bind on vps
Hello, I read bind howto, several tutorials, mailing lists. After two months trying to get this working without success I must bother you. I am running a Slackware in a vps server, it provides me two IPs (I can ask for more if needed). I have the domains registered at go daddy. It will be a web hosting sever. I wrote my own web client panel and my own bash scripts to automate the upload of new client's virtual domains. That's why I want to run my own dns server; I want to be able to update the registers in my own machine. I am running my name server in the same machine I run my domains. I've read a post in this mailing list where a newbie like me explains the same problem. But the last answer mention only about glue records and I think I've included them correctly(?). nslookup returns me the expected when I run from inside the vps but not when I run it from the outside. I've defined two zones. The first to my main domain, I need to run a ssl site and I prefer dedicate the first ip to it. And a template zone to the rest of virtual domains. I've opened port 53 in my firewall. Stuff - mydomain.com virtualdomain.com (more late I want to be able to add virtualdomain2.com, virtualdomain3.com, etc. pointing to the template zone). 11.22.33.44 (first ip provided for vps) 11.22.33.45 (second ip provided for vps) /etc/hosts.com --- 127.0.0.1 localhost.localdomain localhost 11.22.33.44 server1.mydomain.com /etc/resolv.conf --- search mydomain.com nameserver 127.0.0.1 nameserver 208.67.222.222 nameserver 208.67.220.220 /etc/named.conf --- options { directory /var/named; query-source address * port 53; forward first; forwarders { 208.67.222.222; 208.67.220.220; }; }; // I keep the localhost zone configuration untoched. This point to Slackware // default config files. zone . IN { type hint; file caching-example/named.root; }; zone localhost IN { type master; file caching-example/localhost.zone; allow-update { none; }; }; zone 0.0.127.in-addr.arpa IN { type master; file caching-example/named.local; allow-update { none; }; }; // Zones I added zone mydomain.com { type master; file mydomain.com.zone; }; zone virtualdomain.com { type master; file template.zone; }; zone 33.22.11.in-addr.arpa { type master; file 11.22.33; }; Main zone ; mydomain.com.zone $TTL86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2011011902 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL @ IN NS ns1.mydomain.com. @ IN NS ns2.mydomain.com. @ IN A 11.22.33.44 www IN A 11.22.33.44 ns1 IN A 11.22.33.44 ns2 IN A 11.22.33.45 Template zone - ; template.zone (second ip) $TTL86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2011011902 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL @ IN NS ns1.mydomain.com. @ IN NS ns2.mydomain.com. @ IN A 11.22.33.45 www IN A 11.22.33.45 Reverse zone ; 11.22.33 $TTL86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2011011901 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL @ IN NS ns1.mydomain.com. @ IN NS ns2.mydomain.com. 44 IN PTR mydomain.com. 44 IN PTR www.mydomain.com. 45 IN PTR virtualdomain.com. 45 IN PTR www.virtualdomain.com. 44 IN PTR ns1.mydomain.com. 45 IN PTR ns2.mydomain.com. --- end config files - In case my configuration is OK, what must I ask to my vps provider? what must
Re: bind on vps
On 02/13/11 12:52, Walter Alejandro Iglesias wrote: Hello, I read bind howto, several tutorials, mailing lists. After two months trying to get this working without success I must bother you. I am running a Slackware in a vps server, it provides me two IPs (I can ask for more if needed). I have the domains registered at go daddy. It will be a web hosting sever. I wrote my own web client panel and my own bash scripts to automate the upload of new client's virtual domains. That's why I want to run my own dns server; I want to be able to update the registers in my own machine. you do know that you should have two SERVERS for your dns? Giving two different IPs for your box will work. but is a very bad idea. Even if everything else is on that machine, for some uses (eg. mail) having no DNS data is worse than having a failed server. I am running my name server in the same machine I run my domains. I've read a post in this mailing list where a newbie like me explains the same problem. But the last answer mention only about glue records and I think I've included them correctly(?). nslookup returns me the expected when I run from inside the vps but not when I run it from the outside. That's probably because you haven't updated NS records at registrar. So your server is configured correctly. But nobody asks it for information. How to change it - most probably you have to login to the web panel for the service, where you've ordered and paid for domain (that would be godaddy I presume), and find your way there. Somewhere there should be space for providing names of your nameservers, and IP addresses of them. You'll need to do this for all your domains, but for rest of them names will be enough. I've defined two zones. The first to my main domain, I need to run a ssl site and I prefer dedicate the first ip to it. And a template zone to the rest of virtual domains. Well, if only this site is SSL-enabled, all others are only HTTP, than all can coexist on a single IP. I've opened port 53 in my firewall. for TCP, UDP or both? Stuff - mydomain.com virtualdomain.com (more late I want to be able to add virtualdomain2.com, virtualdomain3.com, etc. pointing to the template zone). 11.22.33.44 (first ip provided for vps) 11.22.33.45 (second ip provided for vps) /etc/named.conf --- [cut] // Zones I added zone mydomain.com { type master; file mydomain.com.zone; }; zone virtualdomain.com { type master; file template.zone; }; zone 33.22.11.in-addr.arpa { type master; file 11.22.33; }; This will work only if you are designated nameserver for all 11.22.33/24 block, which I think is false. Otherwise you'll have to tell the one that is (maybe your ISP, maybe even higher) to make changes. Main zone ; mydomain.com.zone $TTL 86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2011011902 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL @ IN NS ns1.mydomain.com. @ IN NS ns2.mydomain.com. @ IN A 11.22.33.44 www IN A 11.22.33.44 ns1 IN A 11.22.33.44 ns2 IN A 11.22.33.45 looks OK Template zone - ; template.zone (second ip) $TTL 86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2011011902 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL @ IN NS ns1.mydomain.com. @ IN NS ns2.mydomain.com. @ IN A 11.22.33.45 www IN A 11.22.33.45 also looks OK. Reverse zone ; 11.22.33 $TTL 86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2011011901 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL @ IN NS ns1.mydomain.com. @ IN NS ns2.mydomain.com. 44IN PTR mydomain.com. 44IN PTR www.mydomain.com. 45IN PTR virtualdomain.com. 45IN PTR
Re: bind on vps
On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote: On 02/13/11 12:52, Walter Alejandro Iglesias wrote: It will be a web hosting sever. I wrote my own web client panel and my own bash scripts to automate the upload of new client's virtual domains. That's why I want to run my own dns server; I want to be able to update the registers in my own machine. you do know that you should have two SERVERS for your dns? Giving two different IPs for your box will work. but is a very bad idea. Even if everything else is on that machine, for some uses (eg. mail) having no DNS data is worse than having a failed server. I read in forums about people that could run their own DNS server at the same server they had their sites, that's why I tried. But I know (and I understand why) that the good practice is to have two external DNS servers in different locations. Reverse zone ; 11.22.33 $TTL86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2011011901 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL @ IN NS ns1.mydomain.com. @ IN NS ns2.mydomain.com. 44 IN PTR mydomain.com. 44 IN PTR www.mydomain.com. 45 IN PTR virtualdomain.com. 45 IN PTR www.virtualdomain.com. 44 IN PTR ns1.mydomain.com. 45 IN PTR ns2.mydomain.com. First, as stated before, I doubt if anyone will ask your server for that info. Stop here, this is my obscure point: how do you get that your dns be asked? What do you need? What must I ask to my isp (my vps provider in this case) for? What do you mean by to be designated nameserver for the IPs? Second - what is the name of 11.22.33.44? Is it mydomain.com? www.mydomain.com? ns1.mydomain.com? AFAIK there can be only one PTR record. Yes, I release of my mistake. Just one domain for ip. In case my configuration is OK, what must I ask to my vps provider? Probably nothing. If you can dig/nslookup on your host from external hosts, then it looks they don't need to do anything. This is exactly what a cannot do: to dig/nslookup from external hosts. Well, my goal (tell me if it is a fantasy:)) is to be able to update automatically my registers. I ignore the features and flexibility of bind, perhaps I should change the strategy. Could you give me some clue? Can I use bind just as slave of the external name server (being it godaddy's dns or my vps provider's one)? Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Thanks for answer me! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind on vps
You may consider using your own bind as a hidden master that will then update a number of external DNS servers via notify. That way you fill in what is to be in DNS and you have all needed diversity. This does not remove the need to register all those nameservers for EACH name with the registrar that has sold the name. Probably your ISP is not involved with the forward DNS, for .com, maybe Godaddy, for .dk it would be dk-hostmaster.dk, for .sk it would be somebody else. All depending on who registered the domain in question. Reverse mapping will be your ISP, if they are willing. Most really don't accept to do it, that usually depends on the price you pay. On 13/02/11 17:16, Walter Alejandro Iglesias wrote: On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote: On 02/13/11 12:52, Walter Alejandro Iglesias wrote: It will be a web hosting sever. I wrote my own web client panel and my own bash scripts to automate the upload of new client's virtual domains. That's why I want to run my own dns server; I want to be able to update the registers in my own machine. you do know that you should have two SERVERS for your dns? Giving two different IPs for your box will work. but is a very bad idea. Even if everything else is on that machine, for some uses (eg. mail) having no DNS data is worse than having a failed server. I read in forums about people that could run their own DNS server at the same server they had their sites, that's why I tried. But I know (and I understand why) that the good practice is to have two external DNS servers in different locations. Reverse zone ; 11.22.33 $TTL86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2011011901 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL @ IN NS ns1.mydomain.com. @ IN NS ns2.mydomain.com. 44 IN PTR mydomain.com. 44 IN PTR www.mydomain.com. 45 IN PTR virtualdomain.com. 45 IN PTR www.virtualdomain.com. 44 IN PTR ns1.mydomain.com. 45 IN PTR ns2.mydomain.com. First, as stated before, I doubt if anyone will ask your server for that info. Stop here, this is my obscure point: how do you get that your dns be asked? What do you need? What must I ask to my isp (my vps provider in this case) for? What do you mean by to be designated nameserver for the IPs? Second - what is the name of 11.22.33.44? Is it mydomain.com? www.mydomain.com? ns1.mydomain.com? AFAIK there can be only one PTR record. Yes, I release of my mistake. Just one domain for ip. In case my configuration is OK, what must I ask to my vps provider? Probably nothing. If you can dig/nslookup on your host from external hosts, then it looks they don't need to do anything. This is exactly what a cannot do: to dig/nslookup from external hosts. Well, my goal (tell me if it is a fantasy:)) is to be able to update automatically my registers. I ignore the features and flexibility of bind, perhaps I should change the strategy. Could you give me some clue? Can I use bind just as slave of the external name server (being it godaddy's dns or my vps provider's one)? Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Thanks for answer me! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind on vps
On 02/13/11 17:16, Walter Alejandro Iglesias wrote: On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote: On 02/13/11 12:52, Walter Alejandro Iglesias wrote: It will be a web hosting sever. I wrote my own web client panel and my own bash scripts to automate the upload of new client's virtual domains. That's why I want to run my own dns server; I want to be able to update the registers in my own machine. you do know that you should have two SERVERS for your dns? Giving two different IPs for your box will work. but is a very bad idea. Even if everything else is on that machine, for some uses (eg. mail) having no DNS data is worse than having a failed server. I read in forums about people that could run their own DNS server at the same server they had their sites, that's why I tried. But I know (and I understand why) that the good practice is to have two external DNS servers in different locations. It's not only good practice, it's a requirement per RFC103[45]. You'll go by with two IPs for one machine, and if it's only HTTP there won't be enough difference if this machine fails. However you could also consider looking for some other DNS services. Some ISPs provide secondary for free, there might also be a free DNS service somewhere. Or you could find someone in similar situation as you and be secondary for each other. Reverse zone ; 11.22.33 $TTL86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2011011901 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL @ IN NS ns1.mydomain.com. @ IN NS ns2.mydomain.com. 44 IN PTR mydomain.com. 44 IN PTR www.mydomain.com. 45 IN PTR virtualdomain.com. 45 IN PTR www.virtualdomain.com. 44 IN PTR ns1.mydomain.com. 45 IN PTR ns2.mydomain.com. First, as stated before, I doubt if anyone will ask your server for that info. Stop here, this is my obscure point: how do you get that your dns be asked? What do you need? What must I ask to my isp (my vps provider in this case) for? What do you mean by to be designated nameserver for the IPs? Generally (not only for reverse DNS) you need one thing: delegation. That is, the parent zone (this being .com for mydomain.com and 22.11.in-addr.arpa here) needs to answer 'I don't know about mydomain.com, ask ns.mydomain.com'. And that's the part your server has nothing to say yet, as it happens before query reaches your server. Usually (that being the three places I know personally ;) the place where you register your domain has some kind of web panel where you can either setup the zone (if you use their nameservers) and/or enter the nameservers you want to handle queries. And that's the part you want to do. Now, specific about this part: first, disclaimer: I've never administrated any reverse zones. But still, probably your ISP/VPS provider would be the place to ask. Try doing dig -x 11.22.33.44, and if it returns anything, then you have reverse set up. Maybe some web panel from your ISP allows you to change that to anything else, and maybe you even need it. But if you are doing only HTTP and DNS than anything would be fine, as long as it resolves to anything, and resolves back to you (so if you do dig -x 11.22.33.44 and then dig what-you-got-from-previous you end with 11.22.33.44). IMHO you don't need to handle any in-addr.arpa zone at all, your ISP does it for you. You could change what it resolves to, via a web interface and/or email directly to them,but chances are you don't need it. Second - what is the name of 11.22.33.44? Is it mydomain.com? www.mydomain.com? ns1.mydomain.com? AFAIK there can be only one PTR record. Yes, I release of my mistake. Just one domain for ip. In case my configuration is OK, what must I ask to my vps provider? Probably nothing. If you can dig/nslookup on your host from external hosts, then it looks they don't need to do anything. This is exactly what a cannot do: to dig/nslookup from external hosts. Not exactly. You've stated that you CAN ask your server from external hosts, but only if you specify to ask it. What you want to achieve is having valid resolution without asking your specific server. And that's the delegation step. Well, my goal (tell me if it is a fantasy:)) is to be able to update automatically my registers. I ignore the features and flexibility of bind, perhaps I should change the strategy. Could you give me some clue? Can I use bind just as slave of the external name server (being it godaddy's dns or my vps provider's one)? Being a slave server won't do you any good, slave (as the name suggests) has nothing
Re: bind on vps
On Sun, Feb 13, 2011 at 10:12:34PM +0100, Torinthiel wrote: On 02/13/11 17:16, Walter Alejandro Iglesias wrote: On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote: It's not only good practice, it's a requirement per RFC103[45]. You'll go by with two IPs for one machine, and if it's only HTTP there won't be enough difference if this machine fails. However you could also consider looking for some other DNS services. Some ISPs provide secondary for free, there might also be a free DNS service somewhere. Or you could find someone in similar situation as you and be secondary for each other. I did it with zoneedit. Now I have it running. Stop here, this is my obscure point: how do you get that your dns be asked? What do you need? What must I ask to my isp (my vps provider in this case) for? What do you mean by to be designated nameserver for the IPs? Generally (not only for reverse DNS) you need one thing: delegation. That is, the parent zone (this being .com for mydomain.com and 22.11.in-addr.arpa here) needs to answer 'I don't know about mydomain.com, ask ns.mydomain.com'. And that's the part your server has nothing to say yet, as it happens before query reaches your server. Usually (that being the three places I know personally ;) the place where you register your domain has some kind of web panel where you can either setup the zone (if you use their nameservers) and/or enter the nameservers you want to handle queries. And that's the part you want to do. This is I've explained I did at godaddy. At godaddy you have two forms at each domain, one to set the ns servers for the domain and other called Host Summary where you associate ns to the ip. If this is what I think it is for :), then it should publish your ns1 and ns2 (at least this I've read in some forum): Now, specific about this part: first, disclaimer: I've never administrated any reverse zones. But still, probably your ISP/VPS provider would be the place to ask. Try doing dig -x 11.22.33.44 , and if it returns anything, then you have reverse set up. Maybe some web panel from your ISP allows you to change that to anything else, and maybe you even need it. But if you are doing only HTTP and DNS than anything would be fine, as long as it resolves to anything, and resolves back to you (so if you do dig -x 11.22.33.44 and then dig what-you-got-from-previous you end with 11.22.33.44). IMHO you don't need to handle any in-addr.arpa zone at all, your ISP does it for you. You could change what it resolves to, via a web interface and/or email directly to them,but chances are you don't need it. I've told you in my first message, dig [-x], nslookup just works from inside the vps (because I set localhost at resolv.conf). Second - what is the name of 11.22.33.44? Is it mydomain.com? www.mydomain.com? ns1.mydomain.com? AFAIK there can be only one PTR record. Yes, I release of my mistake. Just one domain for ip. In case my configuration is OK, what must I ask to my vps provider? Probably nothing. If you can dig/nslookup on your host from external hosts, then it looks they don't need to do anything. This is exactly what a cannot do: to dig/nslookup from external hosts. Not exactly. You've stated that you CAN ask your server from external hosts, I which way? Where did I state this? but only if you specify to ask it. What you want to achieve is having valid resolution without asking your specific server. And that's the delegation step. The only way I could access to my server is using the ip address. Sorry if I did not explained myself correctly. Well, my goal (tell me if it is a fantasy:)) is to be able to update automatically my registers. I ignore the features and flexibility of bind, perhaps I should change the strategy. Could you give me some clue? Can I use bind just as slave of the external name server (being it godaddy's dns or my vps provider's one)? Being a slave server won't do you any good, slave (as the name suggests) has nothing to say about contents of the zone. The main problem here is that you want to update delegations, which don't depend on your server. I don't think a fully automated setup is possible, at least if your registry doesn't provide some non-webpage interface to alter delegations. There would be at least one non-automated step: buying the domain and telling (it should be possible in the process) that it should be handled by your servers. It's a once per zone operation, but has to be done. Rest (adding zone for your bind, changing the IP it resolves to) could be automated. I will not resell domain names. I will setup a KISS web server :). But anyway, I will go with zoneedit that it is the good practice. The question pending is how to setup a dns server from scratch. If further on I have more clients I will rent a small vps and I will see how to get it working. Well, Torinthiel, I am grateful
Re: bind on vps
2011/2/13 Walter Alejandro Iglesias e...@roquesor.com: Hello, I read bind howto, several tutorials, mailing lists. After two months trying to get this working without success I must bother you. I am running a Slackware in a vps server, it provides me two IPs (I can ask for more if needed). I have the domains registered at go daddy. It will be a web hosting sever. I wrote my own web client panel and my own bash scripts to automate the upload of new client's virtual domains. That's why I want to run my own dns server; I want to be able to update the registers in my own machine. I am running my name server in the same machine I run my domains. I've read a post in this mailing list where a newbie like me explains the same problem. But the last answer mention only about glue records and I think I've included them correctly(?). nslookup returns me the expected when I run from inside the vps but not when I run it from the outside. I have been also running the named on my VPS, with two IPs too. The site is under developing, after done will also provide the smartdns hosting to my customers,:) -- Free SmartDNS Hosting: http://DNSbed.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users