Domain Name System
The Jacksonville Linux Users Group Inc. operates and relies up its own Domain Name System(DNS) servers with one located on each coast of the United States, East in Atlanta, Georgia and West in Fremont, California. Each server runs Gentoo Linux and have been in continuous operations in various locations and hardware since coming online in 2000. Originally, running Cobalt Networks Linux (discontinued), then RedHat, pre-RHEL, and finally, transitioning to Gentoo around the time of the birth of Fedora, circa 2003. The DNS servers configuration and settings have been migrated and updated since 2000.
These servers are in the process of domain name transition, with no estimated time of completion.
BIND
The JaxLUG runs BIND for DNS software, originating as an acronym, Berkeley Internet Name Domain, from a technical paper published in 1984; making it the first and oldest software for domain name service. BIND is open-source software under the Mozilla Public License that is developed by Internet Systems Consortium, Inc. and for more information please visit BIND's official or Wikipedia pages.
BIND is a suite of software and not just the domain name server called named, it includes software
such as dig and nslookup commands, that are used to query a domain name
server, among other utilities. For more information about BIND please visit it's
Wikipedia Page.
BIND DNS server software, daemon named, is what is responsible for translating a domain,
jaxlug.ngo into its underlying Internet Protocol (IP) address, for either or both IPv4 and/or IPv6,
which is how computers communicate. Just like a human typing in a phone number, if you could just say
the name when placing a phone call. We of course provide both IPv4 A and IPv6 AAAA domain name service
from our two domain name servers, and IPv4 and IPv6 address for other types such as mail server MX.
Split Service
BIND comes with advanced features such as ability to serve up different IP addresses based on the originating IP address, which is typically used for Geo-location, to send requests to the nearest server based on your geographical location. However, we use this in another manner, to separate private and public network communication.
That is, we serve up different IP address for domain name queries from Private IP address than we do from Public IP address, and yes, this includes the IPv6 Unique Local Address (ULA) which we rely upon heavily. BIND has many more features, some of which we use, some of which we still need to employ.
Sender Policy Framework
Sender Policy Framework (SPF) is an email authentication method that verifies whether a mail server is authorized to send emails on behalf of a domain, helping to prevent email spoofing and phishing attacks. It works by using DNS records to specify which servers are allowed to send email for that domain. In layman's terms, these records ensure email sent claiming to be from a domain name, is actually from that domain name. SPF is the earliest and simplest form, for more information please visit the SPF Wikipedia page.
For any domain handled by our DNS servers, we by default, employ SPF, which specifies via a DNS record what IP address and domain names are allowed to serve mail using that records domain. This is done in DNS SPF and TXT records. This is the most simplest form of spam prevention, to ensure that only valid servers are processing email for a domain via DNS records.
Domain-based Message Authentication, Reporting and Conformance
Domain-based Message Authentication, Reporting, and Conformance (DMARC), is an email authentication protocol that helps protect email domains from unauthorized use, such as spoofing and phishing attacks. It allows domain owners to specify how receiving email servers should handle messages that fail authentication checks. For more information please visit the DMARC Wikipedia page.
For any domain handled by our DNS servers, we by default, should employ DMARC, but we presently do not. This has been on a permanent TODO list. If you are familiar with DMARC records, or would like to learn, and add DMARC records to domain names served by our DNS servers, then please reach out! Otherwise, we will add such records as time permits.
DomainKeys Identified Mail
DomainKeys Identified Mail (DKIM) is an email authentication method that uses digital signatures to verify that an email was sent by the domain it claims to be from and that it hasn't been altered in transit. It helps protect against email spoofing and improves email deliverability. For more information please visit the DKIM Wikipedia page.
For any domain handled by our DNS servers, we by default, should employ DKIM, but we presently do not. This has been on a permanent TODO list. If you are familiar with DKIM records, or would like to learn, and add DKIM records to domain names served by our DNS servers, then please reach out! Otherwise, we will add such records as time permits.