Linode as an Alternate DNS Root

@autodmc:

I'm prototyping a system for encrypted communication over the internet (you know, another one of those), and I wanted to create an Alternate Root DNS system for this. Because you can't communicate over the network with regular internet programs (it's all encrypted), I'm not worried about colliding with the "real" internet. Also, the devices, etc, that would be using this system would not expect to resolve to the real internet, so I'm not worried about colliding with ICANN.

Is this just as simple as running a few DNS servers with my own data in it, then asking those deviced to resolve with those servers instead of using ICANN's roots?

May I ask why you think you need your own "Alternate Root DNS system" for what you are trying to do, if you don't know how DNS is working?

I'm sorry if it sounds rude the way I asked it (write it up to my less than perfect control of the english language); basically I'm just interested in why you think your solution needs it, so that I/we might provide you with a hopefully better solution.

To answer your question though, yes, you can do it that way and yes it would work on a Linode.

If you really want something that looks like an Alternate Root DNS system then I would suggest that you do it like the chinese are doing basically the same thing; they're just using their .cn-domain as usual, but the computers on the inside can access a different kind of .com-domains simply because those are "translated" to a .com.cn-domain… You'd basically get the good stuff from not using the "normal" DNS-system, while at the same time actually use it without colliding with anything/one…

As I thought about it more, I don't really need DNS per se.

Here's the scheme:

TV Set Top Boxes and other embedded devices need to connect to a group of specialized servers.

I wanted some way that I could assign all devices something like:

uniquename.device.cv

And servers such a name as:

uniquename.root.cv (Network Root Servers)

uniquename.seeds.cv (File distribution)

… etc

Then devices can change IPs and the root servers can change IPs (but not the root server) and seeds can change their IPs… while allowing a lightweight way to find the IPs they point to.

In other words… DNS.

The reason I don't mind stepping off the DNS boat in this case was, like I said, the data being passed over the internet doesn't need to be seeked out with browsers, etc. If your software can't figure out the right name servers, then it doesn't need to talk to anything on my network.

But then I got thinking, if I'm stepping off the standards bus anyway, why don't I just use some other kind of directory system?

Maybe I'll just run a database system that can be looked up for IP addresses.

Just thinking. And in a muddle because I'm being a bit cagy about details untill I get something to work :D

Well, you want control, uniqueness, simplicity, scalability and, of course, reliability…

Since you're already "connected" in the sense that we're talking about the Internet you don't really benefit from staying away from using "normal" DNS. I'd say that you should just use subdomains to a domainname owned by you, and then, if you feel the need, mask that by hiding yourdomain.tld from the settings that the user's got access to.

This way you'll have a much easier to handle and more robust solution, which can using existing DNS-servers to cache replies.

Forgive me, I seem to be perpetually on the edge of understanding stuff.

OK. My domain name is autodmclabs.com (nothing there yet). It points to my Linode.

To run DNS on my linode off my domain name, so I could resolve names such as:

uniquename.customer.autodmclabs.com

I would have to run a nameserver like BIND that would resolve all the stuff after "autodmclabs.com", right?

@autodmc:

Forgive me, I seem to be perpetually on the edge of understanding stuff.

Pick the right/wrong subject and we're all either on the edge, or far away from it… :)

@autodmc:

OK. My domain name is autodmclabs.com (nothing there yet). It points to my Linode.

To run DNS on my linode off my domain name, so I could resolve names such as:

uniquename.customer.autodmclabs.com

I would have to run a nameserver like BIND that would resolve all the stuff after "autodmclabs.com", right?

Yes, basically that's it; but to make it easier to work with you might as well handle your whole domain there; so instead of using 1&1s DNS-servers you'd use your own.

Baiscally, there's nothing to stop you from hosting your own unregistered domains, or your own TLDs on your nameserver. It just simply won't be "visible" to anyone not directly resolving off of your DNS server.

If you do want it visible to the ouside world, then using a subdomain is the best way to go about it (like your uniquename.customer.autodmclabs.com example).

Either way, you're going to be running a nameserver on your linode. :)

I'd stay away from BIND. Personally, I use DJBDNS and it works really well.

@SirPallas:

I'd stay away from BIND. Personally, I use DJBDNS and it works really well.

BINDs not as bad as many seem to think, it's quite nice when you get used to it (I do of course have lots to complain about, but I've got lots to complain about about all software not written by me :D); and there's lots of webUIs for it, making BIND very easy to handle for people not used to nameservers.

As almost always I recommend Webmin.

@NecroBones:

Baiscally, there's nothing to stop you from hosting your own unregistered domains, or your own TLDs on your nameserver. It just simply won't be "visible" to anyone not directly resolving off of your DNS server.

Yeah, but then you lose some/all of the simplicity, scalability and reliability… Local servers being able to cache some of the data will make a reboot of the server invisible to more users than without it; and it'll be less load than if you yourself have to add some caching just to handle situations like a reboot/networkproblems etc.