| Nameservers [message #42442] |
Mon, 18 April 2011 16:23  |
KitchM
Messages: 13
Registered: April 2011
|
Junior Member |
|
|
There seems to be a little confusion amongst us newbies when it comes to things DNS. Am I wrong in assuming that when one creates a new container, as described in the wiki under Basic_operations_in_OpenVZ_environment, one is entering the domain's IP address, and the domain's own nameserver's address?
The question comes up when a host inserts two public DNS nameservers (such as one might use with their browser) for the domain's nameservers. It seems to me that the domain must connect with the whole DNS system of the Internet for its proper operation, and that this point in creating the container for the customer's set of servers is the customer domain's own nameservers and not someone elses.
Am I off base with this?
Thanks.
|
|
|
|
|
|
|
|
|
|
| Re: Nameservers [message #42796 is a reply to message #42788] |
Sun, 29 May 2011 23:36  |
Ales
Messages: 330
Registered: May 2009
|
Senior Member |
|
|
KitchM wrote on Fri, 27 May 2011 23:32Part of the container setup process is to define the nameservers and addresses for it.
The question becomes "Whose are those"? Obviously, it appears they should be the customer's, including the customers purchased domain name.
No, IP address of a container is the IP that you set aside for it and it's DNS IPs are either from your DNS (if you decide to run your own), your server provider's (same IP's as you'll see in the /etc/resolv.conf on your server) or even OpenDNS or Google's public DNS.
Your customer's domain names and their DNS have nothing to with it. Your customer might even use his VPS without his own domain - he might use a hostname you set for him or only the IP you give him. Or he might have a single domain hosted, or 200 of them. Or thousands. They might use a single or many different DNS's to point these domains to their VPS. It doesn't make any difference.
Hope this clears things a bit.
[Updated on: Sun, 29 May 2011 23:37] Report message to a moderator |
|
|
|
|
|
| Re: Nameservers [message #42798 is a reply to message #42797] |
Mon, 30 May 2011 01:57 |
Ales
Messages: 330
Registered: May 2009
|
Senior Member |
|
|
KitchM wrote on Sun, 29 May 2011 20:28So, to put it another way. The containers IP address and the nameservers it is assigned are for the benefit of the container provider.
Container won't work without them.
Quote:However, the customer who is rented the container is able to set their own IP addresse(s) and nameserver(s) as they desire for their own domain.
Yes.
Quote:What I don't understand is how those two sets of specifications are kept separate.
You don't need a domain in order to have a container. You don't even need a domain in order to reach a container. The DNS for a domain and the DNS for a container are set in different places, they are completely different things.
Quote:The customers nameservers can continually be overwritten by the ones used by the service provider, as I've seen it happen with resolv.conf.
The contents of the resolv.conf can change, yes. As long as the entries are valid, the change shouldn't affect the container much. If the customer happens to have a domain registered somewhere, this change won't affect the domain in any way. The equivalent of this would be changing the resolv.conf from OpenDNS public DNS to Google's public DNS. Both entries should work pretty much the same.
Try to imagine a few different scenarios:
1) try to think of a situation where a container customer owns no domains. Eliminate the existance of a domain from this scenario alltogether. Assume that the customer will only use an IP to reach his container. How should the container be set up? You'll understand faster if you start this way...
2) after the previous imaginary container is set up and after the customer has started using it, imagine that the customer suddenly remembers he has registered a domain some years ago at some third party registrar. This registrar offers the customer to use registrar's DNS for the domain. What does he need to do in order to point this domain to his existing and fully operational container? You'll see that he shouldn't need to change the resolv.conf at all.
3) then a third scenario - customer decides he wants to run his own DNS inside the container, he wants ns1.hisolddomain.com and ns2.hisolddomain.com to be used for hisolddomain.com. What does he need to do? You'll see that he still doesn't need to change the resolv.conf.
4) the last scenario - customer decides he wants to use his own DNS inside his resolv.conf within his container. What does he need to do?
Once you can imagine all four scenarios, you're pretty much set to go as far as the basic DNS is concerned. It would be best if you could try this out on some test server or a virtual machine at home...
Hope this helps.
|
|
|
|
|
|
| Re: Nameservers [message #42810 is a reply to message #42798] |
Mon, 30 May 2011 22:19 |
KitchM
Messages: 13
Registered: April 2011
|
Junior Member |
|
|
After a little thought, a couple questions come to mind.
1. Can't the VPS provider access any container right from their root account? If so, they don't need any DNS nameservers or addresses. Therefore, the only valid reason for having them is for the customer to reach their rented container.
2. If the provider enters the customer's domain info and the customer's nameservers into the container setup instead of any others, everyone could still access the container.
Is that not correct?
[Updated on: Mon, 30 May 2011 22:19] Report message to a moderator |
|
|
|
| Re: Nameservers [message #42818 is a reply to message #42442] |
Tue, 31 May 2011 11:58 |
Ales
Messages: 330
Registered: May 2009
|
Senior Member |
|
|
KitchM wrote on Mon, 30 May 2011 18:19After a little thought, a couple questions come to mind.
1. Can't the VPS provider access any container right from their root account? If so, they don't need any DNS nameservers or addresses. Therefore, the only valid reason for having them is for the customer to reach their rented container.
Also, networking within a container won't work without a properly set up resolv.conf. Ie. the provider could use vzctl to enter the container but he wouldn't be able to use yum, wget or any other similar tool within a container. Simply said - container would have no internet access.
Quote:2. If the provider enters the customer's domain info and the customer's nameservers into the container setup instead of any others, everyone could still access the container.
Is that not correct?
I still dont't understand where would you enter the customers domain, what would you use it for? You could use it for a host name I suppose, but only if the domain already has a working DNS, and the customer has already set up a new A record.
If you use customer domain's DNS's IPs to resolve DNS within a container, what will you do in case if:
- customer doesn't have a domain at all
- customer's domain doesn't have a DNS (ie. he plans to run his own or he hasn't activated the domain yet)
- customer domain's DNS provider doesn't allow recursive DNS queries.
That's from the top of my head, I'm sure there are other scenarios where this would fail to work completely too.
Perhaps someone could provide a better answer if you tell us why wouldn't you want to use your own DNS (or your server's providers) or ie. OpenDNS or Google's public DNS to resolve DNS within a container..?
|
|
|
|
| Re: Nameservers [message #42821 is a reply to message #42818] |
Tue, 31 May 2011 17:14 |
KitchM
Messages: 13
Registered: April 2011
|
Junior Member |
|
|
Perhaps the easiest way to understand this problem is to see it after the fact. Let us say that a customer rents a container and then sets up his own domain with his own nameservers, etc.. At that point, the providers DNS settings become irrelavant and the continual use of them will continually mess up the customer's resolv.conf for no good reason.
The provider should ask certain questions prior to setting up the container anyway:
1. What OS do you want to use?
2. Which control panel do you want?
3. Do you need any servers setup?
4. Do you have your own domain?
5. Did the customer have their own nameservers listed?
I think I understand that the process may become too complex for the provider to handle. But at the very least, there needs to be a way for the provider to change the settings of the container to match the customer's wishes after all is set up.
[Updated on: Tue, 31 May 2011 17:15] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
| Re: Nameservers [message #42829 is a reply to message #42442] |
Thu, 02 June 2011 02:02 |
Ales
Messages: 330
Registered: May 2009
|
Senior Member |
|
|
That's the angle I have been thinking off. I think we can give the public a really good control panel, for both admins and users, but the market is harsh when it comes down to money. We'll see 
[Updated on: Thu, 02 June 2011 02:03] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Nameservers [message #42844 is a reply to message #42843] |
Mon, 06 June 2011 20:41 |
KitchM
Messages: 13
Registered: April 2011
|
Junior Member |
|
|
|
Instead of having to create a script, can't the user just turn off this annoying and unwanted behavior?
|
|
|
|
) 1 Vote
OpenVZ Forum
Members
Search
Help
Register
Login
Home
