Help setting up domain name servers

18 posts / 0 new
Last post
#1 Fri, 06/29/2007 - 06:44
RickBeall

Help setting up domain name servers

Hi Joe, I know this is a little bit beyond anything like your responsibility, but I'm hoping you will help me. I just bought two $69 Virtual Min licenses, one for testing, one for real hosting.

The one I bought for real hosting at a server at layeredtech has me a bit out beyond what I know. I installed the install.sh on the centos 4.x server without problem, but I don't know how to set up the name servers such that I can point to them from Godaddy my registrar.

Maybe you can provide some advice or help? I know very little about dns and bind.

I'll continue reading ....

Thanks, Rick Beall
Fri, 06/29/2007 - 19:00
Joe
Joe's picture

Hey Rick,

Sure, any ol' name server will do, as long as the records are setup correctly. But, if you have more than couple of sites, it is worth going through the minor hassle of getting your name server recognized by GoDaddy--you only have to do it once, whereas with a free DNS service, you'll have to do it every time.

Virtualmin has DynDNS support, which can alleviate some of those problems, but we still recommend running a local nameserver if there aren't technical reasons not to (like maybe really low memory).

The only tricky thing is convincing GoDaddy of the existence of your nameserver. Once that's done, you're home free. There may even be a way to bootstrap, but I've never found it (I have a few domains at GoDaddy, and overall they're among the best registrars). I'll have a look this afternoon, and see if I can dig up the relevant docs on their site for getting things spinning in your circumstance.

--

Check out the forum guidelines!

Sun, 07/01/2007 - 05:52 (Reply to #2)
RickBeall

Hi Joe,
Joe wrote:
>>I'm not sure how you convinced Virtualmin to install without a fully qualified hostname, but localhost isn't a name you want in your NS or SOA records. (How did you manage that, by the way? Didn't install.sh ask you to set a hostname during installation?)

I was surprized when LayeredTech didn't use the domain I provided them. My ssh prompt was something like root@newinstall# . Despite the warning in the VirtualMin quick instructions, I ran install.sh anyway. install.sh asked me for my domain, and it put it in my host file. And that's about all I know.

At any rate, I made all the changes you suggested. Now my allstartest.com.hosts file looks like this:

$ttl 38400
@ IN SOA ns1.allstartest.com. root.ns1.allstartest.com. (
1183276400
10800
3600
604800
38400 )
@ IN NS ns1.allstartest.com.
allstartest.com. IN A 222.22.76.146
www.allstartest.com. IN A 222.22.76.146
ftp.allstartest.com. IN A 222.22.76.146
m.allstartest.com. IN A 222.22.76.146
mail.allstartest.com. IN A 222.22.76.146
allstartest.com. IN MX 5 mail.allstartest.com.
allstartest.com. IN TXT "v=spf1 a mx a:allstartest.com ip4:222.22.76.146 ?all"
allstartest.com. IN NS ns2.allstartest.com.
ns1.allstartest.com. IN A 222.22.76.146
ns2.allstartest.com. IN A 222.22.76.147

I changed my Godaddy account to use the new 146 & 147 values.

How does that look?

I added "@ IN NS ns2.allstartest.com" to "BIND DNS records for new domains" and created a new virtual domain and got the following:

$ttl 38400
@ IN SOA ns1.allstartest.com. root.ns1.allstartest.com. (
1183279677
10800
3600
604800
38400 )
@ IN NS ns1.allstartest.com.
jjbrothers.com. IN A 222.22.76.146
www.jjbrothers.com. IN A 222.22.76.146
ftp.jjbrothers.com. IN A 222.22.76.146
m.jjbrothers.com. IN A 222.22.76.146
mail.jjbrothers.com. IN A 222.22.76.146
jjbrothers.com. IN MX 5 mail.jjbrothers.com.
jjbrothers.com. IN TXT "v=spf1 a mx a:jjbrothers.com ip4:222.22.76.146 ?all"
@ IN NS ns2.allstartest.com

How does that look?

Thanks for all the help!

Fri, 06/29/2007 - 20:07
RickBeall

Hi Joe,
I appreciate the help. I know it's outside the bounds of normal support.

--Rick

Sat, 06/30/2007 - 00:28
RickBeall

After using the VirtualMin script, are the name servers already running on my server, but I just can't access them?

If they are not running, how would I get them running as:

ns1.mydomain.com
ns2.mydomain.com

Or point me to some good documentation.

This name server stuff is not easy to understand. ... After reading about 10 minutes my brain blanks out.

But, I'll keep trying ... to ... read.

Rick

Sat, 06/30/2007 - 05:10
RickBeall

Well,
on Godaddy, I have set my

AllStarJam.com domain to use

NS1.AllStarJam.com
NS2.AllStarJam.com

I set them so they use the next usable IP's available to me.

That was pretty easy at Godaddy.

But now I need to set up the NS1 and NS2 on my server.

Any ideas?

Rick

Sat, 06/30/2007 - 05:22
RickBeall

I'm reading Chapter 30 of Jamie Cameron's book now "DNS Server Configuration".

Rick

Sat, 06/30/2007 - 07:36
ah...lifes...good

I am no expert in DNS and BIND. It is one area I never really understood (or remember) even after reading numerous articles and HOW-TOs on it.

Rick, this is my DNS set-up. I don't know if it is really the best way, or if there is any security flaw, so I'd appreciate any feedback from Joe, Jamie or any other experienced person in this area.

1. I don't use my webhosting server as my name server.

2. I point all my domain names to
ns1.everydns.net
ns2.everydns.net
ns3.everydns.net
ns4.everydns.net

2. At EveryDNS.net, I set up these entries

mydomain.com A 123.123.123.123
www.mydomain.com A 123.123.123.132
mail.mydomain.com A 123.123.123.132
ftp.mydomain.com A 123.123.132.123
mydomain.com MX mail.mydomain.com

That's all to it to get my domain names pointed to my server, and work correctly.

Again, I must emphasise I am no expert in this area and I don't know if the above method is technically correct or safe. So any feedback is welcomed.

Sat, 06/30/2007 - 17:22
RickBeall

Hi Ah,

The external way of doing it you describe has some real benefits.

(1) It's simple.
(2) It can be set up quickly
(3) If you ever had to have your server wiped and re-loaded because of hacking, the DNS is external and would not need to be re-setup.

Man, this DNS stuff is difficult. When I read some of the FAQs my brain blanks out after 10 minutes. But I've been curious about DNS for a while now, so unless eventually stopped by time constraints I will go through the pain of learning it and put all my eggs in one basket on my server.

But thanks for the clear description of your working solution. I greatly appreciate it.

And now, back to my regularly scheduled pain ....

Rick

Sat, 06/30/2007 - 21:03 (Reply to #9)
Joe
Joe's picture

Hey Rick,

In the interest of keeping things "fair and balanced", I'll add my own comments about handling it locally:

1. With Virtualmin, it's simpler (it happens automatically...you don't have to setup records at all). And, you still have to point your registrar at your external name service provider, so you're not gaining anything going that route, except that you don't have to bootstrap a name server into existence for GoDaddy's sake.

2. It's quicker. Virtualmin does it automatically. You don't need to setup any records, as it's all done for you.

3. If you've had your server wiped due to hacking...What? Don't do that! Use strong passwords, keep it up to date, don't run unnecessary services, and you'll never get hacked! (And if you do, you're keeping good backups, right? Virtualmin makes it easy to backup all of your services including DNS.)

So, I think you're making a mountain out of a tiny problem, and giving yourself extra work. Getting GoDaddy to recognize a name server is THAT hard. Just create your first domain at your external service...once the NS records are in place at the external host, you can then point them to your new server. Then when you add them to GoDaddy, you can use the same ns records for all of your zones (I use ns0.virtualmin.com and ns1.virtualmin.com for most of ours, for example).

--

Check out the forum guidelines!

Sat, 06/30/2007 - 21:05 (Reply to #10)
Joe
Joe's picture

Oops. Obviously, I meant to say:

Getting GoDaddy to recognize a name server is NOT THAT hard.

Stupid Fireboard won't always let me edit posts...

--

Check out the forum guidelines!

Sat, 06/30/2007 - 22:12
RickBeall

Hi Joe,

This is the part I don't understand.

It's quicker. Virtualmin does it automatically. You don't need to setup any records, as it's all done for you.

I was thinking I would have to do something like this:

http://rimuhosting.com/support/bindviawebmin.jsp

Are you saying that when I set up my first virtual hosting account using virtualmin, lets pretend it is allstartest.com , that automatically virtualmin will set up my

ns1.allstartest.com
ns2.allstartest.com

At Godaddy, I had to create two imaginary name servers. I have them two IPs that were one digit different from the base IP of my new domain. I "own" all the IPs.

I suspect we have been talking apples and oranges here.

Sun, 07/01/2007 - 00:33 (Reply to #12)
Joe
Joe's picture

No, that's what you would do if you weren't running Virtualmin. Webmin is not the same as Virtualmin--Webmin is a fantastic general purpose system administration tool, wonderful in every way, and I'm glad RimuHosting is using it (Woohoo for Webmin!).

But Webmin is not designed to make virtual hosting easy...Virtualmin (both the GPL and Professional version) is. Virtualmin automatically creates a zone like the following:

$ttl 38400
@ IN SOA www.virtualmin.com. root.www.virtualmin.com. (
1119502177
10800
3600
604800
38400 )
virtualmin.com. IN A 70.86.4.238
www.virtualmin.com. IN A 70.86.4.238
ftp IN A 70.86.4.226
mail IN A 70.86.4.226
@ IN MX 5 mail
ns0.virtualmin.com. IN A 70.86.4.226
ns1.virtualmin.com. IN A 70.85.191.202
virtualmin.com. IN NS ns0
virtualmin.com. IN NS ns1
virtualmin.com. IN TXT "v=spf1 a mx a:virtualmin.com ip4:70.86.4.226 ?all"
ns2.virtualmin.com. IN A 70.86.4.227
vm2.virtualmin.com. IN A 70.86.4.226

It has your MX records, your NS records, SPF records, etc. You never need to look at the Webmin BIND module unless you're doing something fancy. If you setup something like this via an external service, you'd have to create all of those records manually.

The only thing that Virtualmin can't do, is setup your registrar to point to your new server as the authoritative server for your zone. But, this is something you have to do no matter who is hosting your DNS (unless you let GoDaddy handle it...I'm not sure if they provide name service with their registrar service).

Seriously, once you have two name servers recognized by GoDaddy (or one with two IPs), you can let Virtualmin handle everything and never thing about DNS again.

I'm pretty sure we're all talking about the same fruit. The the apples that come with Virtualmin are delicious. ;-)

--

Check out the forum guidelines!

Sun, 07/01/2007 - 01:27
RickBeall

Fancy that. It works now!

I never dreamed that I would not have to configure anything on the server! Don't tell anyone, but that's better than CPanel.

In the end I didn't have to, but I learned a lot about DNS in the last 8 hours. I had always intended to learn something about it.

I ended up with something like:
=================================================
$ttl 38400
@ IN SOA localhost.localdomain. root.localhost.localdomain. (
1183263524
10800
3600
604800
38400 )
@ IN NS localhost.localdomain.
allstartest.com. IN A 222.22.76.146
www.allstartest.com. IN A 222.22.76.146
ftp.allstartest.com. IN A 222.22.76.146
m.allstartest.com. IN A 222.22.76.146
mail.allstartest.com. IN A 222.22.76.146
allstartest.com. IN MX 5 mail.allstartest.com.
allstartest.com. IN TXT "v=spf1 a mx a:allstartest.com ip4:222.22.76.146 ?all"
=============================================================
I don't fully understand why it works. At godaddy, for name servers I have:
ns1.allstartest.com (222.22.76.147)
ns2.allstartest.com (222.22.76.148)

You would think DNS would at least get tripped up with the 147 and 148 or the ns? for which nothing refers. But it works just fine.

Rick (newly semi-DNS literate)

Sun, 07/01/2007 - 03:33 (Reply to #14)
Joe
Joe's picture

Hey Rick,

Awesome. You're coming along nicely. We'll turn you into a system administrator yet.

There are two problems that will lead to things not working when you start doing things for real, however:

Your IN SOA and IN NS are broken. I'm not sure how you convinced Virtualmin to install without a fully qualified hostname, but localhost isn't a name you want in your NS or SOA records. (How did you manage that, by the way? Didn't install.sh ask you to set a hostname during installation?)

Mail will also fail to work correctly without a proper fully qualified hostname, so we'll need to get that corrected.

In the Webmin menu, browse to Networking:Network Configuration:Hostname and DNS Client. Set your hostname (leave the "Update hostname in host addresses if changed?" option checked. A good choice is often something like "ns1.domain.tld", but you can also use "domain.tld" as the hostname--just know that there will be some overlap in the default Postfix configuration that'll lead to warnings if you're also hosting domain.tld as a Virtualmin controlled domain (because Virtualmin creates virtual table entries for "domain.tld" and postfix, by default accepts mail for $myhostname). All very tricky. ;-)

As for the ns1 and ns2...those will only work if they IP addresses actually exist on your server. And they do not have to be different from the allstartest.com address. You can point as many names as you want to one IP address. So make ns1.allstartest.com point to 222.22.76.146, and get another IP (if you don't actually have others) for the server and point ns2 to it. You can add a second NS record to the automatic BIND configuration that Virtualmin creates by modifying the Server Template(s) that you use. You'd just append:

@ IN NS ns2.allstartest.com

To the "BIND DNS records for new domains" in the BIND DNS Domain section. This is ordinarily handled automatically by the Cluster DNS Slaves configuration documented here:

http://www.virtualmin.com/documentation/id,dns_slave_auto-configuration_...

But, you don't have a second server to setup as a slave, so you'll have to fool 'em. ;-)

--

Check out the forum guidelines!

Fri, 07/06/2007 - 06:25
ColinB

I seem to have a bit of a name server problem
shouldn't the NS record be ns1.mysite.org?

I am using Virtualmin Professional
on debian 4 etch 64amd
when I try to add the nameserver to my domain register
it will not accept it unless it is xxx.mysite.org

any help appreciated

$ttl 38400
@ IN SOA mysite.org. root.mysite.org. (
1183695484
10800
3600
604800
38400 )
@ IN NS mysite.org.
newsite.com.au. IN A 88.xxx.xx.xx
www.newsite.com.au. IN A 88.xxx.xx.xx
ftp.newsite.com.au. IN A 88.xxx.xx.xx
m.newsite.com.au. IN A 88.xxx.xx.xx
mail.newsite.com.au. IN A 88.xxx.xx.xx
newsite.com.au. IN MX 5 mail.newsite.com.au.
newsite.com.au. IN TXT "v=spf1 a mx a:newsite.com.au ip4:88.xxx.xx.xx ?all"

Sat, 07/14/2007 - 17:49
LauraAmerica

Hi Joe.

Seems like you really know the business, I'd appreciate some help on this :)

I have 5 sites. All with GoDaddy and all filled at EveryDNS. I started using EveryDNS services because I wanted to use GoogleApps in my sites. It works nice but after that my sites are usually down.

At GoDaddy I've the nameservers for EveryDNS and for my hosting provider too.

At EveryDNS I have the NS records corresponding to my hosting nameservers.

Also at EveryDNS I changed the AXFR to "Allow all" (I tried first to give permission only to my hosting NS but I just keep getting "Please specify a nameserver to grant AXFR permission to" so I had to allow all). BTW, that didn't fix it.

Anyway, the thing is that my sites are down most of the time.

&quot;ah...lifes...good&quot; wrote:<div class='quote'>2. At EveryDNS.net, I set up these entries

mydomain.com A 123.123.123.123
www.mydomain.com A 123.123.123.132
mail.mydomain.com A 123.123.123.132
ftp.mydomain.com A 123.123.132.123
mydomain.com MX mail.mydomain.com</div>So, some of those records should help me, right? but what about the IP, what IPs should I use?

In the other hand, this Virtualmin seems interesting. I wouldn't care about re-creating all my CNAMEs &amp; MXs (about +50) if I'll can get my sites up, running and with GoogleApps all working fine. And obviously if it does the magic I wouldn't care about paying for the service (if it has cost) either.

Thanks in advance for any advise :)

P.S.: I wrote a couple times to the EveryDNS support but I never got an answer even when I have donated :p

Sun, 07/15/2007 - 00:02
mike

Ill tell you what I did,its not the 100% correct way, but it works perfect for me :D for the moment, because i run my own server on a shared network the server has a private IP address so in the DNS records on the Local nameserver i have it point to the private IP address (this will probably give me problems in the future as i should probably be pointing to the public address) my domain which i have hosted on dynadot i have just the records pointing to the servers public address, because there is just one server, behind a firewall i have forwarded the apropriate ports to the machine. my configuration includes 1 router with firewall enabled, 1 wireless router with firewall enabled (gives second protection for the private network), and then 1 server which runs full LAMP, with mail and DNS, I think that joe would be able to give us some better light on the topic at hand