I've had several people ask me what is involved in running my own domain, instead of just using the mailboxes and web server space provided by your ISP. They also ask what the advantages are. So I created this page to help answer some of these questions.
There are several benefits to having your own domain, including:
This document assumes that you want to run your own Web server and/or mail server. You can have a third-party provide these services for you (which you will have to do if you only have dial-up Internet access) but you gain much more flexibility if you can run these servers yourself. Of course, to do this, you will need a permanent “always on” Internet connection, such as cable or DSL. A “static IP address” is very useful, but not essential.
The first (and hardest) part is to determine the domain name you want. Many of the obvious ones have already been taken by other people. Try to think of something that is easy to remember. The .com, .net and .org top-level domains (TLDs) are open to everybody, whereas many of the country-specific TLDs (eg .uk, .de etc) have geographical restrictions upon them. Some TLDs are cheaper than others, so if you're not obsessed with having your own “dot com” you may want to look into this.
You will use a “domain registrar” company to actually create your domain. Since the registry process was opened to competition there are now many, many registrars competing for your money. A comprehensive list can be found on the Internic's web site. Some of the registrars provide useful domain searching tools on their web sites which can help you find a domain that isn't already taken. If it helps, I chose to use directNIC to register my domain. The basic cost for the .com that I have is $15/year.
The Internet's Domain Name System is the means by which hostnames (such as www.noegruts.com) get resolved to IP addresses, which the network itself actually uses to get the data from one point to another. Without DNS you would have to access everything by IP address, like this: http://216.239.51.101/ (which is one of the IP addresses for http://www.google.com/. So without DNS, having your own domain is pretty useless.
You have a choice when it comes to DNS - you can either run your own DNS servers or you can have somebody else provide DNS services for you. Since you probably only want basic web server and mail facilities, having somebody else run the DNS servers is probably the best idea. One of the reasons I chose directNIC for my domain is that they also provide simple DNS services for a very reasonable $5/year. Unless you are very technically-oriented (in which case, why are you reading this?) it is probably best to find a registrar that will also provide DNS services for your domain.
Since you'll be running a Web server and/or a mail server, other machines on the Internet need to be able to find your servers. If you have a static IP address (ie one that is assigned specifically to you by your ISP and it never changes) then you will be able to simply enter this into your DNS server and not worry about it. For instance, if your IP address is 1.2.3.4 and you want to run a web server at the address “www.example.com” then you would simply create a DNS “A” (address) record named “www” and associate it with 1.2.3.4. Then whenever somebody enters www.example.com into their browser the DNS system will resolve this hostname to your IP address and they will be routed to your web server.
If you have a dynamic IP address (ie one that changes from time to time) then things are a little more complicated. The problem is that you need to be able to have hostnames within your domain always resolve to your current IP address, even when your address has recently changed. Because the information in the DNS system is cached (ie remembered) by DNS servers throughout the world, this is not always possible and there may be times when your IP address has changed but people on the other side of the world still find hostnames in your domain resolving to your old address. This is why it is preferable to have your ISP assign you a static IP address, although some ISPs either don't offer this or charge a large premium for it.
So if you are stuck with a dynamic IP address, what can you do? Well, fortunately there are many companies that have sprung up to service this exact need. The basic mode of operation is that you run a small piece of software on your computer which monitors your IP address every few minutes and automatically updates the DNS system whenever your IP address changes. Note that this isn't foolproof, because of the cacheing issues I referred to above, but for simple home use it is probably good enough.
One such company providing these services is http://www.no-ip.com/, who are generous enough to provide their basic service free of charge. They even provide the automatic updating software for free. For their free service, you can choose a hostname within one of their domains and have that hostname resolve to the IP address of your computer. You can use this in conjunction with your domain to have hostnames within your domain automatically resolve to your latest IP address. I know that sounds complicated, but really is fairly simple. Here is how it works:
The idea is to avoid entering any IP address information in your domain's DNS, since your DNS provider probably doesn't provide any kind of dynamic update facility. Just create aliases for any hostnames that you want and have them all resolve to the hostname within the no-ip.com domain. That way the software will automatically keep everything in sync.
Summary: www.noegruts.com -> resolves to -> noegruts.no-ip.com -> resolves to -> my latest IP address.
Again, using a dynamic IP address for your domain is really a bit of a hack. It works, most of the time, but you should not rely on it to be 100% reliable, because of the problems mentioned above. If you cannot tolerate having your domain inaccessible at all, then you should not be using a dynamic IP address.
Once you have your DNS configured and working, it is a good idea to use the tools at http://www.dnsreport.com/ to run a check on your configuration. This useful site runs a variety of tests on your DNS configuration as it appears to the outside world and can help you find lots of problems easily.
If you want to run your own Web server to host information, photos etc, the first thing you need to do is to find out if this is in violation of your ISP's acceptable use policy (AUP). Some ISPs do not allow their customers to run a Web server and if this is the case you can either change ISPs or have your ISP or a third party host your web site.
I recommend hosting your web site on a physically different computer from your main machine. This makes it much easier to secure the machine against hackers and means that you stand to lose less if the machine does get broken into.
You will need some kind of Web server software to actually serve the pages of your Web site to the world. There are many different packages available and many operating systems (such as Windows NT/2000/XP and most Unix variants) come with one provided. Exactly how you use the software depends on which package you use, but you will generally just need to tell it where your web pages and graphics are located on your computer. Have the software automatically start when the computer boots so that you don't need to remember to run it. The software that I am currently using is Microsoft IIS, which is included in many varieties of Windows.
You will need to create an entry in your DNS servers named “www” if you want your Web site to be named www.mydomain.com. You don't have to name it www, but this is the convention that most stick to and is what most people expect.
One of the more annoying things you will find when you start running your own web server is that the log files will get cluttered up by lots of requests from various machines infected with Internet worms, such as Nimda and Code Red II etc. There is a simple way to defeat these requests and prevent them from being logged, however. I wrote a separate page on this topic: Basic IIS Worm Protection.
The main reason I wanted a domain of my own is so that I had control over exactly what spam filtering is applied to incoming mail. When I was receiving one or two spams a week it wasn't much of a problem, but inevitably that figure grew to more than 10/day and showed no signs of slowing down.
If you want to receive mail at your domain you will need to have a mail server. You can either buy service on somebody else's mail server (your registrar probably offers this) or run your own server. Remember that if you run your own mail server you will need to leave the machine running and connected to the Internet twenty-four hours a day, seven days a week. You also need to check that your ISP allows you to run a mail server - many do not, for a variety of reasons, and some even block incoming connections on the TCP port that mail uses.
If you choose to run your own mail server you absolutely must make sure that you configure it so that it does not allow external users to send mail through it. This is known as “relaying” and is one of the most popular ways for spammers to hide their true identity. If you allow your mail server to relay for others I can guarantee that a spammer will find your mail server and you will find your computer used for a “spam run” in short order. When my mail server went live the first attempt to relay mail through it occurred withing 24 hours. Even if you are sure you have configured your mail server correctly it is easy to be mistaken, so use an online tool to double-check that your mail server responds in the way you expect. I recommend the relay tester at http://www.abuse.net/relay.html.
I searched for a while to find a decent mail server program that fit the following criteria:
Eventually I found Mercury Mail, which supported all of my requirements exactly. Configuring Mercury Mail is as easy as installing it and telling it which domain I wanted it to receive mail for (ie noegruts.com). I really wanted my mail server to run as an NT service so that it starts automatically when the machine boots and so that I can more easily limit what files and directories the mail server process has access to. Unfortunately, Mercury runs as a normal GUI application. However, Nick Rozanski’s excellent SRVSTART.EXE utility allows me to run Mercury as a service just fine. As long as I am careful to stop the service before I run the Mercury GUI for maintenance tasks (eg adding new mailboxes) and then start the service again when I exit the GUI, it all works pretty well.
You will need to add an “MX record” to your DNS servers so that remote mail servers can find your server when people want to send you mail. You can call it anything you like, but typically mail servers have names like “mail” and “smtp” etc. Since I have a dynamic IP address, I have my mail server (mail.noegruts.com) resolve to noegruts.no-ip.com instead of directly to my current IP address. That way when my IP address changes the DNS record at no-ip.com is updated automatically and I don't have to edit the MX record at directNIC. Note that this isn't strictly legal (it violates section 10.3 of RFC2181), but it doesn't seem to cause me any trouble and the convenience of not having to update DNS manually makes it worthwhile.
I don't send mail through my mail server, I use it only for receiving mail. The reason for this is that many mail servers around the world are configured to automatically reject mail from “end user” IP addresses such as the one that is assigned to me. This is because many spammers send their mail in this fashion, thus bypassing any filters their ISP might have set-up on their mail server. Since there is no disadvantage to sending my mail through my ISP's mail server, that is what I do.
I often want to check my mail remotely while I am away. One of my old ISPs provided a “web mail” facility where I could read & send mail via a simple web-based program. This is a very useful approach because it doesn't rely on any special software at the remote end - just an ordinary web browser. This allows me to check mail from an Internet cafe, for example.
It turns out there are a lot of free web mail type programs available on the Internet. The one I ended up using is called “SquirrelMail”, which can be found here. It does require a bit of fiddling to get it running properly, but the end result is well worth it.
One of the techniques used by mail server administrators around the world to reduce the amount of incoming spam is DNS-based blacklists. These work purely by rejecting incoming mail based upon the IP address from which it is being sent. For instance, since many spammers send their spam through insecure open relays (in an attempt to disguise their true origin) there are many based blacklists containing the IP addresses of these open relay machines. These blacklists are updated dynamically when new open relays are found or when an existing open relay is finally secured. If you decide that you never want to receive any mail from such machines you can then use such a blacklist to reject incoming mail from any machine on the blacklist at that time.
There are many, many blacklists available on the Internet, with a wide variety of listing criteria. Some list insecure machines (such as the open relay example above) while others list “rogue” ISPs that provide service to known spammers. For a comprehensive list of available blacklists, check out this web site.
It is up to you to determine which, if any, blacklists you want to use. Please make sure that you are familiar with the listing criteria of a particular blacklist before using it. It is probably a good idea to use the “tag subject line” feature of your mail server (if it has one) before actually using a particular blacklist to reject mail completely. That way you can use the blacklist experimentally for a few weeks to see if it is tagging legitimate mail as spam.
You are running a firewall of some kind, right? If not, stop reading this now and go and buy one. There are enough morons and spammers (and moron spammers) out there on the Internet just looking for open machines to abuse that eventually they will find yours and if you are not using some kind of firewall it is likely that your machine will be abused in some way. I use a Linksys BEFSR41 four-port switch/router/firewall device, which these days is available for less than $50.
By default, my Linksys device rejects all incoming connnection attempts. Since I run a web server and mail server behind the firewall they would obviously be inaccessible to the outside world unless I told the firewall about them. The way to do this is via the “Port Forwarding” feature of the Linksys device. The basic idea is to separate out incoming connections by port. So I tell the firewall that incoming connections on ports 25 and 80 (ie mail and web traffic) should be routed to my web & mail server, which I have given the IP address 198.162.1.102. Other connection attempts should be rejected. A screenshot of my port forwarding configuration page can be found here.
Running your own domain can very useful if you want more control over your mail and web configuration. It allows me to run much more aggressive spam filters than my ISP would dare to use and lets me determine which pages on my web site are popular. I'm sure that it isn't for everyone, since it does require a certain amount of technical knowledge to set-up and maintain. However, I hope that this guide proves useful.
I welcome feedback on this page. If there are any technical inaccuracies or omissions, I'd like to hear about them. In addition, if you have any questions about running your own domain that aren't already covered on this page, please contact me at webmaster [at] noegruts [dot] com.
© 1999-2006. Please read these notes before copying from or linking to this site.
