Less than 24 hours ago I completed a DNS set-up on Ubuntu 10.4 using NSD, twisted4life.com, and GoDaddy. While the system may need at least another 24 hours to propagate through the Internet, I am pretty sure that my configuration is not quite correct.
As a template I followed Monarch's method, which outlined a method of setting up DNS with bind9, twisted4life and GoDaddy. Through a recommendation from a member of Linode staff, who believes NSD to be a world easier than bind, I installed NSD instead.
Here is the link to Monarch's method:
http://www-loadbal3.linode.com/forums/viewtopic.php?p=9715&sid=d7e336cd417c6c71dd72842723e2aec5
(1) Register name(s) with GoDaddy.com. I registered FELDMAND.COM along with some other names.
(2) Sign up for an account at twisted4life.com. They provide secondary DNS. You will need 3 things: your own domain of which you have control of the DNS settings, an existing primary DNS server, a working email account.
Here is an example edited domain. Note that 74.207.241.5 is ns1.linode.com.
Quote:
Domain name feldmand.com
IP of primary DNS 74.207.241.5 (ns1.linode.com)
Active Yes
Queued for forced reload No
[ Save ] [ Cancel ]
Make any changes to this domain you wish, then click Save. By default new domains are queued for a forced reload prior to the regular refresh of the whole DNS server. You can un-queue the domain from the forced list using this form, and it will be transferred along with the normal process provided it is marked as Active.
The system also provided the secondary DNS nameserver we seek.
Quote:
Add the following to your list of NS records and registrar delegation for your domains: ns1.twisted4life.com
Here are the properties for feldmand.com.
Quote:
Primary DNS IP
74.207.241.5
Last try (UTC)
2010-08-24 06:02:22
Last transfer (UTC)
none yet
Zone serial number
none yet
Here are the current results from the twisted4life.com supplied DNS config checker.
Quote:
DNS Configuration Checker
.....
Domain to check:
DNS diagnosis for feldmand.com
Test being performed Results and explanation Status
Listed in Root servers Is your domain feldmand.com listed at the Root servers?
This is bad. There was no response for that entry from the Root servers
Root server that was queried: a.gtld-servers.net.
Responding nameservers Checking each of your individual authoritative nameservers:
Gee, looks like you have no nameservers. Perhaps this domain has not been registered yet?
Missing/Stealth nameserver
You don't have any valid nameservers
Nameservers have identical SOA serial Aha! You don't even have any valid DNS servers
Nameserver response times No responding nameservers
Nameservers on different networks No
We recommend that you locate your servers on seperate networks to give you better resilience against failures
SOA Refresh value Your SOA refresh value was reported to be:
This value is too low. The RFC 1912 recommends that this value be between 1200 to 43200. This value determines how often slave nameservers check with the master for changes
SOA Retry value Your SOA retry value was reported to be:
This value is too low. The RCC 1912 specification recommends a value between 120 to 7200. This value determines how often slave nameservers would contact the master nameserver if the previous XFER failed
SOA Expire value Your SOA expire value was reported to be:
This value is too low. The RFC 1912 specification recommends a value between 1209600 to 2419200. This value determines how long a slave nameserver will wait before considering its DNS data stale if it can't reach your primary nameserver
SOA TTL value Your SOA minimum TTL value was reported to be:
This value is too low. The RFC 1912 specification recommends a value between 60 to 86400. This value determines how long nameservers should cache the value before attempting to fetch the latest value from an authoritative nameserver. Setting this value too low would cause uncessary traffic to your DNS server.
Mail Exchangers You have 0 mail exchangers. Checking also if mail exchangers accept mail for your domain
This is not good. You do not have any MX records defined
I believe everything is configured correctly at twisted4life.com. The only aspect that has me guessing is the "Queued for forced reload". Maybe I need to explicitly force the reload. Just to make sure, I just force reloaded all of my domains.
I hope things will get resolved once the names propagate through the Internet. Will they?
(3) Install a ubiquitous DNS server, for example, NSD for authoritative DNS, on your Linode, and edit the configuration files.
In Monarch's method using bind,
http://www-loadbal3.linode.com/forums/viewtopic.php?p=9715&sid=d7e336cd417c6c71dd72842723e2aec5, he edited /etc/bind/named.conf.local, which is equivalent to NSD's /etc/nsd3/nsd.conf file.
Excerpt: BIND's named.conf.file
Code:
zone "example.com" {
type master;
file "/etc/bind/db.com.example";
allow-transfer {
202.157.185.115; // ns1.twisted4life.com
};
};
Excerpt: My NSD's nsd.conf file
Code:
zone:
name: "feldmand.com"
zonefile: "feldmand.com.zone"
# also provide xfr to operator's network - ns1.twisted4life.com.
provide-xfr: 202.157.182.142/32 NOKEY
# set the number of retries for notify.
notify-retry: 5
He then created a file called /etc/find/db.com.example, which is equivalent to the /etc/nsd3/example.com.zone.
Excerpt: db.com.example
Code:
; Zone file for example.com
;
; The full zone file
;
$TTL 86400
@ IN SOA ns.example.com. hostmaster.example.com. (
2006020601 ; Serial
; how often slave nameservers check with the master for changes
7200 ; Refresh
; how often slave nameservers would contact the master
; nameserver if the previous XFER failed
1200 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
NS ns ; inet of our nameserver
NS ns1.twisted4life.com. ; secondary dns
ns A 1.2.3.4 ; my linode service ip address
www CNAME ns
Excerpt: My feldmand.com.zone file
Code:
$ORIGIN feldmand.com.
$TTL 86400
@ IN SOA ns1.feldmand.com. web-admin.feldmand.com. (
2009011803 ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS ns1.feldmand.com.
NS ns1.twisted4life.com.
MX 10 mail.feldmand.com.
$ORIGIN feldmand.com.
feldmand.com. IN A [Linode IP address]
feldmand.com. IN TXT "Testing feldmand...1...2...3"
ns1 IN A 74.207.241.5
ns2 IN A 202.157.182.142
www IN A [Linode IP address]
blog IN A [Linode IP address]
photos IN A [Linode IP address]
videos IN A [Linode IP address]
I am not sure I have configured NSD correctly. Of recent have found the nomenclature and syntax of the /etc/nsd3/nsd.conf to be somewhat intimidating. Something seems wrong about how I have configured the nameservers in feldmand.com.zone. Also I should probably be using CNAMEs as opposed to As in the latter half of the file.
Any suggestions on where my problem lies and/or how I should clean up this file?
(4) Transfer the secondary DNS server from the Linode server. Add a secondary server for your domains at your Linode server IP address.
I am not sure I did this correctly, but my reference to ns1.twisted4life.com and its corresponding IP address 202.157.182.142 in the zone file and configuration file was my attempt to do this.
Twisted4Life.com recommended the following: Your zone file should contain the following:
Code:
yourdomain.com. IN NS ns1.twisted4life.com
Twisted4Life continued:
Quote:
You must allow the Primary DNS to transfer to twisted4life's server. If you do not do this all transfers will fail. To allow transfers, you must add 202.157.182.142 to the 'Allow' settings of the primary server. This will require administration access.
Finally, at the domain registrar, enter the twisted4life as one of your secondaries: ns1.twisted4life.com.
(5) Restart the daemon of NSD on the Linode.
Rebuild the NSD database with this command:
Code:
nsdc rebuild
After rebuilding, restart NSD.
Code:
/etc/init.d/nsd3 restart
Test to see that your DNS server is properly serving records.
Code:
dig @localhost www.feldmand.com
These are the current results of the dig command (note that this is after setting up the nameservers on the GoDaddy account):
Code:
; <<>> DiG 9.7.0-P1 <<>> @localhost www.feldmand.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12676
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.feldmand.com. IN A
;; ANSWER SECTION:
www.feldmand.com. 86400 IN A [Linode IP address]
;; AUTHORITY SECTION:
feldmand.com. 86400 IN NS ns1.feldmand.com.
feldmand.com. 86400 IN NS ns1.twisted4life.com.
;; ADDITIONAL SECTION:
ns1.feldmand.com. 86400 IN A 74.207.241.5
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 24 07:28:39 2010
;; MSG SIZE rcvd: 131
(6) Verify in the logs that a zone transfer occurs to ns1.twisted4life.com.
Checking /var/log/syslog as well as all the other files in the /var/log directory yielded no matches for 'twisted4life'! Either my setup at twisted4life or more likely in my NSD zone and config files is faulty.
Does anyone have any suggestions on how to verify zone transfers and how to resolve them if I indeed do have a problem?
(7) Log into your GoDaddy account. You will add domain(s) with the name "ns.example.com" with your Linode IP address. You will also make "ns.example.com" your first nameserver, and ns1.twisted4life.com your second nameserver.
Go to the domain manager. Select all domains. Select the "Manage Locking" Icon. Deselect the "Lock domains" selector.
Add domains with the name of each of the local nameservers. From the Domain Manager, enter the name of your domain. Search for "Host Summary" on the same page. Click the "Add" next to it. Add "ns1.example.com". Click OK.
Click set nameservers. Set the nameservers to ns1.example.com and ns1.twisted4life.com. Click OK.
Repeat for its domain name.
Return to the domain manager. Select all domains. Select the "Manage Locking" Icon. This time select the "Lock domains" selector.
(8) Wait between 24 and 48 hours for the name(s) to propagate through the Internet. Theoretically my name(s) should complete propagation within just over 24 hours.
(9) Use
http://www.dnsreport.com/ to diagnose the state of your DNS and its configuration. Type the name of your domain. You may find that the URL redirects to
www.dnsstuff.com.
------------
If you can offer any pointers I would be most appreciative.
I am not sure how related this is, but here Jed, Linode.com staff, suggests a method on how to configure Linode to be a slave to your own DNS server:
http://www.linode.com/forums/viewtopic.php?t=5403&start=0
Would this be a better way for me to do what I want to do?
Thanks again.
FAQ
Search
Members
Register
Login [ Anonymous ]
