my new .COM domain on a .EDU block of IPs - WILL I GET BUSTED?

[Tanner]

FIRST
I'm not even selling anything! I don't have anything to sell, and I'd never try it. HOWEVER, in the interest of LEARNING, I want to host my own .com on my own puters here inside the Univ.

So, obviously I'll have a univ. IP from their block of .edu ips that they got

Internic XpressLookup from a CharterCable modem (of the IP of another machine inside here that has the Univ. IP



Internic ExpressLookup on murraystate.edu <---not that I would EVER set anything up from here!

anyone know if the proverbial "Left Hand" will know what the "Right Hand" is doing if I reg my domain w/ this .EDU IP?
Left Hand = Internic/NetworkSolutions/KY Education CAbinet giving out the .EDU IPS
Right Hand = DNS servers in the SKY (the 13 that are the root servers)

I'm just kinda wonderin' if the root DNS servers are set to NOT allow .COMs or anything for that matter to be registered to an IP from a .EDU block... anyone know?

I'm not sure that I wanna go balls to the wall and try this sorta stuff out for fear of LOSIN my AWESOME internet Connection if nothing else! heheheh

 

[N11]

I guess the question would be do any university networks serve non .edu TLDs? I'd be surprised if the answer was no.

My gut reaction to your question would be no, it doesn't make much of a difference if the block of IP addresses are registered to the University. They are just IP addresses. The root dns servers tell requestors who and where the dns servers are for the given domain being queried, so I don't think any filtering is going on at that level.

This is just what seems logical to me. I very well could be wrong.

 

[n0cmonkey]

The only people that may care would be your school.

 

[Tanner]

<< The only people that may care would be your school. >>



EXACTLY what I thought...
I know their DNS servers...does that even matter? If I could like "go around them" or something?

I also know the DNS that is above them... they're ALSO .EDU servers.

HOWEVER, right above them are these DNS servers:

SPRINTLINK.NET DNS SERVERS
NS1-AUTH.SPRINTLINK.NET 206.228.179.10
NS2-AUTH.SPRINTLINK.NET 144.228.254.10
NS3-AUTH.SPRINTLINK.NET 144.228.255.10

so...I'm wonderin' this:

1.) should I put up my own DNS server? I have an extra P1XX that could probably handle that, right? w/ linux???
2.) should I just stick those sprintlink DNS servers in there for my nameservers @ Godaddy.com? I have to give 'em something

THANK you guys for aLL YOUR HELP! YOU GUYS ROCK!

 

[N11]

Are you wanting to run this server IP or name based?


If named base you need an active nameserver with a zone file for your domain. So that when a query is made on your domain.com, the request is directed to the nameservers you specified with the registrar, and then that nameserver tells the client request where to go.

I'd setup bind on a linux system and go register the nameserver's host name/ip address with your registrar. Ideally you'd want to do this with 2 ip addresses. So that you can register two nameservers (even if it is on the same machine). This way you will then be able to specify your nameservers under your domain without issue.


If this is for a game server or something less serious I would stay away from name based solutions. Particularly when you only have 1 IP to work with.

 

[Tanner]

this is unrelated to my PM to you N11...thax though.

I just want to have my domain hosted here in the apt. I'm afraid that I will get into some sort of trouble. I'm trying to find a work around. I can get an external IP and put that on my DNS server...but I don't think that I'm capable of getting more than 2, and my wife has the other!


so I sorta only have one to werk with..

I dunno...

 

[ScottMac]

Well, right off the bat, I'll tell ya i'm guessing here. BUT based on other experiances, I'd say you'd be in violation of school network policy and subject to revocation of your network "rights" (of which you have none, since it's a private network).

Next, there could be a problem with the DNS services, since the root and subsequent upper-tier DNS servers are probably associating the address BLOCK to the domain name (whoeveritwas.edu). Chances are the higher-level DNS systems won't (properly) associate your domain to that address, since the SUMMARIZED address block is forwarded through "The Internet" via BGP, which allows / demands very specific routing instructions.

Finally, assuming that the school disallows your request to plunk a disassociated subdomain in the middle of their addresses (also likely to be 10. , 172. or 192.168. and not externally accessable unless they associate an external NAT address to your machine), if you try to "get around" their security measures, you're likely to be looking for another school. Security violations are pretty serious on networks of that scale.

Finally (part two), Unless you are extremely clever (again, I'm guessing: You're not), chances are that you are not going to be trying something that hasn't been tried before, probably many, many times (and they know what you're likely to try, and are looking for so it can be logged and used against you when they throw you out).

If you're so hot to set up a domain, plop down some cash and buy some bandwidth of your own. That way you don't have to put up with all those unreasonable network admin types that are bound-and-determined to spoil your fun.

Good Luck

Scott

 

[Tanner]

Scott

Thanks man! that post had me laughing my HEAD off!
I especially like, and agree with, (how could I not as my posts indicated...very serious lack of intelligence in this area)

<< Unless you are extremely clever (again, I'm guessing: You're not), >>

LOL AGAIN just as I pasted that! bawhahahahaha!

Thanks for the VERY informative info man! I REALLY appreciate that! However, this leads me to more questions... I'm really intent on @ least figuring out how much it would cost...and then of course, after I find out that it's incredibly outrageous, not spend it. But, humor me:

Can I buy/rent ONE IP address?
Can I ask ISPs to give me THAT IP address since I "bought" it?
I'm certain that this is not possible behind a .EDU private...but what about when I'm outta here

Just wonderin'!

Thanks again Scott for your VERY VERY helpful and informative post!

 

[N11]

Scott joined the party and this conversation just became stimulating.

From what I understand, NWU as an example allows their students to serve .com/.net/.org TLDs from the network.

How this is dealt with on the upper tier level when and if associations are made to entire blocks and the routing is entirely restrictive, I have no idea.

 

[n0cmonkey]

3-95.com

 

[ScottMac]

Well, like I said, I'm just guessing.

While working the Networld + Interop show, there were discussions from the university networking types about people that figure they're clever enough to get around the security / violate the networking regulations and get caught (of course, if the student is truely good at it, they didn't / don't get caught).

The assumptions about routing a subset of a summarized address block through the Internet is based on my admitted less-than-expert knowledge of BGP. I don't understand how a specific Autonomous System ID, which is associated with a specific address block (both propagated more-or-less throughout the Internet) can have a very small subset of random addresses (i.e., not a CIDR block) being routed to to an independant domain (i.e., not a subdomain). Everything I've heard says that one of two things should happen: Either the new domain name is ignored, and the addresses are routed normally acording to the rules defined for that AS, or, the traffic destined to the new domain get tossed because it violates or otherwise fails to meet the criteria associated with the original AS and assigned address block(s).

The assumption I made regarding the cleverness of the original poster was based on the probability that if he WERE smart enough to do what he wanted to do, he wouldn't be asking how to do it on a public forum. I'm not saying he's stupid, I'm not saying he's a bad person....what I was implying was that if he knew what he was doing, he wouldn't be taking opinions on the feasability of his proposed actions from a bunch of strangers.

To me, it'd be kinda like asking some guy on the street if he thought that if I was to take THIS gun into THAT bank and ask for money with a note written on the back of a deposit slip, do you s'pose they'd think I'm trying to rob that bank, and d'ya s'pose I'd get in trouble for it ? ...

Usually I wait for n0cmonkey handle this kind of question, he's working in a similar environment, and pretty much knows whether the guy's gonna be "robbing the bank" or not. But hey! I had some time to kill, made a few assumptions, and rendered what I felt was reasonable information based on the original poster's question.

From my exposure to folks who run large to very large networks, I know they tend to get pretty itchy at the thought of someone messing with their system. They're the ones that'll be up for days trying to resolve the problems caused intentionally or unintentionally by other folks who figure they need to "work around" the things that are getting in the way of doing something they want to do, even though it's against policy.

That's my take on it. If he does it or not, I don't care. It doesn't affect me in the slightest. He asked a question and I offered my view / opinion. If it causes him to act or not, again, I don't care, it doesn't affect me....not even a little.

FWIW

Scott

 

[n0cmonkey]

<< The assumption I made regarding the cleverness of the original poster was based on the probability that if he WERE smart enough to do what he wanted to do, he wouldn't be asking how to do it on a public forum. I'm not saying he's stupid, I'm not saying he's a bad person....what I was implying was that if he knew what he was doing, he wouldn't be taking opinions on the feasability of his proposed actions from a bunch of strangers. >>



Tanner seemed to take that comment in stride so I dont think its a big deal. Ignorance is not necessarily a bad thing, especially when you are trying to learn.



<< To me, it'd be kinda like asking some guy on the street if he thought that if I was to take THIS gun into THAT bank and ask for money with a note written on the back of a deposit slip, do you s'pose they'd think I'm trying to rob that bank, and d'ya s'pose I'd get in trouble for it ? ...

Usually I wait for n0cmonkey handle this kind of question, he's working in a similar environment, and pretty much knows whether the guy's gonna be "robbing the bank" or not. But hey! I had some time to kill, made a few assumptions, and rendered what I felt was reasonable information based on the original poster's question. >>



I didnt feel like yelling about how this could go against policy so my statement was quick

You provided much more information than I would have been able to, so Im glad I subscribed to the thread. Its an interresting topic, but it would be tough to test in an environment that would keep risk at a minimum, and I would be lost if I could even find a place to start researching it.

This is almost the perfect situation for 3-95.com. They are fairly quick, very cheap, and seem to be a decent host. I think even a poor college student could afford $3.95USD/month. And no, I dont work for them, Ive just been impressed with a site they are hosting

 

[Tanner]

well...I guess Scott's last post was just some sort of philosophical ramblings...or was that acutally about some sort of computer stuff?

hehehehehe

U guys really scare me! I think that if our NetAdmin here is like maybe 1/2 as smart as youall I DEFINATELY will NOT be trying this



Thanks for all the advice and continued education on this topic though! I have to read LOTS to fill in between these (intelligence) holes!

 

[Drakkhen]

Geez, you guys sure are getting a little overboard here. All he wants to do is register a domain and have it point back to his one machine. I know tons of people that are doing this without any problem, in various enviro's.

Tanner, when you register your domain, it isn't necessarily tied to any IP. Go ahead and register your domain. Go to zoneedit.com and put in all of the necessary information there. They will now be your DNS provider after it takes effect.

So, now whenever someone looks up whateveryourdomainis.com they will be provided with your IP. This is hardly something that would mess anything up on their network. The only thing that wouldn't work would be reverse lookups. Anyone needing to do a reverse lookup on your IP, would get a response that it was part of .edu network you were on, not your domain, but that isn't too big of a deal.

Let me know if you need any help setting this up.

 

[Tanner]

Drakkhen

Thanks for the advice. I'm not really sure that I'm going to try this anymore, as Scott, N11, and n0cmonkey have shed some light on a few of the concerns that I had regarding the subject @ hand. However, for the benefit of youall here, and whoever else wants to know...I'm wonderin' if there is a way that we can test this w/o getting myself into trouble and my wife kicked outta skewl

 

[Drakkhen]

Well, there really isn't anything that can get you into trouble. All you want to do is do have any identifier for your IP address (a DNS name). All that does is assign a name to a number. This is providing a service, this isn't using up any additional bandwidth, etc.

Now, the only thing that might come into play is the fact that the University might have a problem with you providing services (WWW, FTP, NNTP, etc.).

For that, you will need to check their acceptable use policy.

If you want to try it out, just go to dyndns.org and get a free listing, and then point it to your IP address. As simple as can be.

 

[chiwawa626]

I know a few people who serve cs servers, ftps, and .com domains from their university connection...im sure they wont mind as long as u dont use mad bandwidth and you dont really make a profit off them, (like reselling their services ..like hosting)

 

[Damaged]

WOW! Get a whole bunch of people who are really smart, but don't get DNS, but attempt to answer questions about DNS, and this makes for a funny thread!

 

[n0cmonkey]

<< WOW! Get a whole bunch of people who are really smart, but don't get DNS, but attempt to answer questions about DNS, and this makes for a funny thread! >>



Thanks for the explanation.

 

[n0cmonkey]

dns lookup for www.anandtech.com should go something like:

Machine checks local cache (if it has one) and if it is not there it queries its dns server
If that dns server does not have the ip in cache and it is not autoritative or whatever for that domain it queries a root server
That root server points the dns server to another dns server (.coms maybe?)
That server should point to the dns server that handles the anandtech.com domain
That dns server will provide the ip address for www.anandtech.com

So I guess it shouldnt matter where you host your site. Please correct me if Im wrong, and give decent answers. This is from memory, but unlike last night Im not *REALLY* tired and I am 100% sober.

 

[Tanner]

Using Network-Tools.com I've found the outside DNS servers that this skewl uses. I think that the request goes like this: (very similar to your explanation n0cmonkey)

dns1.murraystate.edu or
dns2.murraystate.edu

HERMES.LOUISVILLE.EDU or
PAN.LOUISVILLE.EDU

NS1-AUTH.SPRINTLINK.NET
NS2-AUTH.SPRINTLINK.NET
NS3-AUTH.SPRINTLINK.NET

and the lookup for the above three returned this:



<< DNS Records for ns1-auth.sprintlink.net
query from dns.consumer.net to get an authoritative nameserver
No nameserver record found >>



What do you think? I'm wonderin' if they didn't return the upper level DNS b/c its one of the root DNS servers....whatcha think?

 

[Skaven]

Interesting post! I also noticed that:

n0cmonkey has 9600 posts

and

Tanner has 1111 posts

Facinating...

As for messing with school networks. Don't do it! I almost had to learn my lesson the hard way! LOL