DNS and subdomains?

Discussion in 'General' started by smokinjo, Feb 23, 2020.

  1. smokinjo

    smokinjo Member HowtoForge Supporter

    I have browsed over some of the threads that deal with subdomains. I understand that the simplest way to do this is to just create a new website called:


    It is a separate site altogether, which is just fine for me.

    But, there were comments on when using subdomains, you need to add a DNS entry.

    I am not quite sue whee this would be added.

    I saw other comments about adding an A record to deal with the subdomain.

    Thanks for any pointers.

  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    It is not clear to me whether you want to create a subdomain or a hostname in your existing domain.
    Creating a website something.somedomain.com creates neither. It just creates a website.
    Creating a subdomain means creating a new zone in an existing domain. To use the created website you need alias CNAME or A record in DNS name service.
    If you explain what your ultimate goal is, then I can advice what to do, whether it involves creating a subdomain or not.
  3. smokinjo

    smokinjo Member HowtoForge Supporter

    Thanks Taleman for your reply.
    I found this conversation that included Til, which shows that you can get the same end result by two different methods:

    I can choose the subdomain or the create new website way.

    I thought that the new site would work just fine.

    I also read another site that says to add a CNAME after creating a new website:

    Basically, my goal is this:
    If I create a new subdomain/website that uses the same main domain name:


    I read that you need to tell the DNS about the new subdomain so that it will be reachable by the web.

    What do I need to add to the DNS to make this happen?


  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Despite your long answer to my question
    I still do not know that.
    I'm going to assume you want to have new website named something.mysite.com. You create that website in ISPConfig panel, consult ISPConfig Manual if needed.
    Then you add in DNS name service EITHER a CNAME (alias record) something.mysite.com that points to mysite.com if that has the IP address of your web server OR set an A record for something.mysite.com that points to your web servers IP-address.
    In addition, if you want to test your new website before name service is set up, you can use this: https://www.faqforge.com/linux/cont...ess-a-namebased-website-without-a-dns-record/
  5. smokinjo

    smokinjo Member HowtoForge Supporter

    The ultimate goal is to be able t see my newly created domain: subdomain.mydomain.com

    I did create this site.

    I have pfsense, so I used the dns resolver, and I can see the newly created site just fine. I see the default webpage created by ispconfig.

    So, it is set up correctly ispconfig.

    When I turn of the resolver, it does not work.

    Before doing that, I did as you suggested. I read up on what the a record and cname do. I understand the principle of what they are and how they work.

    I created an a record for the domain at my domain registrars site. I copied the format of the other a-records there:

    Record: A
    Name: my subdomain
    Content: My IP
    It asks for priority, but this is left blank

    It did not work, so I erased the arecord and used the CNAME instead:
    Record: CNAME
    Name: my subdomain
    Content: my domain name
    It asks for priority, but this is left blank

    Did I do them correctlyt?

    You mentioned NOT to do both at the same time, I so I did not do them both at the same time.

    If I just use the domain name, it does reach the server.

    Can you let me know if the records were wrong, or what else I might look at?


  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    It takes 4 -- 48 hours to name service changes coming online, because the changes propagate slowly over the Internet. So it may be you need to create the record at your registrar and wait for next day to test it.
    Meanwhile, you can verify your setup is correct using https://www.faqforge.com/linux/cont...ess-a-namebased-website-without-a-dns-record/ while you wait for that name service info to update at the name server your workstation is using.
    Why do you turn it off? If it works, why break it? What kind of resolver is this and what does it do?
    When you do the changes in your registers name servers, use the testing chapter in this Tutorial to verify it is working as expected:
  7. smokinjo

    smokinjo Member HowtoForge Supporter

    OK, as I mentioned in my message, I used the :
    DNS resolver
    that is available in PFSENSE, which is installed as our firewall/router.
    I used it so that I can see the web pages via the intranet to confirm that ISPConfig is set up correctly.
    It seems ot be set up, because when the dns reolver is turned on, my sites are visible from within the intranet.

    I turned it off becuase I knew that ISPConfig and my site were set up correctly, and I needed to test it to see if it worked with the a-record that I had created.

    I will do as you suggest and wait for the a-record to propogate over the internet. I will see what happens tomorrow night.

    The information that I presented for the a-record an cname, was it in the right format?

    I will test the domain tomorrow when things should have gone through.


  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    It is not in any format that I am familiar with.
  9. smokinjo

    smokinjo Member HowtoForge Supporter

    OK, maybe the word "format" is the wrong word.
    I should have listed the fields(see attached image to see what I need to fill out):
    Name (Isubdomain word I used for the new site)
    Type (I chose A Record)
    IP address (I entered my servers IP)
    TTL (I put 30 minutes)
    Priority (I left blank)

    Knowing what I filled in(and seeing the form I filled in), is the information the right type of information?

    Attached Files:

    • dns.png
      File size:
      18 KB
  10. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    What IP address did you enter in the DNS resolver? I'm guessing your intranet is private ip space, and you entered the private IP? That would work internally, but for public dns you have to enter the public IP, and setup pfsense to port forward everything you need to your ISPConfig server (port 80 and 443 at minimum).

    Additionally, when you (believe you) have that setup correctly and are testing, are you testing that it works from your intranet or from outside on the public internet? You should probably test the latter first, and get public services working, as the former is more complicated and prone to failure (pfsense can handle it though, look at the NAT redirection settings).
  11. smokinjo

    smokinjo Member HowtoForge Supporter

    Hello Jesse,

    Thanks for your comments.

    For the DNS resolver, I use the domain name. I say intranet, because I used it just for testing the websites internally.

    We already have other websites running on the server, so pfsense already hs the port forwarding fo rth eports 80 and 443. I actually just rechecked them all, and things ar eall set up correctly.

    The testing that works is only from inside the local network (with the help of the dns resolver).
    The issue that I am having is not with the regular www.website.com, it is that I am adding a subsomain to it, and this is what is new. Other websites(www.site.com) work just fine on the server, but this is the first one for which I am trying to add a subdomain.

    Since it was working internally, this is when I learned the next step would be to add the a record or cname in the domian registars information.


  12. smokinjo

    smokinjo Member HowtoForge Supporter

    After seeing Talemans idea for th retesting to see if the cname entry worked, I used th efollowing command:
    ~$ host social.mmaj.ca
    my domain name and my statis IP are listed there.

    The results are:
    Using domain server:

    social.mmaj.ca mail is handled by 30 mx.mmaj.ca.

    I tried dig, and it seems to show that my subdomain is poitnign back to my main domain, as I set it up to do:
    :~$ dig social.mmaj.ca

    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> social.mmaj.ca
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23605
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

    ; EDNS: version: 0, flags:; udp: 4096
    ;social.mmaj.ca. IN A

    mmaj.ca. 1352 IN SOA max.ns.cloudflare.com. dns.cloudflare.com. 2033369540 10000 2400 604800 3600

    ;; Query time: 1 msec
    ;; SERVER:
    ;; WHEN: Wed Feb 26 23:00:19 EST 2020
    ;; MSG SIZE rcvd: 104

    But, when I use nslookup, it seems like it can not find it:
    :~$ nslookup social.mmaj.ca

    Non-authoritative answer:
    *** Can't find social.mmaj.ca: No answer
    (does this say it can not find it? Is it because I used cname in stead of a record?)

    Maybe I am using these extra commands with out knowing what I am doing or maybe misinterpretaing the results? But I am trying:)



  13. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Command host finds your domain because you give it the name server to query that information from.
    host social.mmaj.ca
    It is the second parameter for the command.
    For nslookup you do not give the name server to query, so it ask from default name server which can not find the info. This may be because information has not yet propagated there or misconfiguration in name service. Even host without the name server parameter fails to return the IP-number when I test it here.
    Is the domain registered properly?
    $ whois  social.mmaj.ca
    Not found: social.mmaj.ca
    % Use of CIRA's WHOIS service is governed by the Terms of Use in its Legal
    % Notice, available at http://www.cira.ca/legal-notice/?lang=en
    % (c) 2019 Canadian Internet Registration Authority, (http://www.cira.ca/)

Share This Page