Tags:






.int needs a .com FQDN set up. Who in the what now?
August 11, 2008 9:42 AM   RSS feed for this thread Subscribe

DNSfilter: Trying to help some folks install new software, which requires a FQDN to run its server component. But their domain is an .int domain (they're not sure how they ended up with that, not being an NGO) which won't work. So I'm stuck guessing how to get a folks.com FQDN set up under folks.int. Can you point me at some resources?

So:
1) how would they have ended up with a .int TLD? They're not working for the UN or anything.

2) this is new to me, and my guesses seem to be wrong or uninformed.
Server 2003, domain controller, went into DNS settings, Forward lookup zones, trying to create an Alias CNAME, not working so well.

It can't be very hard, but they kind of need it Now, so I'm stuck not knowing much DNS magic and not much time to learn.
posted by bartleby to computers & internet (13 comments total) 2 users marked this as a favorite
Do they have 'folks.com' registered? If so:

1. Set up a new zone file on your DNS server containing your .com hosts
2. Do a couple of local lookups against it to make sure that everything is OK
3. Go to the .com registrar and have them change the authoritative DNS servers for folks.com to your DNS servers

My experience is almost exclusively BIND and djbdns, which is why I've kept this as general as possible - the steps will be the same for Windows DNS even if the mechanics are slightly different.
posted by jquinby at 9:55 AM on August 11, 2008


According to wikipedia, there were a few organizations grandfathered in who had an .int prior to the ultra-strictness of the current process. Apparently the YMCA has one, for example.

As for 2), the TLD shouldn't matter one bit - .com, .org, .pantaloons, as long as it resolves, you've got a FQDN. At least, that's my understanding. Maybe someone'll be along shortly to whack me on the head, but I think your problem is "making it work" and not "getting a .com FQDN."
posted by Tomorrowful at 9:56 AM on August 11, 2008


I'm with Tomorrowful; if the .int domain is actually registered, I don't see why it wouldn't work. bartieby, can you elaborate on what you mean by "won't work"?

There is some stupidly-written software out there that contains lists of TLDs that it likes (and some stupidly written specs, like HTTP cookies). But I'd kind of expect those to include .int along with com/org/net/mil/gov/edu.
posted by hattifattener at 10:02 AM on August 11, 2008


...forgot to close out with this, but this will only handle the organization's ability to resolve .com addresses for their hosts. Mail, webservers and other applications will (may) need to be reconfigured slightly to work under a new FQDN.
posted by jquinby at 10:02 AM on August 11, 2008


It won't be "under", it'll be "instead". Do they want to stop using their .int?

(Of course, that depends on the .com domain you want actually being available, too.)
posted by mendel at 10:40 AM on August 11, 2008


Let me elaborate, showing off everything I don't know about DNS, etc.
Mail is folks.com, domain is folksdomain.int More info:

They want to install BelManage (sytem info & inventory db/server/client), and Belarc needs to be sent a FQDN before purchase so that they can preconfigure the Belarc clients before shipping.
As I understand it, the setup ends up with a server component and database at BelManage.folks.com, residing on/resolving to whatever server we install it on, and the various clients all report to it.
Belarc wants a .com FQDN, not our .int accourding to their documentation.

Folks have a standalone website at folks.com (hosted - not connected to internal webservers or anything) and their mail addresses are person@folks.com.
But their network domain is folksdomain.int.

"nslookup folks.com" gets me:
Server: servername.folksdomain.int
Address: 192.168.xxx.xxx

Non-authoritative answer:
Name: folks.com
Address: 198.173.xxx.xxx

So it looks like maybe it's already resolving? I've never learned my DNS lessons.

I have already tried getting assistance from the vendor, but they won't help until we've bought it, and we can't buy it until we've given them a working FQDN, lather, rinse, repeat.
posted by bartleby at 10:59 AM on August 11, 2008


The FQDN is probably something with an A record. This usually means some host part plus a domain. There are a lot of new domains in the world. Seen http://kitty.cat/ ? "foo.folksdomain.int" is a valid (according to the Internet, not necessarily according to some piece of software you're trying to use that could be poorly-programmed) domain into which to put a full-qualified name.
posted by cmiller at 11:07 AM on August 11, 2008


I bet the .int is some previous admin's clever idea for specifying 'internal', not a true .int registration. Try doing a whois lookup on folksdomain.int to confirm. If that's the case, then the .int is pretty much out of the picture as far as anything external to your intranet is concerned.
posted by hades at 11:21 AM on August 11, 2008 [1 favorite has favorites]


The nslookup looks a bit fishy to me: servername.folksdomain.int resolves to an IP in a private address space (192.168.x.x).

Is it possible that someone configured things internally to map 192.168.x.x addresses to folksdomain.int thinking that "int" stood for internal? Can you ping folksdomain.int from anywhere else on the internet?

Can you do a whois on folksdomain.int to see if IANA actually thinks you have that domain reigstered?

On preview dang it hades, the phone rang and I missed ;)
posted by NormieP at 11:33 AM on August 11, 2008


Aha! hades's answer makes sense, that an old admin set it up to specify internal. whois folksdomain.int returns no registry, whois of folks.com returns their webhost.

So I suppose I can send the vendor "whatever.folks.com" as the FQDN.

I suppose what's left is to /create/configure "whatever" so that it resolves...to something?
This is all internal - the db/server will be hosted on some share located on servername.folksdomain.int, and the clients will be submitting their reports to whatever.folks.com. Is there something further to do to make that resolve, from whatever. to servername. ?
posted by bartleby at 11:46 AM on August 11, 2008


*slaps forehead*

I can't believe I didn't even think of that! I'm too used to all the organizations i've worked in, who use int.example.com for the same thing.
posted by Tomorrowful at 11:55 AM on August 11, 2008


If 'whatever' and 'servername' are just two different names for the same machine, then all you should need to do is give whatever.folks.com (in dns) an IP address that the outside world can use (so, not in 192.168.x.x) and configure your public-facing firewall to pass traffic for that IP and service in to 'servername'. If you want to be tricky, you could have your dns server return the internal IP of 'servername' for internal requests only, although I don't know how to do that under Windows.

At this point, I think it becomes a question of how your network is set up.
posted by hades at 1:28 PM on August 11, 2008


A couple things:
* If (and only if) the Belarc server is only accessed internally, the simplest thing to do is to add an A rec for belarc.folks.com to your external folks.com DNS server. Point it to the internal 192.168.1.x address. This will let the clients resolve the internal server with no configuration changes on their part. Again, this WILL NOT work if the server needs to be Internet facing. Note that putting an internal IP address tells people on the outside what address scheme your internal network uses, though I don't see that as a huge problem.
* If the server needs to be accessed/reported to from the Internet, then just add belarc.folks.com to DNS with an Internet IP address, like hades suggested, opening ports as necessary. However, if the PCs are internal and the server is internal, you shouldn't pass traffic into the firewall from the Internet.
* You could create a 'folks.com' zone on your internal DNS server and add belarc.folks.com to that server. However, your internal clients will use this zone as their primary DNS server for all folks.com name resolution. If you go this route, I believe you'll need to mirror everything that's on the ACTUAL folks.com DNS server, or your internal clients won't be able to resolve things like www.folks.com. You may be able to do this with zone transfers, but I haven't tried it, and your ISP or DNS provider may not allow zone transfers. You could also do it manually if there aren't very many external folks.com hosts.

Disclaimer: I am only marginally knowledgeable in DNS.
posted by cnc at 10:06 PM on August 11, 2008


« Older Bitten by the olympic bug, I a...   |   Please help me with writing PH... Newer »
This thread is closed to new comments.