How To Run Your Own DNS Servers (Primary And Secondary) With ISPConfig 3 (Debian Squeeze) - Page 3
6 Testing
Now let's test if the zone and its records have been created on both server1.example.com and server2.example.com, and if they are served correctly. We can use the dig tool for it. You can run the following commands on any server (server1.example.com, server2.example.com, or any other server):
dig @server1.example.com any mydomain.com
This command asks server1.example.com to serve all records that it has for mydomain.com:
root@server1:~# dig @server1.example.com any mydomain.com
; <<>> DiG 9.7.3 <<>> @server1.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45584
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mydomain.com. IN ANY
;; ANSWER SECTION:
mydomain.com. 86400 IN A 78.46.230.214
mydomain.com. 86400 IN MX 10 mail.mydomain.com.
mydomain.com. 86400 IN NS server1.example.com.
mydomain.com. 86400 IN NS server2.example.com.
mydomain.com. 86400 IN SOA server1.example.com. zonemaster.example.com. 2011071901 28800 7200 604800 86400
;; ADDITIONAL SECTION:
mail.mydomain.com. 86400 IN A 78.46.230.214
;; Query time: 0 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Tue Jul 19 14:09:38 2011
;; MSG SIZE rcvd: 182
root@server1:~#
If we check server2.example.com, it should return the same records:
dig @server2.example.com any mydomain.com
root@server1:~# dig @server2.example.com any mydomain.com
; <<>> DiG 9.7.3 <<>> @server2.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5183
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mydomain.com. IN ANY
;; ANSWER SECTION:
mydomain.com. 86400 IN A 78.46.230.214
mydomain.com. 86400 IN MX 10 mail.mydomain.com.
mydomain.com. 86400 IN NS server2.example.com.
mydomain.com. 86400 IN NS server1.example.com.
mydomain.com. 86400 IN SOA server1.example.com. zonemaster.example.com. 2011071901 28800 7200 604800 86400
;; ADDITIONAL SECTION:
mail.mydomain.com. 86400 IN A 78.46.230.214
;; Query time: 0 msec
;; SERVER: 1.2.3.5#53(1.2.3.5)
;; WHEN: Tue Jul 19 14:10:07 2011
;; MSG SIZE rcvd: 182
root@server1:~#
You can do the same for www.mydomain.com and mail.mydomain.com and any other hostname you have created, e.g.:
dig @server1.example.com any www.mydomain.com
dig @server2.example.com any www.mydomain.com
dig @server1.example.com any mail.mydomain.com
dig @server2.example.com any mail.mydomain.com
This means our primary/secondary DNS setup is working as expected!
7 Creating Further Records
Let's create an SPF record for demonstration purposes. An SPF record is a TXT record, so we click on the TXT button on the Records tab of the mydomain.com zone.
The form contains the following fields:
- Hostname: The name that this record describes. This field can contain an FQDN or just a hostname. If you specify an FQDN, the name must end with a dot; if you specify just a hostname, it must not end with a dot. Fill in mydomain.com. here (if you forget the dot at the end, the hostname would translate to mydomain.com.mydomain.com.).
- Text: You can use the SPF wizard at http://old.openspf.org/ to find out what to fill in here (e.g. v=spf1 a mx ptr -all).
- TTL: The time interval (in seconds) that this record may be cached before the source of the information should again be consulted. Zero values are interpreted to mean that the record can only be used for the transaction in progress, and should not be cached.
- Active: This defines whether this TXT record is active or not.
Wait a few minutes, and then test if the record has been created on both server1.example.com and server2.example.com:
dig @server1.example.com any mydomain.com
root@server1:~# dig @server1.example.com any mydomain.com
; <<>> DiG 9.7.3 <<>> @server1.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23141
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mydomain.com. IN ANY
;; ANSWER SECTION:
mydomain.com. 86400 IN A 78.46.230.214
mydomain.com. 86400 IN MX 10 mail.mydomain.com.
mydomain.com. 86400 IN NS server2.example.com.
mydomain.com. 86400 IN NS server1.example.com.
mydomain.com. 86400 IN TXT "v=spf1 a mx ptr -all"
mydomain.com. 86400 IN SOA server1.example.com. zonemaster.example.com. 2011071903 28800 7200 604800 86400
;; ADDITIONAL SECTION:
mail.mydomain.com. 86400 IN A 78.46.230.214
;; Query time: 0 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Tue Jul 19 14:23:19 2011
;; MSG SIZE rcvd: 215
root@server1:~#
dig @server2.example.com any mydomain.com
root@server1:~# dig @server2.example.com any mydomain.com
; <<>> DiG 9.7.3 <<>> @server2.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13876
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mydomain.com. IN ANY
;; ANSWER SECTION:
mydomain.com. 86400 IN A 78.46.230.214
mydomain.com. 86400 IN MX 10 mail.mydomain.com.
mydomain.com. 86400 IN NS server1.example.com.
mydomain.com. 86400 IN NS server2.example.com.
mydomain.com. 86400 IN TXT "v=spf1 a mx ptr -all"
mydomain.com. 86400 IN SOA server1.example.com. zonemaster.example.com. 2011071903 28800 7200 604800 86400
;; ADDITIONAL SECTION:
mail.mydomain.com. 86400 IN A 78.46.230.214
;; Query time: 1 msec
;; SERVER: 1.2.3.5#53(1.2.3.5)
;; WHEN: Tue Jul 19 14:23:36 2011
;; MSG SIZE rcvd: 215
root@server1:~#
More details about how to create DNS zones/records can be found in chapters 4.8 and 5.12 of the ISPConfig 3 Manual.
8 Setting server1.example.com And server2.example.com As The Authoritative Name Servers For mydomain.com
Now that everything is working as expected, we want server1.example.com and server2.example.com to be the "official" (=authoritative) name servers for mydomain.com. When you register a domain at your domain registrar, it automatically uses DNS servers of your domain registrar (unless you specify your own name servers) which means if other hosts try to resolve your domain, the DNS servers of your domain registrar will be queried instead of your ISPConfig DNS servers.
To change that, go to your domain registrar's control panel, select your domain, and set your ISPConfig DNS servers as the authoritative name servers for the domain (this is a screenshot from the ResellerClub control panel; other domain registrars have similar control panels):
Please note that you should do this only after you have created the appropriate DNS records on your ISPConfig servers because some registries will complain if they do not find records for the domain on the new authoritative name servers.
If you register a new domain and want to use your ISPConfig servers as the authoritative DNS servers for the domain, you should first create the zone for the domain on the ISPConfig servers and then, while you register the domain, specify the ISPConfig servers as the authoritative name servers. That way your new domain uses the ISPConfig servers from the start on.
9 Links
- ISPConfig 3 Manual: http://www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
- Installing A Multiserver Setup With Dedicated Web, Email, DNS And MySQL Database Servers On Debian 5.0 With ISPConfig 3: https://www.howtoforge.com/installing-a-multiserver-setup-with-dedicated-web-email-dns-and-mysql-database-servers-on-debian-5.0-with-ispconfig-3
- Debian: http://www.debian.org/
