subject:"bind on vps"

bind on vps

2011-02-13 Thread Walter Alejandro Iglesias

Hello,

I read bind howto, several tutorials, mailing lists.  After
two months trying to get this working without success I must
bother you.

I am running a Slackware in a vps server, it provides me two
IPs (I can ask for more if needed).

I have the domains registered at go daddy.

It will be a web hosting sever.  I wrote my own web client
panel and my own bash scripts to automate the upload of new
client's virtual domains.  That's why I want to run my own dns
server; I want to be able to update the registers in my own
machine.

I am running my name server in the same machine I run my
domains.  I've read a post in this mailing list where a newbie
like me explains the same problem.  But the last answer
mention only about glue records and I think I've included
them correctly(?).  nslookup returns me the expected when I
run from inside the vps but not when I run it from the
outside.  

I've defined two zones.  The first to my main domain, I need
to run a ssl site and I prefer dedicate the first ip to it.
And a template zone to the rest of virtual domains.

I've opened port 53 in my firewall.


Stuff
-

mydomain.com
virtualdomain.com   (more late I want to be able to add
virtualdomain2.com, virtualdomain3.com, etc.
pointing to the template zone).

11.22.33.44 (first ip provided for vps)
11.22.33.45 (second ip provided for vps)


/etc/hosts.com
---
127.0.0.1   localhost.localdomain   localhost
11.22.33.44 server1.mydomain.com


/etc/resolv.conf
---
search  mydomain.com
nameserver  127.0.0.1
nameserver  208.67.222.222
nameserver  208.67.220.220


/etc/named.conf
---
options {
directory /var/named;
query-source address * port 53;
forward first;
forwarders {
208.67.222.222; 
208.67.220.220; 
};
};

// I keep the localhost zone configuration untoched.   This point to Slackware
// default config files.
zone . IN {
type hint;
file caching-example/named.root;
};

zone localhost IN {
type master;
file caching-example/localhost.zone;
allow-update { none; };
};

zone 0.0.127.in-addr.arpa IN {
type master;
file caching-example/named.local;
allow-update { none; };
};

// Zones I added 
zone mydomain.com {
type master;
file mydomain.com.zone;
};
zone virtualdomain.com {
type master;
file template.zone;
};
zone 33.22.11.in-addr.arpa {
type master;
file 11.22.33;
};


Main zone

; mydomain.com.zone
$TTL86400
@   IN  SOA ns1.mydomain.com.   root.mydomain.com. (
2011011902  ; Serial
8H  ; Refresh
2H  ; Retry
4W  ; Expire
1D) ; Minimum TTL
@   IN  NS  ns1.mydomain.com.
@   IN  NS  ns2.mydomain.com.
@   IN  A   11.22.33.44
www IN  A   11.22.33.44
ns1 IN  A   11.22.33.44
ns2 IN  A   11.22.33.45


Template zone
-
; template.zone (second ip)
$TTL86400
@   IN  SOA ns1.mydomain.com.   root.mydomain.com. (
2011011902  ; Serial
8H  ; Refresh
2H  ; Retry
4W  ; Expire
1D) ; Minimum TTL
@   IN  NS  ns1.mydomain.com.
@   IN  NS  ns2.mydomain.com.
@   IN  A   11.22.33.45
www IN  A   11.22.33.45


Reverse zone

; 11.22.33
$TTL86400
@   IN  SOA ns1.mydomain.com.   root.mydomain.com. (
2011011901  ; Serial
8H  ; Refresh
2H  ; Retry
4W  ; Expire
1D) ; Minimum TTL
@   IN  NS  ns1.mydomain.com.
@   IN  NS  ns2.mydomain.com.
44  IN  PTR mydomain.com.
44  IN  PTR www.mydomain.com.
45  IN  PTR virtualdomain.com.
45  IN  PTR www.virtualdomain.com.
44  IN  PTR ns1.mydomain.com.
45  IN  PTR ns2.mydomain.com.

--- end config files -

In case my configuration is OK,
what must I ask to my vps provider?
what must

Re: bind on vps

2011-02-13 Thread Torinthiel

On 02/13/11 12:52, Walter Alejandro Iglesias wrote:
 Hello,
 
 I read bind howto, several tutorials, mailing lists.  After
 two months trying to get this working without success I must
 bother you.
 
 I am running a Slackware in a vps server, it provides me two
 IPs (I can ask for more if needed).
 
 I have the domains registered at go daddy.
 
 It will be a web hosting sever.  I wrote my own web client
 panel and my own bash scripts to automate the upload of new
 client's virtual domains.  That's why I want to run my own dns
 server; I want to be able to update the registers in my own
 machine.

you do know that you should have two SERVERS for your dns?
Giving two different IPs for your box will work. but is a very bad idea.
Even if everything else is on that machine, for some uses (eg. mail)
having no DNS data is worse than having a failed server.

 
 I am running my name server in the same machine I run my
 domains.  I've read a post in this mailing list where a newbie
 like me explains the same problem.  But the last answer
 mention only about glue records and I think I've included
 them correctly(?).  nslookup returns me the expected when I
 run from inside the vps but not when I run it from the
 outside.  

That's probably because you haven't updated NS records at registrar. So
your server is configured correctly. But nobody asks it for information.
How to change it - most probably you have to login to the web panel for
the service, where you've ordered and paid for domain (that would be
godaddy I presume), and find your way there. Somewhere there should be
space for providing names of your nameservers, and IP addresses of them.
You'll need to do this for all your domains, but for rest of them names
will be enough.

 I've defined two zones.  The first to my main domain, I need
 to run a ssl site and I prefer dedicate the first ip to it.
 And a template zone to the rest of virtual domains.

Well, if only this site is SSL-enabled, all others are only HTTP, than
all can coexist on a single IP.

 I've opened port 53 in my firewall.

for TCP, UDP or both?

 
 
 Stuff
 -
 
 mydomain.com
 virtualdomain.com (more late I want to be able to add
   virtualdomain2.com, virtualdomain3.com, etc.
   pointing to the template zone).
 
 11.22.33.44 (first ip provided for vps)
 11.22.33.45 (second ip provided for vps)

 /etc/named.conf
 ---

[cut]

 // Zones I added 
 zone mydomain.com {
   type master;
   file mydomain.com.zone;
 };
 zone virtualdomain.com {
   type master;
   file template.zone;
 };
 zone 33.22.11.in-addr.arpa {
   type master;
   file 11.22.33;
 };

This will work only if you are designated nameserver for all 11.22.33/24
block, which I think is false. Otherwise you'll have to tell the one
that is (maybe your ISP, maybe even higher) to make changes.

 
 
 Main zone
 
 ; mydomain.com.zone
 $TTL  86400
 @ IN  SOA ns1.mydomain.com.   root.mydomain.com. (
   2011011902  ; Serial
   8H  ; Refresh
   2H  ; Retry
   4W  ; Expire
   1D) ; Minimum TTL
 @ IN  NS  ns1.mydomain.com.
 @ IN  NS  ns2.mydomain.com.
 @ IN  A   11.22.33.44
 www   IN  A   11.22.33.44
 ns1   IN  A   11.22.33.44
 ns2   IN  A   11.22.33.45

looks OK

 
 
 Template zone
 -
 ; template.zone (second ip)
 $TTL  86400
 @ IN  SOA ns1.mydomain.com.   root.mydomain.com. (
   2011011902  ; Serial
   8H  ; Refresh
   2H  ; Retry
   4W  ; Expire
   1D) ; Minimum TTL
 @ IN  NS  ns1.mydomain.com.
 @ IN  NS  ns2.mydomain.com.
 @ IN  A   11.22.33.45
 www   IN  A   11.22.33.45


also looks OK.


 
 
 Reverse zone
 
 ; 11.22.33
 $TTL  86400
 @ IN  SOA ns1.mydomain.com.   root.mydomain.com. (
   2011011901  ; Serial
   8H  ; Refresh
   2H  ; Retry
   4W  ; Expire
   1D) ; Minimum TTL
 @ IN  NS  ns1.mydomain.com.
 @ IN  NS  ns2.mydomain.com.
 44IN  PTR mydomain.com.
 44IN  PTR www.mydomain.com.
 45IN  PTR virtualdomain.com.
 45IN  PTR

Re: bind on vps

2011-02-13 Thread Walter Alejandro Iglesias

On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote:

 On 02/13/11 12:52, Walter Alejandro Iglesias wrote:
  It will be a web hosting sever.  I wrote my own web client
  panel and my own bash scripts to automate the upload of new
  client's virtual domains.  That's why I want to run my own dns
  server; I want to be able to update the registers in my own
  machine.
 
 you do know that you should have two SERVERS for your dns?
 Giving two different IPs for your box will work. but is a very bad idea.
 Even if everything else is on that machine, for some uses (eg. mail)
 having no DNS data is worse than having a failed server.

I read in forums about people that could run their own DNS
server at the same server they had their sites, that's why I
tried.  But I know (and I understand why) that the good
practice is to have two external DNS servers in different
locations.  

  Reverse zone
  
  ; 11.22.33
  $TTL86400
  @   IN  SOA ns1.mydomain.com.   root.mydomain.com. (
  2011011901  ; Serial
  8H  ; Refresh
  2H  ; Retry
  4W  ; Expire
  1D) ; Minimum TTL
  @   IN  NS  ns1.mydomain.com.
  @   IN  NS  ns2.mydomain.com.
  44  IN  PTR mydomain.com.
  44  IN  PTR www.mydomain.com.
  45  IN  PTR virtualdomain.com.
  45  IN  PTR www.virtualdomain.com.
  44  IN  PTR ns1.mydomain.com.
  45  IN  PTR ns2.mydomain.com.
 
 
 First, as stated before, I doubt if anyone will ask your server for that
 info.

Stop here, this is my obscure point: how do you get that your
dns be asked?  What do you need?  What must I ask to my isp
(my vps provider in this case) for?  What do you mean by to be
designated nameserver for the IPs?

 Second - what is the name of 11.22.33.44? Is it mydomain.com?
 www.mydomain.com? ns1.mydomain.com? AFAIK there can be only one PTR record.
 

Yes, I release of my mistake.  Just one domain for ip.

  In case my configuration is OK,
  what must I ask to my vps provider?
 
 Probably nothing. If you can dig/nslookup on your host from external
 hosts, then it looks they don't need to do anything.
 

This is exactly what a cannot do: to dig/nslookup from
external hosts.

Well, my goal (tell me if it is a fantasy:)) is to be able to
update automatically my registers.  I ignore the features and
flexibility of bind, perhaps I should change the strategy.
Could you give me some clue?  Can I use bind just as slave of
the external name server (being it godaddy's dns or my vps
provider's one)?


 Regards,
  Torinthiel
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users

Thanks for answer me!


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind on vps

2011-02-13 Thread Sten Carlsen

You may consider using your own bind as a hidden master that will then
update a number of external DNS servers via notify. That way you fill in
what is to be in DNS and you have all needed diversity. This does not
remove the need to register all those nameservers for EACH name with the
registrar that has sold the name.

Probably your ISP is not involved with the forward DNS, for .com, maybe
Godaddy, for .dk it would be dk-hostmaster.dk, for .sk it would be
somebody else. All depending on who registered the domain in question.

Reverse mapping will be your ISP, if they are willing. Most really don't
accept to do it, that usually depends on the price you pay.

On 13/02/11 17:16, Walter Alejandro Iglesias wrote:
 On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote:

 On 02/13/11 12:52, Walter Alejandro Iglesias wrote:
 It will be a web hosting sever.  I wrote my own web client
 panel and my own bash scripts to automate the upload of new
 client's virtual domains.  That's why I want to run my own dns
 server; I want to be able to update the registers in my own
 machine.
 you do know that you should have two SERVERS for your dns?
 Giving two different IPs for your box will work. but is a very bad idea.
 Even if everything else is on that machine, for some uses (eg. mail)
 having no DNS data is worse than having a failed server.
 I read in forums about people that could run their own DNS
 server at the same server they had their sites, that's why I
 tried.  But I know (and I understand why) that the good
 practice is to have two external DNS servers in different
 locations.  

 Reverse zone
 
 ; 11.22.33
 $TTL86400
 @   IN  SOA ns1.mydomain.com.   root.mydomain.com. (
 2011011901  ; Serial
 8H  ; Refresh
 2H  ; Retry
 4W  ; Expire
 1D) ; Minimum TTL
 @   IN  NS  ns1.mydomain.com.
 @   IN  NS  ns2.mydomain.com.
 44  IN  PTR mydomain.com.
 44  IN  PTR www.mydomain.com.
 45  IN  PTR virtualdomain.com.
 45  IN  PTR www.virtualdomain.com.
 44  IN  PTR ns1.mydomain.com.
 45  IN  PTR ns2.mydomain.com.

 First, as stated before, I doubt if anyone will ask your server for that
 info.
 Stop here, this is my obscure point: how do you get that your
 dns be asked?  What do you need?  What must I ask to my isp
 (my vps provider in this case) for?  What do you mean by to be
 designated nameserver for the IPs?

 Second - what is the name of 11.22.33.44? Is it mydomain.com?
 www.mydomain.com? ns1.mydomain.com? AFAIK there can be only one PTR record.

 Yes, I release of my mistake.  Just one domain for ip.

 In case my configuration is OK,
 what must I ask to my vps provider?
 Probably nothing. If you can dig/nslookup on your host from external
 hosts, then it looks they don't need to do anything.

 This is exactly what a cannot do: to dig/nslookup from
 external hosts.

 Well, my goal (tell me if it is a fantasy:)) is to be able to
 update automatically my registers.  I ignore the features and
 flexibility of bind, perhaps I should change the strategy.
 Could you give me some clue?  Can I use bind just as slave of
 the external name server (being it godaddy's dns or my vps
 provider's one)?


 Regards,
  Torinthiel
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
 Thanks for answer me!


 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

   MALE BOVINE MANURE!!! 

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind on vps

2011-02-13 Thread Torinthiel

On 02/13/11 17:16, Walter Alejandro Iglesias wrote:
 On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote:
 
 On 02/13/11 12:52, Walter Alejandro Iglesias wrote:
 It will be a web hosting sever.  I wrote my own web client
 panel and my own bash scripts to automate the upload of new
 client's virtual domains.  That's why I want to run my own dns
 server; I want to be able to update the registers in my own
 machine.

 you do know that you should have two SERVERS for your dns?
 Giving two different IPs for your box will work. but is a very bad idea.
 Even if everything else is on that machine, for some uses (eg. mail)
 having no DNS data is worse than having a failed server.
 
 I read in forums about people that could run their own DNS
 server at the same server they had their sites, that's why I
 tried.  But I know (and I understand why) that the good
 practice is to have two external DNS servers in different
 locations.  

It's not only good practice, it's a requirement per RFC103[45]. You'll
go by with two IPs for one machine, and if it's only HTTP there won't be
enough difference if this machine fails. However you could also consider
looking for some other DNS services. Some ISPs provide secondary for
free, there might also be a free DNS service somewhere. Or you could
find someone in similar situation as you and be secondary for each other.


 
 Reverse zone
 
 ; 11.22.33
 $TTL86400
 @   IN  SOA ns1.mydomain.com.   root.mydomain.com. (
 2011011901  ; Serial
 8H  ; Refresh
 2H  ; Retry
 4W  ; Expire
 1D) ; Minimum TTL
 @   IN  NS  ns1.mydomain.com.
 @   IN  NS  ns2.mydomain.com.
 44  IN  PTR mydomain.com.
 44  IN  PTR www.mydomain.com.
 45  IN  PTR virtualdomain.com.
 45  IN  PTR www.virtualdomain.com.
 44  IN  PTR ns1.mydomain.com.
 45  IN  PTR ns2.mydomain.com.


 First, as stated before, I doubt if anyone will ask your server for that
 info.
 
 Stop here, this is my obscure point: how do you get that your
 dns be asked?  What do you need?  What must I ask to my isp
 (my vps provider in this case) for?  What do you mean by to be
 designated nameserver for the IPs?

Generally (not only for reverse DNS) you need one thing: delegation.
That is, the parent zone (this being .com for mydomain.com and
22.11.in-addr.arpa here) needs to answer 'I don't know about
mydomain.com, ask ns.mydomain.com'. And that's the part your server has
nothing to say yet, as it happens before query reaches your server.
Usually (that being the three places I know personally ;) the place
where you register your domain has some kind of web panel where you can
either setup the zone (if you use their nameservers) and/or enter the
nameservers you want to handle queries. And that's the part you want to do.

Now, specific about this part: first, disclaimer: I've never
administrated any reverse zones.
But still, probably your ISP/VPS provider would be the place to ask. Try
doing dig -x 11.22.33.44, and if it returns anything, then you have
reverse set up. Maybe some web panel from your ISP allows you to change
that to anything else, and maybe you even need it. But if you are doing
only HTTP and DNS than anything would be fine, as long as it resolves to
anything, and resolves back to you (so if you do dig -x 11.22.33.44 and
then dig what-you-got-from-previous you end with 11.22.33.44).
IMHO you don't need to handle any in-addr.arpa zone at all, your ISP
does it for you. You could change what it resolves to, via a web
interface and/or email directly to them,but chances are you don't need it.

 Second - what is the name of 11.22.33.44? Is it mydomain.com?
 www.mydomain.com? ns1.mydomain.com? AFAIK there can be only one PTR record.

 
 Yes, I release of my mistake.  Just one domain for ip.
 
 In case my configuration is OK,
 what must I ask to my vps provider?

 Probably nothing. If you can dig/nslookup on your host from external
 hosts, then it looks they don't need to do anything.

 
 This is exactly what a cannot do: to dig/nslookup from
 external hosts.

Not exactly. You've stated that you CAN ask your server from external
hosts, but only if you specify to ask it. What you want to achieve is
having valid resolution without asking your specific server. And that's
the delegation step.


 Well, my goal (tell me if it is a fantasy:)) is to be able to
 update automatically my registers.  I ignore the features and
 flexibility of bind, perhaps I should change the strategy.
 Could you give me some clue?  Can I use bind just as slave of
 the external name server (being it godaddy's dns or my vps
 provider's one)?

Being a slave server won't do you any good, slave (as the name suggests)
has nothing

Re: bind on vps

2011-02-13 Thread Walter Alejandro Iglesias

On Sun, Feb 13, 2011 at 10:12:34PM +0100, Torinthiel wrote:
 On 02/13/11 17:16, Walter Alejandro Iglesias wrote:
  On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote:
 It's not only good practice, it's a requirement per RFC103[45]. You'll
 go by with two IPs for one machine, and if it's only HTTP there won't be
 enough difference if this machine fails. However you could also consider
 looking for some other DNS services. Some ISPs provide secondary for
 free, there might also be a free DNS service somewhere. Or you could
 find someone in similar situation as you and be secondary for each other.
 

I did it with zoneedit.  Now I have it running.

  Stop here, this is my obscure point: how do you get that your
  dns be asked?  What do you need?  What must I ask to my isp
  (my vps provider in this case) for?  What do you mean by to be
  designated nameserver for the IPs?
 
 Generally (not only for reverse DNS) you need one thing: delegation.
 That is, the parent zone (this being .com for mydomain.com and
 22.11.in-addr.arpa here) needs to answer 'I don't know about
 mydomain.com, ask ns.mydomain.com'. And that's the part your server has
 nothing to say yet, as it happens before query reaches your server.
 Usually (that being the three places I know personally ;) the place
 where you register your domain has some kind of web panel where you can
 either setup the zone (if you use their nameservers) and/or enter the
 nameservers you want to handle queries. And that's the part you want to do.

This is I've explained I did at godaddy.  At godaddy you have
two forms at each domain, one to set the ns servers for the
domain and other called Host Summary where you associate ns to
the ip.  If this is what I think it is for :), then it should
publish your ns1 and ns2 (at least this I've read in some
forum):

 Now, specific about this part: first, disclaimer: I've never
 administrated any reverse zones.  But still, probably your
 ISP/VPS provider would be the place to ask. Try doing dig -x
 11.22.33.44  , and if it returns anything, then you have
 reverse set up. Maybe some web panel from your ISP allows
 you to change that to anything else, and maybe you even need
 it. But if you are doing only HTTP and DNS than anything
 would be fine, as long as it resolves to anything, and
 resolves back to you (so if you do dig -x 11.22.33.44 and
 then dig what-you-got-from-previous you end with
 11.22.33.44).  IMHO you don't need to handle any
 in-addr.arpa zone at all, your ISP does it for you. You
 could change what it resolves to, via a web interface and/or
 email directly to them,but chances are you don't need it.
 

I've told you in my first message, dig [-x], nslookup just
works from inside the vps (because I set localhost at
resolv.conf).

  Second - what is the name of 11.22.33.44? Is it mydomain.com?
  www.mydomain.com? ns1.mydomain.com? AFAIK there can be only one PTR record.
 
  
  Yes, I release of my mistake.  Just one domain for ip.
  
  In case my configuration is OK,
  what must I ask to my vps provider?
 
  Probably nothing. If you can dig/nslookup on your host from external
  hosts, then it looks they don't need to do anything.
 
  
  This is exactly what a cannot do: to dig/nslookup from
  external hosts.
 
 Not exactly. You've stated that you CAN ask your server from external
 hosts,

I which way?  Where did I state this?

 but only if you specify to ask it. What you want to achieve is
 having valid resolution without asking your specific server. And that's
 the delegation step.

The only way I could access to my server is using the ip
address.  Sorry if I did not explained myself correctly.
 
  Well, my goal (tell me if it is a fantasy:)) is to be able to
  update automatically my registers.  I ignore the features and
  flexibility of bind, perhaps I should change the strategy.
  Could you give me some clue?  Can I use bind just as slave of
  the external name server (being it godaddy's dns or my vps
  provider's one)?
 
 Being a slave server won't do you any good, slave (as the name suggests)
 has nothing to say about contents of the zone.
 The main problem here is that you want to update delegations, which
 don't depend on your server. I don't think a fully automated setup is
 possible, at least if your registry doesn't provide some non-webpage
 interface to alter delegations. There would be at least one
 non-automated step: buying the domain and telling (it should be possible
 in the process) that it should be handled by your servers.
 It's a once per zone operation, but has to be done.
 Rest (adding zone for your bind, changing the IP it resolves to) could
 be automated.

I will not resell domain names.  I will setup a KISS web
server :).  But anyway, I will go with zoneedit that it is the
good practice.  The question pending is how to setup a dns
server from scratch.  If further on I have more clients I will
rent a small vps and I will see how to get it working.


Well, Torinthiel, I am grateful

Re: bind on vps

2011-02-13 Thread Terry.

2011/2/13 Walter Alejandro Iglesias e...@roquesor.com:
 Hello,

 I read bind howto, several tutorials, mailing lists.  After
 two months trying to get this working without success I must
 bother you.

 I am running a Slackware in a vps server, it provides me two
 IPs (I can ask for more if needed).

 I have the domains registered at go daddy.

 It will be a web hosting sever.  I wrote my own web client
 panel and my own bash scripts to automate the upload of new
 client's virtual domains.  That's why I want to run my own dns
 server; I want to be able to update the registers in my own
 machine.

 I am running my name server in the same machine I run my
 domains.  I've read a post in this mailing list where a newbie
 like me explains the same problem.  But the last answer
 mention only about glue records and I think I've included
 them correctly(?).  nslookup returns me the expected when I
 run from inside the vps but not when I run it from the
 outside.


I have been also running the named on my VPS, with two IPs too.
The site is under developing, after done will also provide the
smartdns hosting to my customers,:)

-- 
Free SmartDNS Hosting:
http://DNSbed.com/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

bind on vps

Re: bind on vps

Re: bind on vps

Re: bind on vps

Re: bind on vps

Re: bind on vps

Re: bind on vps

7 matches

Site Navigation

Mail list logo

Footer information