How To Run Your Own DNS Servers (Primary And Secondary) With ISPConfig 3 (Debian Squeeze) - Page 3

6 Testing

Now let's test if the zone and its records have been created on both server1.example.com and server2.example.com, and if they are served correctly. We can use the dig tool for it. You can run the following commands on any server (server1.example.com, server2.example.com, or any other server):

dig @server1.example.com any mydomain.com

This command asks server1.example.com to serve all records that it has for mydomain.com:

root@server1:~# dig @server1.example.com any mydomain.com

; <<>> DiG 9.7.3 <<>> @server1.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45584
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mydomain.com.                  IN      ANY

;; ANSWER SECTION:
mydomain.com.           86400   IN      A       78.46.230.214
mydomain.com.           86400   IN      MX      10 mail.mydomain.com.
mydomain.com.           86400   IN      NS      server1.example.com.
mydomain.com.           86400   IN      NS      server2.example.com.
mydomain.com.           86400   IN      SOA     server1.example.com. zonemaster.example.com. 2011071901 28800 7200 604800 86400

;; ADDITIONAL SECTION:
mail.mydomain.com.      86400   IN      A       78.46.230.214

;; Query time: 0 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Tue Jul 19 14:09:38 2011
;; MSG SIZE  rcvd: 182

root@server1:~#

If we check server2.example.com, it should return the same records:

dig @server2.example.com any mydomain.com

root@server1:~# dig @server2.example.com any mydomain.com

; <<>> DiG 9.7.3 <<>> @server2.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5183
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mydomain.com.                  IN      ANY

;; ANSWER SECTION:
mydomain.com.           86400   IN      A       78.46.230.214
mydomain.com.           86400   IN      MX      10 mail.mydomain.com.
mydomain.com.           86400   IN      NS      server2.example.com.
mydomain.com.           86400   IN      NS      server1.example.com.
mydomain.com.           86400   IN      SOA     server1.example.com. zonemaster.example.com. 2011071901 28800 7200 604800 86400

;; ADDITIONAL SECTION:
mail.mydomain.com.      86400   IN      A       78.46.230.214

;; Query time: 0 msec
;; SERVER: 1.2.3.5#53(1.2.3.5)
;; WHEN: Tue Jul 19 14:10:07 2011
;; MSG SIZE  rcvd: 182

root@server1:~#

You can do the same for www.mydomain.com and mail.mydomain.com and any other hostname you have created, e.g.:

dig @server1.example.com any www.mydomain.com
dig @server2.example.com any www.mydomain.com
dig @server1.example.com any mail.mydomain.com
dig @server2.example.com any mail.mydomain.com

This means our primary/secondary DNS setup is working as expected!

 

7 Creating Further Records

Let's create an SPF record for demonstration purposes. An SPF record is a TXT record, so we click on the TXT button on the Records tab of the mydomain.com zone.

The form contains the following fields:

  • Hostname: The name that this record describes. This field can contain an FQDN or just a hostname. If you specify an FQDN, the name must end with a dot; if you specify just a hostname, it must not end with a dot. Fill in mydomain.com. here (if you forget the dot at the end, the hostname would translate to mydomain.com.mydomain.com.).
  • Text: You can use the SPF wizard at http://old.openspf.org/ to find out what to fill in here (e.g. v=spf1 a mx ptr -all).
  • TTL: The time interval (in seconds) that this record may be cached before the source of the information should again be consulted. Zero values are interpreted to mean that the record can only be used for the transaction in progress, and should not be cached.
  • Active: This defines whether this TXT record is active or not.

Wait a few minutes, and then test if the record has been created on both server1.example.com and server2.example.com:

dig @server1.example.com any mydomain.com

root@server1:~# dig @server1.example.com any mydomain.com

; <<>> DiG 9.7.3 <<>> @server1.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23141
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mydomain.com.                  IN      ANY

;; ANSWER SECTION:
mydomain.com.           86400   IN      A       78.46.230.214
mydomain.com.           86400   IN      MX      10 mail.mydomain.com.
mydomain.com.           86400   IN      NS      server2.example.com.
mydomain.com.           86400   IN      NS      server1.example.com.
mydomain.com.           86400   IN      TXT     "v=spf1 a mx ptr -all"
mydomain.com.           86400   IN      SOA     server1.example.com. zonemaster.example.com. 2011071903 28800 7200 604800 86400

;; ADDITIONAL SECTION:
mail.mydomain.com.      86400   IN      A       78.46.230.214

;; Query time: 0 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Tue Jul 19 14:23:19 2011
;; MSG SIZE  rcvd: 215

root@server1:~#

dig @server2.example.com any mydomain.com 

root@server1:~# dig @server2.example.com any mydomain.com

; <<>> DiG 9.7.3 <<>> @server2.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13876
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mydomain.com.                  IN      ANY

;; ANSWER SECTION:
mydomain.com.           86400   IN      A       78.46.230.214
mydomain.com.           86400   IN      MX      10 mail.mydomain.com.
mydomain.com.           86400   IN      NS      server1.example.com.
mydomain.com.           86400   IN      NS      server2.example.com.
mydomain.com.           86400   IN      TXT     "v=spf1 a mx ptr -all"
mydomain.com.           86400   IN      SOA     server1.example.com. zonemaster.example.com. 2011071903 28800 7200 604800 86400

;; ADDITIONAL SECTION:
mail.mydomain.com.      86400   IN      A       78.46.230.214

;; Query time: 1 msec
;; SERVER: 1.2.3.5#53(1.2.3.5)
;; WHEN: Tue Jul 19 14:23:36 2011
;; MSG SIZE  rcvd: 215

root@server1:~#

More details about how to create DNS zones/records can be found in chapters 4.8 and 5.12 of the ISPConfig 3 Manual.

 

8 Setting server1.example.com And server2.example.com As The Authoritative Name Servers For mydomain.com

Now that everything is working as expected, we want server1.example.com and server2.example.com to be the "official" (=authoritative) name servers for mydomain.com. When you register a domain at your domain registrar, it automatically uses DNS servers of your domain registrar (unless you specify your own name servers) which means if other hosts try to resolve your domain, the DNS servers of your domain registrar will be queried instead of your ISPConfig DNS servers.

To change that, go to your domain registrar's control panel, select your domain, and set your ISPConfig DNS servers as the authoritative name servers for the domain (this is a screenshot from the ResellerClub control panel; other domain registrars have similar control panels):

Please note that you should do this only after you have created the appropriate DNS records on your ISPConfig servers because some registries will complain if they do not find records for the domain on the new authoritative name servers.

If you register a new domain and want to use your ISPConfig servers as the authoritative DNS servers for the domain, you should first create the zone for the domain on the ISPConfig servers and then, while you register the domain, specify the ISPConfig servers as the authoritative name servers. That way your new domain uses the ISPConfig servers from the start on.

 

Share this page:

5 Comment(s)