In the Aug. 18 issue of Radio World Engineering Extra, I discussed Network Address Translation, in which your router looks at the port numbers on incoming packets and “steers” them toward different IP addresses on your network. We also set up a simple VNC (Virtual Network Computing) server so that you could access your PC from home.
This time, we’re going to start laying the groundwork for other, higher-traffic, publicly exposed servers with useful domain names such as “www.wxyz.com” and “mail.mybroadcasting.com.”
For now, the type of server doesn’t matter; this information will apply regardless of what you’re trying to make available over the Internet.
In this article, we take care of the preliminaries: We’ll obtain a static IP address and high-speed service from a local Internet service provider, and register a domain name for that IP address with the Domain Name System (DNS).
STEP ONE: THE INTERNET SERVICE PROVIDER (ISP)
To save time, energy, headaches and wasted effort, I strongly recommend that you use a good, small local ISP for both the static IP address and the domain name registration.
When you call, tell them you want them to act as the “authority” for that DNS record and that you will also need the reverse DNS set up for your domain name. If they can’t handle all of that, find someone else. Even if you have to pay a bit more, it’s worth it.
For example, we use HiWAAY Information Services here in Birmingham. They’re a local, Alabama-based ISP that will both lease the static IPs that we need and set up all of the DNS stuff for us. In fact, we’re on a first-name basis with Derrick, Ches and William at the local office, and their help has been invaluable over the years. Ask your local geek community for recommendations. If you can find your own local “hiwaay,” half your headaches are solved before you get started.
Here’s a tip: “www.mydomain.com” and “mydomain.com” actually are two separate domain names (or to be technically correct, the first one is a subdomain of “mydomain.com”). When you register your domain name, be sure to register all common variants that might be used to get to your server. For a Web server, the bare minimum might be “www.mydomain.com” and “mydomain.com.” We will discuss adding other domains in a later article.
WHAT’S REVERSE DNS?
You already know how DNS works: When you enter “somesite.com” in your Web browser, a DNS server is queried and the IP address for “somesite.com” is returned. What most people don’t know is that it’s possible to go the other way; you can look up the domain name from the IP address. This is a reverse DNS lookup (or “rDNS,” if you’re a geek).
You’ve probably already seen this at work. If you’ve ever gone to a website that guessed your location and targeted local advertising to you, reverse DNS is probably how they figured out where you were.
As the Internet continues to fill with spammers and scammers, rDNS is one of many tools that are used by filtering software. A great deal of spam comes from computers that have been infected by viruses or other malware, which has turned them into so-called “spambots.” This usually occurs without the owner even realizing that his/her computer has been compromised. But using rDNS is a valid technique against this.
For example, the IP address on the incoming mail message on one of these spambots will almost certainly not match “mail.mycheapviagra.com” with a reverse DNS lookup!
Reverse DNS creates more work for those of us who want to set up a legitimate mail or Web server, however. It’s critically important for a mail server, but rDNS also is used now to check for obvious scam websites. You may find that you’ll need the reverse DNS to work for an e-commerce site (i.e., if you’re selling anything).
Fig. 1: DNS and rDNS lookup for the author’s mail server
Just to provide an example, Fig. 1 shows a “host” lookup on our company’s mail server, followed by a reverse DNS on the returned IP address. (Windows doesn’t have a “host” command, but you can get similar results online; try dnsstuff.com, for example.)
The bottom line is that you want the reverse DNS for your static IP to map correctly, especially for a mail server (speaking from personal experience) and possibly for other types of servers in the future.
STEP TWO: GET THE PROVISIONING INFORMATION
Once you sign the contract for the high-speed Internet service and the static IP address, your ISP should send you what’s called a “provisioning sheet.” This will have your assigned IP address, the netmask, their DNS servers’ IP addresses and other pertinent information.
Make sure your ISP understands what you’re trying to do (another reason for choosing a small, helpful local provider; you will be talking to technicians instead of people who are simply reading from a script). You don’t want the modem to do any routing or NAT; you will be directly connecting to the Internet.
The numbers on the provisioning sheet will look a little different from the usual “192.168.x.x” values used with a local network, but they’ll work the same way. Here’s the key: You can imagine that the DSL (or other) modem is simply providing a long-distance link into your ISP’s network. It’s the same as if you were to take a very long Cat-5 cable and literally plug your PC into a network switch at your ISP’s office.
Assuming you’ve entered the information from the provisioning sheet correctly, you can test it with your Web browser. If you can hit Google on that PC, you’re online and ready to go.
STEP THREE: WHAT ABOUT MULTIPLE STATIC IPs?
Some ISPs will no longer lease a single static IP; instead, you’ll be given a small block of addresses — for example, from 18.104.22.168 to 22.214.171.124. If that’s the case and you’re only setting up a single server, simply use the first IP address and tell the ISP to assign your domain name to that one. The others will be available for future expansion.
You can again imagine that you’re using a very long Cat-5 between your offices and the ISP’s location, but now, you’ll need a small network switch to “break out” (or “split,” if you prefer) those additional IP addresses. This is shown in Fig. 2.
Fig. 2: Using a network switch to break out multiple static IPs In the future, you could expand and add other servers by simply using the other available IP addresses. For example, you could plug a second PC into that small network switch, using the second available IP address from the provisioning sheet. A third PC could be added with the third available IP address, and so on.
What’s really neat about being on the Internet is that … well, you’re on the Internet! Now, instead of just exposing your computers to the other PCs on your office network, the whole world can see them.
At this point, we’ll finish up with the usual (and painfully obvious) caveats about security: Don’t ever, ever do this with a machine that doesn’t have an active firewall. If you expose an unprotected PC directly to the Internet, it could be attacked and compromised within a matter of minutes.
For now, go ahead and order that static IP address and high-speed service. Set up a PC on that connection (enable the firewall!) and test everything. Even though we introduced NAT last time, you really don’t want to use NAT on your office network for a high-traffic, public-exposed server; spend the money for separate, independent service. You’ll be glad you did.
Next time, I’ll show you how to use that new connection and static IP to set up a SSH server. Your clients can use that to directly upload audio files to your station. This is one of those things that you’ll wish you’d had years ago, once you try it.
Stephen M. Poole, CBRE-AMD, CBNT, is market chief engineer at Crawford Broadcasting in Birmingham, Ala.