Bandwidth and Statistics
IP and DNS
- Does OARnet have a standard list of ports or IPs to block?
- How do you request a port or IP be blocked?
- Why do you keep sending me Spam/Copyright/Security/Bot complaints?
- What's a forward DNS?
- What's a reverse DNS?
- Why do forward and reverse DNS need to match up? What happens if they don't?
- Can a zone file consist of more than one MX or A record?
- Is it possible for me to keep OARnet as my primary DNS and someone else as my secondary? Will OARnet be my secondary?
- Will you sub-delegate my IPs so I can handle reverse on my nameservers?
- Does OARnet provide DNSsec?
- Does OARnet provide Emergency Web Hosting?
Yes, please tell us! We will open a ticket in our tracking system so that staff is aware of your maintenance and schedule downtime in our monitoring system if you give us a specific timeframe. Otherwise, our monitoring system marks your circuits down, we call you and possibly the Telco under the assumption there is an outage.
- IntraOhio bandwidth . Network traffic that stays within the State of Ohio.
- Internet (also called Internet1). General public connection.
- Internet2. Non-profit, national network dedicated to research and education. OARnet is Ohio's access point to Internet2.
5) How do you request a port or IP be blocked?
A member school can request for a port or list of ports to be blocked by sending a request to the Service Desk at email@example.com. The request must come from a listed contact at the school. In the case of an emergency you may call the Service Desk at 1-800-627-6420; we will need to verify your authority to request changes, however.
6) Why do you keep sending me spam/copyright/security/bot complaints?
OARnet is listed as the owner and contact for IP space that we have leased to our clients. We receive many types of security complaints, which we forward to the OARnet client currently responsible for that IP.
7) What's a forward DNS?
It is mapping a domain name to an IP address. We use "A" records to set these up in a zone file. CNAMES may be added to create "shortcuts" to existing A records. You must register forward domain zones.
Example: example.edu. IN A 192.168.10.1
www.example.edu. IN CNAME example.edu
A special PTR-record type stores reverse DNS entries. The name of a PTR-record is the IP address with the segments reversed + ".in-addr.arpa." For example, the reverse DNS entry for IP 22.214.171.124 would be stored as a PTR-record for "126.96.36.199.in-addr.arpa".
Reverse DNS is different from forward DNS in who points (delegates) the zone to your DNS server. With reverse DNS, your Internet connection provider (ISP) must point the zone ("....in-addr.arpa") to your DNS server. Without this delegation from your ISP, your reverse zone will not work.
9) Do we need reverse DNS? What happens if they don't match up?
We need reverse DNS for many purposes, especially mail delivery. Most ISP's mailservers require reverse lookup of a host sending mail, for validation purposes. This reduces IP spoofing and spam emails. If the ISPs don't find the reverse DNS for the IP, then the mail will be discarded or returned.
Reverse DNS is mostly used to track website visitors, email message origination, etc. This tracking is important because some machines require authentication of IPs. Forward and reverse zones are two separate zones whose files not necessarily hosted on the same nameservers. Typically, for every A record there should be a corresponding PTR record, but this is not always the case.
10) Can a zone file consist of more than one MX or A record?
Yes. Zone files can get really large mostly due to A records that are the most popular records in a zone. MX records are names of host that act as mail exchanger for the domain. MX records cannot point to an IP but only other names.
Example: if you have a mail exchanger with mail.example.edu as the name and 192.168.10.1 as the IP, then mail.example.edu must have an A record such as:
mail.example.edu IN A 192.168.10.1
and an MX record such as:
example.edu IN MX 10 mail.example.edu.
This means that any mail destined to say firstname.lastname@example.org must send it to mail.example.com, which has an IP address of 192.168.10.1 and a priority of 10. You can have more than one MX record (more than one mailserver) with different priorities.
11) Is it possible for me to keep OARnet as my primary DNS and someone else as my secondary? Will OARnet be my secondary?
Yes. It's a good networking practice to have two different ISPs as DNS hosts. One should be the primary (which could be the client or OARnet) and the other set as the secondary (which could be OARnet, the client or some other authorized system). Two ISPs are not likely to have outages at the same time, which reduces the risk of a network failure.
13) Does OARnet provide DNSsec?
All of OARnet's nameservers support DNSsec and use it for validating queries where RRSIGs are present. However, we do not currently sign any of the zones that we are SOA for or secondary for. We will set up TSIGs to authenticate zone transfers between servers if requested.
14) Does OARnet provide Emergency Web Hosting?
Yes, OARnet will store and deploy a basic campus web presence on a remote web server. This 24/7 service is hosted on a dedicated server on the network backbone and must be set up prior the emergency. Please contact your client-services representative for details.