.int needs a .com FQDN set up. Who in the what now?
August 11, 2008 9:42 AM Subscribe
DNSfilter: Trying to help some folks install new software, which requires a FQDN to run its server component. But their domain is an .int domain (they're not sure how they ended up with that, not being an NGO) which won't work. So I'm stuck guessing how to get a folks.com FQDN set up under folks.int. Can you point me at some resources?
So:
1) how would they have ended up with a .int TLD? They're not working for the UN or anything.
2) this is new to me, and my guesses seem to be wrong or uninformed.
Server 2003, domain controller, went into DNS settings, Forward lookup zones, trying to create an Alias CNAME, not working so well.
It can't be very hard, but they kind of need it Now, so I'm stuck not knowing much DNS magic and not much time to learn.
So:
1) how would they have ended up with a .int TLD? They're not working for the UN or anything.
2) this is new to me, and my guesses seem to be wrong or uninformed.
Server 2003, domain controller, went into DNS settings, Forward lookup zones, trying to create an Alias CNAME, not working so well.
It can't be very hard, but they kind of need it Now, so I'm stuck not knowing much DNS magic and not much time to learn.
According to wikipedia, there were a few organizations grandfathered in who had an .int prior to the ultra-strictness of the current process. Apparently the YMCA has one, for example.
As for 2), the TLD shouldn't matter one bit - .com, .org, .pantaloons, as long as it resolves, you've got a FQDN. At least, that's my understanding. Maybe someone'll be along shortly to whack me on the head, but I think your problem is "making it work" and not "getting a .com FQDN."
posted by Tomorrowful at 9:56 AM on August 11, 2008
As for 2), the TLD shouldn't matter one bit - .com, .org, .pantaloons, as long as it resolves, you've got a FQDN. At least, that's my understanding. Maybe someone'll be along shortly to whack me on the head, but I think your problem is "making it work" and not "getting a .com FQDN."
posted by Tomorrowful at 9:56 AM on August 11, 2008
I'm with Tomorrowful; if the .int domain is actually registered, I don't see why it wouldn't work. bartieby, can you elaborate on what you mean by "won't work"?
There is some stupidly-written software out there that contains lists of TLDs that it likes (and some stupidly written specs, like HTTP cookies). But I'd kind of expect those to include .int along with com/org/net/mil/gov/edu.
posted by hattifattener at 10:02 AM on August 11, 2008
There is some stupidly-written software out there that contains lists of TLDs that it likes (and some stupidly written specs, like HTTP cookies). But I'd kind of expect those to include .int along with com/org/net/mil/gov/edu.
posted by hattifattener at 10:02 AM on August 11, 2008
...forgot to close out with this, but this will only handle the organization's ability to resolve .com addresses for their hosts. Mail, webservers and other applications will (may) need to be reconfigured slightly to work under a new FQDN.
posted by jquinby at 10:02 AM on August 11, 2008
posted by jquinby at 10:02 AM on August 11, 2008
It won't be "under", it'll be "instead". Do they want to stop using their .int?
(Of course, that depends on the .com domain you want actually being available, too.)
posted by mendel at 10:40 AM on August 11, 2008
(Of course, that depends on the .com domain you want actually being available, too.)
posted by mendel at 10:40 AM on August 11, 2008
Response by poster: Let me elaborate, showing off everything I don't know about DNS, etc.
Mail is folks.com, domain is folksdomain.int More info:
They want to install BelManage (sytem info & inventory db/server/client), and Belarc needs to be sent a FQDN before purchase so that they can preconfigure the Belarc clients before shipping.
As I understand it, the setup ends up with a server component and database at BelManage.folks.com, residing on/resolving to whatever server we install it on, and the various clients all report to it.
Belarc wants a .com FQDN, not our .int accourding to their documentation.
Folks have a standalone website at folks.com (hosted - not connected to internal webservers or anything) and their mail addresses are person@folks.com.
But their network domain is folksdomain.int.
"nslookup folks.com" gets me:
Server: servername.folksdomain.int
Address: 192.168.xxx.xxx
Non-authoritative answer:
Name: folks.com
Address: 198.173.xxx.xxx
So it looks like maybe it's already resolving? I've never learned my DNS lessons.
I have already tried getting assistance from the vendor, but they won't help until we've bought it, and we can't buy it until we've given them a working FQDN, lather, rinse, repeat.
posted by bartleby at 10:59 AM on August 11, 2008
Mail is folks.com, domain is folksdomain.int More info:
They want to install BelManage (sytem info & inventory db/server/client), and Belarc needs to be sent a FQDN before purchase so that they can preconfigure the Belarc clients before shipping.
As I understand it, the setup ends up with a server component and database at BelManage.folks.com, residing on/resolving to whatever server we install it on, and the various clients all report to it.
Belarc wants a .com FQDN, not our .int accourding to their documentation.
Folks have a standalone website at folks.com (hosted - not connected to internal webservers or anything) and their mail addresses are person@folks.com.
But their network domain is folksdomain.int.
"nslookup folks.com" gets me:
Server: servername.folksdomain.int
Address: 192.168.xxx.xxx
Non-authoritative answer:
Name: folks.com
Address: 198.173.xxx.xxx
So it looks like maybe it's already resolving? I've never learned my DNS lessons.
I have already tried getting assistance from the vendor, but they won't help until we've bought it, and we can't buy it until we've given them a working FQDN, lather, rinse, repeat.
posted by bartleby at 10:59 AM on August 11, 2008
The FQDN is probably something with an A record. This usually means some host part plus a domain. There are a lot of new domains in the world. Seen http://kitty.cat/ ? "foo.folksdomain.int" is a valid (according to the Internet, not necessarily according to some piece of software you're trying to use that could be poorly-programmed) domain into which to put a full-qualified name.
posted by cmiller at 11:07 AM on August 11, 2008
posted by cmiller at 11:07 AM on August 11, 2008
Best answer: The nslookup looks a bit fishy to me: servername.folksdomain.int resolves to an IP in a private address space (192.168.x.x).
Is it possible that someone configured things internally to map 192.168.x.x addresses to folksdomain.int thinking that "int" stood for internal? Can you ping folksdomain.int from anywhere else on the internet?
Can you do a whois on folksdomain.int to see if IANA actually thinks you have that domain reigstered?
On preview dang it hades, the phone rang and I missed ;)
posted by NormieP at 11:33 AM on August 11, 2008
Is it possible that someone configured things internally to map 192.168.x.x addresses to folksdomain.int thinking that "int" stood for internal? Can you ping folksdomain.int from anywhere else on the internet?
Can you do a whois on folksdomain.int to see if IANA actually thinks you have that domain reigstered?
On preview dang it hades, the phone rang and I missed ;)
posted by NormieP at 11:33 AM on August 11, 2008
Response by poster: Aha! hades's answer makes sense, that an old admin set it up to specify internal. whois folksdomain.int returns no registry, whois of folks.com returns their webhost.
So I suppose I can send the vendor "whatever.folks.com" as the FQDN.
I suppose what's left is to /create/configure "whatever" so that it resolves...to something?
This is all internal - the db/server will be hosted on some share located on servername.folksdomain.int, and the clients will be submitting their reports to whatever.folks.com. Is there something further to do to make that resolve, from whatever. to servername. ?
posted by bartleby at 11:46 AM on August 11, 2008
So I suppose I can send the vendor "whatever.folks.com" as the FQDN.
I suppose what's left is to /create/configure "whatever" so that it resolves...to something?
This is all internal - the db/server will be hosted on some share located on servername.folksdomain.int, and the clients will be submitting their reports to whatever.folks.com. Is there something further to do to make that resolve, from whatever. to servername. ?
posted by bartleby at 11:46 AM on August 11, 2008
*slaps forehead*
I can't believe I didn't even think of that! I'm too used to all the organizations i've worked in, who use int.example.com for the same thing.
posted by Tomorrowful at 11:55 AM on August 11, 2008
I can't believe I didn't even think of that! I'm too used to all the organizations i've worked in, who use int.example.com for the same thing.
posted by Tomorrowful at 11:55 AM on August 11, 2008
Best answer: A couple things:
* If (and only if) the Belarc server is only accessed internally, the simplest thing to do is to add an A rec for belarc.folks.com to your external folks.com DNS server. Point it to the internal 192.168.1.x address. This will let the clients resolve the internal server with no configuration changes on their part. Again, this WILL NOT work if the server needs to be Internet facing. Note that putting an internal IP address tells people on the outside what address scheme your internal network uses, though I don't see that as a huge problem.
* If the server needs to be accessed/reported to from the Internet, then just add belarc.folks.com to DNS with an Internet IP address, like hades suggested, opening ports as necessary. However, if the PCs are internal and the server is internal, you shouldn't pass traffic into the firewall from the Internet.
* You could create a 'folks.com' zone on your internal DNS server and add belarc.folks.com to that server. However, your internal clients will use this zone as their primary DNS server for all folks.com name resolution. If you go this route, I believe you'll need to mirror everything that's on the ACTUAL folks.com DNS server, or your internal clients won't be able to resolve things like www.folks.com. You may be able to do this with zone transfers, but I haven't tried it, and your ISP or DNS provider may not allow zone transfers. You could also do it manually if there aren't very many external folks.com hosts.
Disclaimer: I am only marginally knowledgeable in DNS.
posted by cnc at 10:06 PM on August 11, 2008
* If (and only if) the Belarc server is only accessed internally, the simplest thing to do is to add an A rec for belarc.folks.com to your external folks.com DNS server. Point it to the internal 192.168.1.x address. This will let the clients resolve the internal server with no configuration changes on their part. Again, this WILL NOT work if the server needs to be Internet facing. Note that putting an internal IP address tells people on the outside what address scheme your internal network uses, though I don't see that as a huge problem.
* If the server needs to be accessed/reported to from the Internet, then just add belarc.folks.com to DNS with an Internet IP address, like hades suggested, opening ports as necessary. However, if the PCs are internal and the server is internal, you shouldn't pass traffic into the firewall from the Internet.
* You could create a 'folks.com' zone on your internal DNS server and add belarc.folks.com to that server. However, your internal clients will use this zone as their primary DNS server for all folks.com name resolution. If you go this route, I believe you'll need to mirror everything that's on the ACTUAL folks.com DNS server, or your internal clients won't be able to resolve things like www.folks.com. You may be able to do this with zone transfers, but I haven't tried it, and your ISP or DNS provider may not allow zone transfers. You could also do it manually if there aren't very many external folks.com hosts.
Disclaimer: I am only marginally knowledgeable in DNS.
posted by cnc at 10:06 PM on August 11, 2008
This thread is closed to new comments.
1. Set up a new zone file on your DNS server containing your .com hosts
2. Do a couple of local lookups against it to make sure that everything is OK
3. Go to the .com registrar and have them change the authoritative DNS servers for folks.com to your DNS servers
My experience is almost exclusively BIND and djbdns, which is why I've kept this as general as possible - the steps will be the same for Windows DNS even if the mechanics are slightly different.
posted by jquinby at 9:55 AM on August 11, 2008