Title Image

Owner’s Corner: DNS Management

How many people here have a website? ::waits for hands:: How many people think they know everything involved in the backend for how it all works? ::waits for hands::

When I started playing minecraft, it was always IP-based servers. What a PAIN. "43.23.23.123:25565" or some garbage, and if the host dies and a transfer needs to happen, how do you find out where the server moved to. It's annoying. The same problem exits for websites though...I own www.surfrock66.com and when you type that into a web browser, a lot of stuff happens behind the scenes. You could do full research on how DNS works, but here's my 10 second version: No website really exists behind a URL like www.whatever.com, it's actually an IP address which is like a phone number for the computer. Website names get associated with IP's through DNS, or Domain Name System. DNS is like a phone book for IP addresses based on the URL. There are TLD's (top level domains) like .com and .net, or international ones like .ca and .co.uk, and each TLD has its own directory scheme.

.com, for example, is maintained by Verisign as a service for ICANN. To get a domain name, you go through a registrar, which has a method for getting the name you want associated with an IP, and controls defending the ownership of the name by you. For example, www.teh3l3m3nts.com was originally registered by carian94 at NetworkSolutions, and then was transferred to me at my account at PlusPlusSolutions, which was formerly ArteryPlanet. So, I go to PlusPlusSolutions, say "I want www.SurfEatsMud.com" and they go to Verisign, see if it's available, if it is claims it for a fee to verisign, then comes back to me and said "you can have this domain name for 1 year for this much money" which is their fee to Verisign, plus a fee to them.

If you go to verisign and do some of the lookups, you can see who the registrar for the domain is. The registrar maintains a nameserver that does a bunch of backend stuff for your name; for example, maintains sub-domains, which is a service we use (see this post). This is all well and good, but this doesn't explain how when you type "www.teh3l3m3nts.com" it gets to our web server. There is a giant "phone book" out there of DNS relationships. There's many ways to configure how your machine searches for names and IP's, but this is probably the most common configuration. You type in a domain like "www.google.com" your computer will check its DNS cache; if it knows the IP already, it'll just plug it in and you go. Your computer stores a certain number of these, and as you visit more sites it pushes some out of the cache. Lets say you try to lookup a website your computer DOESN'T already have cached; it usually asks your router, which may or may not have a bigger cache. If your router doesn't know it or doesn't have a cache, it will by default ask your ISP's DNS server, and if they don't know, they ask their peers. This works for the most part, but there are problems. Let's say we have something catastrophic happen and have to move webhosts, so "www.teh3l3m3nts.com" used to point to 1.2.3.4 but now points to 5.6.7.8. If you have the old IP cached in your computer, your browser may think it knows the address when it doesn't, so it just fails even though the website is up. That's why DNS entries should have an expiration date and be refreshed. To that end, such caches and timeouts exist at the ISP level DNS's, and other DNS's (for example, OpenDNS or Google DNS, which you should use, but that's a conversation for a different day). When we move the server to my house, I'll be pointing mc.teh3l3m3nts.com from the current server IP to my home IP...but for many people this may take up to a full day to propogate through to you. This is something we are aware of and are planning for.

Nevertheless, there are a lot of pieces missing here. My registrar, PlusPlus, is also my web host. I've been using them since 2002 as my web host, and I have something like 100GB/Month of transfer and 3GB of storage, along with a ton of other services. I run my main website there (www.surfrock66.com) but also host other projects, for example, www.thingsthatlooklikeboobs.com. (I know many people have said they're willing to find a way to host the website for free or something, but as far as I'm concerned I'm gonna keep that hosting package because I have a great relationship with the owner I've been maintaining for a decade, so since this is just on that it's completely free to me) So, when you type one of those domains into your browser, DNS associates that name with my host's nameserver, which says "ok, that website points to this account, and specifically to this folder on this account" so I have multiple websites stored in different folders. That same process works for subdomains as well, if you type "www.teh3l3m3tns.com" it takes you to the main website folder, but if you type "dynmap.teh3l3m3nts.com" it knows to send you to the dynmap page.

There are 2 major types of DNS redirects at work here; ANAME and CNAME records. CNAME points a DNS entry to another DNS entry, ANAME points it to an IP. For our purposes, http://dynmap.teh3lm3nts.com is a CNAME redirect to http://www.teh3l3m3nts.com/?page_id=2598 while mc.teh3l3m3nts.com is an ANAME rediret to 204.45.108.114 which is the true IP of the server FOR NOW. When we move servers to my house, I'll change that to a CNAME redirect to surfrock66.yourhda.com which is a dynamicDNS resolver for my home IP...this is important when running a server from home; any time there's a blip in my internet it's possible for Comcast to change my IP (they keep a pool of IP's and when you connect they give you the first available free one) and my home server constantly sends a message to that URL saying "THIS IS MY CURRENT IP!"

The last part to the DNS conversation is gonna be the port-forwarding at my house. Just like DNS has to remember whose IP represents which website, in my home network my router has to be able to say which connected PC is running which service. Most routers just keep a bank of IP's (usually 192.168.*.*) and just assigns the next free one to each new device to connect...but I don't play that way. I know every device's unique ID in my house (called the MAC address) and give it a manual IP assignment. My existing home server is ALWAYS 192.168.1.22, and this new server will likely be 192.168.1.51. Lets take a service, like SSH, or command-line access to the machine. SSH defaults to using port 22, so if I have 3 machines to SSH into (i actually have about 14) how does the router know which one to connect to when I address http://surfrock66.yourhda.com:22? Simple...you change the port, and you don't even need to change the actual machine's config. Cnc did a great job setting up the push services on the existing server to 507**, so let's say I maintain that configuration and "http://surfrock66.yourhda.com:50722" is the address to SSH into the server...I can tell my router "if you get a request for port 50722, forward that request to 192.168.1.51:22 inside the network." This is usually a router configuration, though for my extremely overcomplicated setup, I have a machine performing all of those tasks so I can have much more advanced control...referring to the above tasks, I have a local DNS cache and one day knowing what my kids' computers IP's will be, I can block things like www.pornhub.com from ever resolving from their machines...if they type that into their browser it'll just direct them to a website that is a picture of my face saying NO!

So, how does this tie into the server move? Lots of ways! Here's a few:

  • The Mibbit plugin for IRC refers to the IRC server run by the actual minecraft plugin, so it's a port on that server. Since mc.teh3l3m3nts.com actually points to the IP of the server, in theory that will still work if I point mc.teh3l3m3nts.com to my home server, but I need to make sure the IRC port is properly forwarded on my router.
  • Dynmap is actually a little web server running inside the actual plugin, and then there is an iframe that acts as a window to that page from our page. I need to check the port-forwarding for that service with my router, and if it needs to be changed, update both dynmap pages.

    4 Responses to “Owner’s Corner: DNS Management”

  1. Morate Says:

    ::raises hand::

  2. Omokisei Says:

    What.

  3. IMGArY Says:

    *Raises Hand*…. If I didnt know all that stuff i’d be severely unemployed lol.

  4. Morate Says:

    No fair… I know this stuff but I’m still unemployed! >:O

Leave a Reply