (meh)

2) M<ove the web site and the DNS to a competitor that has their shit together (meh meh! I'm already paid up until April 21 on this site)

3) Grab a new domain and set it up on my own nameserver

Of the three options, #3 makes me feel the most special, so let's do that! Plus, I have two other web sites hosted with Wix (www.sandisiegel.com and www.masteredmix.com) that I'd probably commit to moving as well, and that level of work is completely tangential to what I'm trying to do with my home lab.

There are a number of registrars to get your own domain name these days, but because I'm too impatient to do a lot of research on this topic I just went with godaddy.com. Okay, maybe not just laziness...I have several former colleagues that work there and if I ever needed help with something, I'm sure they would take care of me. The domain cost me $35 for 3 years, so that was easy enough. Then I wanted them to run secondary for me, but they want to upgrade to premium for that and offered to do that for $3/month over 60 months...a $180 price tag (gulp).

What I mean by secondary is this: I don't want to just run an authoritative nameserver on my local LAN behind a consumer broadband because the service could go down at any time, or even worse, they could change my dynamically assigned IP address and then I'd have to go and update the nameserver records with a new IP just to get name resolution for my domain working again. If I have one or more secondary nameservers that transfer my zone information from me, the Internet will use one of those backup servers even if my primary nameserver goes down for some reason.

There are free options out there that include trading secondaries with friends that also run their own nameservers, or a pretty darn easy option is to take advantage of he.net's free DNS service over at dns.he.net. When you sign up, they give you a list of nameservers that you'll need to go update into your DNS configuration with GoDaddy before they will attempt to transfer the zone. This took about 3 minutes for GoDaddy to update in my zone, and the rest of the setup took just a couple more minutes. 10 minutes later, Hurricane Electric had my zone.

This is so much better since the last time I did any major work with DNS. Granted, that was back when the Internet dinosaurs roamed the earth (the 90's), but still. I recall working with Network Solutions on this kind of stuff, and it involved crafting a specially formatted email (you had to download the email template first) and after you sent it to them you might have had to wait days for this. Then to get someone to secondary your zone, you had to email them the zone and IP address to fetch it from and you were at the mercy of their schedule to get it scheduled. Today, the whole process took me maybe 30 minutes, max?

My hat goes off to Mike Leber and the gang at Hurricane Electric for putting together such an easy to use service, and best of all, making it free!

And finally we verify that our end goal is complete. We run over to test-ipv6.com and run a query on our web site to see if it's reachable from the Internet. Et Voila!

Additional steps not shown here are:

1) configuring the Google WiFi router to allow DNS traffic to my DNS server, and to allow port 80 through to our web site (although you can see the configurations for it in this other blog I wrote)

2) spin up of the DNS server and bind configuration (maybe some other day, if there's interest)

3) spin up of the web server and apache installation

Siegel Group does all of its consulting through Yates Ltd. Yates Ltd is a boutique consulting firm specializing in cost optimization and network transformation. We have specialists in network transformation strategy, program management and negotiation and can help you out with your next project. Reach out to me at dave@siegelgroup.net if you'd like to discuss your project with me.