Skip to main content
Sign in Menu

Accessing an On-Prem Venio OnDemand installation from the global internet

Nathanael Ries
  • Updated

DNS

Using a third-party DNS provider is highly recommended for most users, especially if you do not have extensive experience in setting up and managing DNS servers. It can save you from dealing with the complexity of setting up and maintaining your own DNS servers, and it can also provide better performance, reliability, and security.

Here are some well-known third-party DNS hosting providers:

  1. Amazon Route 53: This is a scalable and highly available Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to internet applications.

  2. Azure DNS: Microsoft Azure offers a DNS hosting service that is integrated with other Azure services, ensuring a seamless and convenient experience for businesses operating within the Azure ecosystem. It provides high availability and reliability due to Azure's vast global network of name servers. The service also features security measures like Azure Role-Based Access Control (RBAC) and Azure Active Directory for authentication and authorization. (Example: https://veniosystems.zendesk.com/hc/en-us/articles/16889617194899)

  3. Google Cloud DNS: Google's DNS service is reliable, resilient and globally distributed. It is a cost-effective way to make your applications and services available to your users.

  4. Cloudflare: Cloudflare provides a robust DNS service, with a focus on security and performance. They also provide DDoS protection and a global CDN.

  5. Dyn (Oracle): Dyn is a pioneer in DNS services, known for its resilience against DDoS attacks and its speed.

  6. GoDaddy DNS: In addition to domain registration services, GoDaddy also offers DNS hosting.

  7. DNS Made Easy: This service focuses on providing fast and simple DNS services.

When selecting a DNS hosting provider, consider factors like price, ease of use, additional features like DDoS protection or CDN services, and the geographic distribution of their DNS servers. It's also beneficial if the provider has good support services, in case you need help setting up or troubleshooting your DNS records.

DNS, or the Domain Name System, is a system that translates human-readable domain names (like https://venio.acme.net/) into the numerical IP addresses that computers use to communicate with each other.

"A" records are a fundamental part of how DNS works. The "A" stands for "address". An A record maps a domain name to the IP address (IPv4) of the computer hosting the domain.

Here's a simplified explanation of how it works:

  1. You enter a URL in your browser: When you type a URL (like https://venio.acme.net/) into your web browser, your computer doesn't know where https://venio.acme.net/ is located. So it needs to find out.

  2. Your computer asks a DNS server for the IP address associated with the domain: Your computer sends a query to a DNS server, asking for the IP address associated with https://venio.acme.net/.

  3. The DNS server looks up the A record for the domain: The DNS server has a database of many different records, including A records. It finds the A record for https://venio.acme.net/, which tells it what IP address is associated with that domain.

  4. The DNS server responds with the IP address: The DNS server sends a response back to your computer, saying "https://venio.acme.net/ is located at this IP address".

  5. Your computer connects to the IP address: Now that your computer knows the IP address for https://venio.acme.net/, it can connect to that address and fetch the webpage you were trying to access.

This process happens in a fraction of a second, and it's how you're able to surf the web using easy-to-remember domain names instead of having to know the IP address of every website you want to visit.

Note that while A records are used for IPv4 addresses (which look like 192.0.2.1), there are also AAAA records that perform the same function for IPv6 addresses (which look like 2001:0db8:85a3:0000:0000:8a2e:0370:7334).

DNS operates as a distributed database with a hierarchical structure. This means that no single DNS server has all of the DNS records of all the domains on the internet. Instead, this information is distributed across many different servers around the world.

How does an outward-facing DNS server update other globally accessible DNS servers with the A record?

When a DNS server receives a query for a domain that it does not have the record for, it will pass the query to other DNS servers that might have that information. This process is called DNS resolution and involves several types of servers:

  1. Recursive DNS servers: These are usually the DNS servers provided by your Internet Service Provider (ISP) or a third-party DNS provider like Google (8.8.8.8). When you enter a URL in your web browser, the query first goes to a recursive DNS server. If this server has recently answered the same query (it has the answer cached), it will return the A record from its cache. If not, it will start a series of queries to find out.

  2. Root DNS servers: The recursive DNS server will ask one of the root DNS servers for the Top Level Domain (TLD) DNS server (for example, .com or .org). The root server responds with the IP address of the TLD DNS server.

  3. TLD DNS servers: The recursive DNS server then asks the TLD DNS server for the domain’s DNS server (also known as authoritative DNS server). The TLD DNS server responds with the IP address of the domain's DNS server.

  4. Authoritative DNS servers: Finally, the recursive DNS server asks the authoritative DNS server for the A record for the domain. The authoritative DNS server responds with the IP address associated with the domain.

Once the recursive server has the A record, it will cache it for a period of time determined by the record's Time To Live (TTL) value. The TTL is a value in a DNS record that determines how long the record should be kept in a server's cache. This is how DNS servers "tell" other servers about the A record.

This hierarchical structure is what allows DNS to scale to the size of the entire internet, with billions of domain names and IP addresses, without every server having to know every domain name and IP address. It also provides a level of fault tolerance, as there are many DNS servers at each level of the hierarchy, so if one server goes down, there are others that can provide the needed information.

SSL/TLS

It is highly recommended to use TLS\SSL security certificates when setting up VOD to be out-ward facing to the global internet. Please refer to the following article:

https://support.veniosystems.com/hc/en-us/articles/16779304209043-SSL-Certificates

How do I redirect a request to https://venio.acme.net/ from the global internet to an IIS server that does not have a static IP?

Redirecting a request from a domain to an IIS server without a static IP can be achieved with the help of dynamic DNS services. Dynamic DNS (DDNS) services automatically update the DNS record of your domain when the IP address of your server changes.

Here are the general steps to set this up:

  1. Choose a Dynamic DNS Service: There are numerous Dynamic DNS services available, such as No-IP, DynDNS, and Duck DNS. Some offer free tiers, while others are paid.

  2. Create an Account and Choose a Domain: After choosing a service, you will need to create an account and select a domain. Some services allow you to use your own domain name.

  3. Setup the DDNS Update Client: Install the DDNS service's update client on your IIS server. This software will automatically update your DDNS domain with the server's current IP address whenever it changes.

  4. Configure DNS: If you're not using your own domain with the DDNS service, you will need to set up a CNAME record in your DNS settings that points from your domain (https://venio.acme.net/) to the DDNS domain. This ensures that when someone accesses https://venio.acme.net/, they are directed to the DDNS domain, which then directs them to the current IP address of your IIS server.

  5. Setup HTTPS Redirection in IIS: Since you want to use HTTPS, you need to install an SSL certificate for your domain in IIS and set up an HTTPS binding.

  6. Set up Port Forwarding: If your IIS server is behind a router, you will need to set up port forwarding on the router. This ensures that when someone accesses your domain, the traffic is correctly forwarded to the IIS server. Typically, you will need to forward port 443 for HTTPS traffic.

  7. Update Your Firewall Settings: Ensure your firewall allows incoming connections on the ports you are using (typically 80 for HTTP and 443 for HTTPS).

Keep in mind that while this setup allows you to use an IIS server with a dynamic IP, it is not typically recommended for a production environment due to potential issues with reliability and performance. If possible, it's generally better to use a static IP for servers that are being accessed from the internet.

I have a website at www.acme.com, how do I redirect requests to another server with a static IP to www.acme.com/venio and/or venio.acme.com? Which is the better method?

Redirecting requests to a different server based on a path (www.acme.com/venio) or a subdomain (venio.acme.com) is generally achieved by setting up a reverse proxy. The reverse proxy accepts a request from a client, forwards it to a server that can fulfill it, and then returns the server's response to the client.

To redirect requests, you can use solutions like Nginx, Apache with mod_proxy, or IIS with Application Request Routing (ARR) and URL Rewrite.

As for which method is better, it largely depends on your specific requirements. Here are some factors to consider:

Subdomain (venio.acme.com):

  • Better isolation: Subdomains are treated as entirely separate entities from the main domain. This can be advantageous for separating different parts of a website, possibly for different teams or types of content.
  • Easier SSL management: Since the subdomain is considered a separate entity, it can have its own SSL certificate.
  • DNS-based load balancing: If the "venio" application needs to be highly available and distributed across multiple servers, you can use DNS-based load balancing.

Subdirectory (www.acme.com/venio):

  • Simplified domain management: Everything is under one domain, which can make management simpler.
  • Better for SEO: Search engines generally treat subdirectories as part of the same entity, so they're likely to inherit the reputation and the link equity of the parent domain.

Here's how you would typically set up the redirection:

For subdomain (venio.acme.com):

  1. Add a DNS A record for the subdomain (venio.acme.com) pointing to the static IP address of the other server.

For subdirectory (www.acme.com/venio):

  1. Set up a reverse proxy that intercepts requests for www.acme.com/venio and forwards them to the other server. How you do this depends on the server software you're using.

Remember, whenever you're exposing internal resources to the internet, security is a major concern. Ensure your servers are secure, keep them patched, and use HTTPS to encrypt web traffic.

 
 
 

Related articles

Comments

0 comments

Please sign in to leave a comment.