How To Run Your Own DNS Servers (Primary And Secondary) With ISPConfig 3 (Debian Squeeze) - Page 3

6 Testing

Now let's test if the zone and its records have been created on both server1.example.com and server2.example.com, and if they are served correctly. We can use the dig tool for it. You can run the following commands on any server (server1.example.com, server2.example.com, or any other server):

dig @server1.example.com any mydomain.com

This command asks server1.example.com to serve all records that it has for mydomain.com:

[email protected]:~# dig @server1.example.com any mydomain.com

; <<>> DiG 9.7.3 <<>> @server1.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45584
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mydomain.com.                  IN      ANY

;; ANSWER SECTION:
mydomain.com.           86400   IN      A       78.46.230.214
mydomain.com.           86400   IN      MX      10 mail.mydomain.com.
mydomain.com.           86400   IN      NS      server1.example.com.
mydomain.com.           86400   IN      NS      server2.example.com.
mydomain.com.           86400   IN      SOA     server1.example.com. zonemaster.example.com. 2011071901 28800 7200 604800 86400

;; ADDITIONAL SECTION:
mail.mydomain.com.      86400   IN      A       78.46.230.214

;; Query time: 0 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Tue Jul 19 14:09:38 2011
;; MSG SIZE  rcvd: 182

[email protected]:~#

If we check server2.example.com, it should return the same records:

dig @server2.example.com any mydomain.com

[email protected]:~# dig @server2.example.com any mydomain.com

; <<>> DiG 9.7.3 <<>> @server2.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5183
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mydomain.com.                  IN      ANY

;; ANSWER SECTION:
mydomain.com.           86400   IN      A       78.46.230.214
mydomain.com.           86400   IN      MX      10 mail.mydomain.com.
mydomain.com.           86400   IN      NS      server2.example.com.
mydomain.com.           86400   IN      NS      server1.example.com.
mydomain.com.           86400   IN      SOA     server1.example.com. zonemaster.example.com. 2011071901 28800 7200 604800 86400

;; ADDITIONAL SECTION:
mail.mydomain.com.      86400   IN      A       78.46.230.214

;; Query time: 0 msec
;; SERVER: 1.2.3.5#53(1.2.3.5)
;; WHEN: Tue Jul 19 14:10:07 2011
;; MSG SIZE  rcvd: 182

[email protected]:~#

You can do the same for www.mydomain.com and mail.mydomain.com and any other hostname you have created, e.g.:

dig @server1.example.com any www.mydomain.com
dig @server2.example.com any www.mydomain.com
dig @server1.example.com any mail.mydomain.com
dig @server2.example.com any mail.mydomain.com

This means our primary/secondary DNS setup is working as expected!

 

7 Creating Further Records

Let's create an SPF record for demonstration purposes. An SPF record is a TXT record, so we click on the TXT button on the Records tab of the mydomain.com zone.

The form contains the following fields:

  • Hostname: The name that this record describes. This field can contain an FQDN or just a hostname. If you specify an FQDN, the name must end with a dot; if you specify just a hostname, it must not end with a dot. Fill in mydomain.com. here (if you forget the dot at the end, the hostname would translate to mydomain.com.mydomain.com.).
  • Text: You can use the SPF wizard at http://old.openspf.org/ to find out what to fill in here (e.g. v=spf1 a mx ptr -all).
  • TTL: The time interval (in seconds) that this record may be cached before the source of the information should again be consulted. Zero values are interpreted to mean that the record can only be used for the transaction in progress, and should not be cached.
  • Active: This defines whether this TXT record is active or not.

Wait a few minutes, and then test if the record has been created on both server1.example.com and server2.example.com:

dig @server1.example.com any mydomain.com

[email protected]:~# dig @server1.example.com any mydomain.com

; <<>> DiG 9.7.3 <<>> @server1.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23141
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mydomain.com.                  IN      ANY

;; ANSWER SECTION:
mydomain.com.           86400   IN      A       78.46.230.214
mydomain.com.           86400   IN      MX      10 mail.mydomain.com.
mydomain.com.           86400   IN      NS      server2.example.com.
mydomain.com.           86400   IN      NS      server1.example.com.
mydomain.com.           86400   IN      TXT     "v=spf1 a mx ptr -all"
mydomain.com.           86400   IN      SOA     server1.example.com. zonemaster.example.com. 2011071903 28800 7200 604800 86400

;; ADDITIONAL SECTION:
mail.mydomain.com.      86400   IN      A       78.46.230.214

;; Query time: 0 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Tue Jul 19 14:23:19 2011
;; MSG SIZE  rcvd: 215

[email protected]:~#

dig @server2.example.com any mydomain.com

[email protected]:~# dig @server2.example.com any mydomain.com

; <<>> DiG 9.7.3 <<>> @server2.example.com any mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13876
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mydomain.com.                  IN      ANY

;; ANSWER SECTION:
mydomain.com.           86400   IN      A       78.46.230.214
mydomain.com.           86400   IN      MX      10 mail.mydomain.com.
mydomain.com.           86400   IN      NS      server1.example.com.
mydomain.com.           86400   IN      NS      server2.example.com.
mydomain.com.           86400   IN      TXT     "v=spf1 a mx ptr -all"
mydomain.com.           86400   IN      SOA     server1.example.com. zonemaster.example.com. 2011071903 28800 7200 604800 86400

;; ADDITIONAL SECTION:
mail.mydomain.com.      86400   IN      A       78.46.230.214

;; Query time: 1 msec
;; SERVER: 1.2.3.5#53(1.2.3.5)
;; WHEN: Tue Jul 19 14:23:36 2011
;; MSG SIZE  rcvd: 215

[email protected]:~#

More details about how to create DNS zones/records can be found in chapters 4.8 and 5.12 of the ISPConfig 3 Manual.

 

8 Setting server1.example.com And server2.example.com As The Authoritative Name Servers For mydomain.com

Now that everything is working as expected, we want server1.example.com and server2.example.com to be the "official" (=authoritative) name servers for mydomain.com. When you register a domain at your domain registrar, it automatically uses DNS servers of your domain registrar (unless you specify your own name servers) which means if other hosts try to resolve your domain, the DNS servers of your domain registrar will be queried instead of your ISPConfig DNS servers.

To change that, go to your domain registrar's control panel, select your domain, and set your ISPConfig DNS servers as the authoritative name servers for the domain (this is a screenshot from the ResellerClub control panel; other domain registrars have similar control panels):

Please note that you should do this only after you have created the appropriate DNS records on your ISPConfig servers because some registries will complain if they do not find records for the domain on the new authoritative name servers.

If you register a new domain and want to use your ISPConfig servers as the authoritative DNS servers for the domain, you should first create the zone for the domain on the ISPConfig servers and then, while you register the domain, specify the ISPConfig servers as the authoritative name servers. That way your new domain uses the ISPConfig servers from the start on.

 

9 Links

Share this page:

Suggested articles

5 Comment(s)

Add comment

Comments

By: mrbronz
Reply  

Just a few notes

When server1 is completed you will need to go to >DNS-Wizard >>Templates, located in the Left-hand side menu, then add in the [ZONE] section "dnssec_wanted = n" or the wizard will fail

I'm running my secondary DNS on a raspberry pi

While installing DNS with this Howto I found these problems:-

mysql-client and mysql-server are not available in some of the repositories

so you will need to use:

apt-get -y install mariadb-client mariadb-server

then run

mysql_secure_installation

Follow the onscreen prompts (Common sense prevails)

You will also have problems with 

apt-get -y install php5-cli php5-mysql php5-mcrypt mcrypt

so run:

apt-get -y install php-cli php-mysql php-mcrypt mcrypt

You will also need

apt-get install -y php7.3-curl php-mbstring php-intl php-zip

 

When installing ispconfig, I could not get it to communicate with the database of server1 using server1.mydomain.com 

so I used the internal IP address I had assigned to it "192.168.0.100"

Also, there were some other steps required during the install of ispconfig 3, not listed in this howto, I decided to use the defaults when they were presented.

On completing this howto, and despite following as close as I could to the instructions, when I used the "dig" command for the second server (server2.mydomain.com) I got an error:-

 Connection to 111.111.111.111#53(111.111.111.111) for mydomine.com failed: connection refused.

111.111.111.111 would be my external IP address.

I don't know what, why or were it's being refused

Any help with any of this would be greatly appreciated 

By: mrbronz
Reply  

OK sorted out one or two things

Seems my ISP was having problems with altering the nameservers.

So now when I do a dig as recommended, I am getting the same reply for both my NS servers @server1 and @server2

However, it's not what I'm expecting if your responses are anything to go by

I get this on the record for server1 and almost the same for server2

"; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> @server1.mydomain.com ANY mydomain

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13519

;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

; COOKIE: c1f8f421c5******////**5fdb9ce8fec05ab732e46ad4 (good)

;; QUESTION SECTION:

;mydomain.com.                 IN      ANY

 

;; ANSWER SECTION:

mydomain.com.          300     IN      A       123.123.123.123   <<<my correct external IP

mydomain.com.          300     IN      MX      10 mydomain.com.

mydomain.com.          300     IN      SOA     ns1.my-isp.com. postmaster.my-isp.com. 2020121716 86400 300 3600000 300

mydomain.com.          300     IN      NS      ns3.my-isp.com.

mydomain.com.          300     IN      NS      ns1.my-isp.com.

mydomain.com.          300     IN      NS      ns2.my-isp.com.

 

;; ADDITIONAL SECTION:

ns1.my-isp.com. 82530   IN      A       321.321.321.321

ns3.my-isp.com. 82530   IN      A       456.456.456.456

 

;; Query time: 249 msec

;; SERVER: 192.168.1.70#53(192.168.1.70)

;; WHEN: Thu Dec 17 18:01:12 GMT 2020

;; MSG SIZE  rcvd: 253"

 

could you please advise if this is correct

By: mrbronz
Reply  

anything any one????

By: mrbronz
Reply  

OK sorted out one or two things

Seems my ISP was having problems with altering the nameservers.

So now when I do a dig as recommended, I am getting the same reply for both my NS servers @server1 and @server2

However, it's not what I'm expecting if your responses are anything to go by

I get this on the record for server1 and almost the same for server2

"; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> @server1.mydomain.com ANY mydomain

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13519

;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

; COOKIE: c1f8f421c5******////**5fdb9ce8fec05ab732e46ad4 (good)

;; QUESTION SECTION:

;mydomain.com.                 IN      ANY

 

;; ANSWER SECTION:

mydomain.com.          300     IN      A       123.123.123.123   <<<my correct external IP

mydomain.com.          300     IN      MX      10 mydomain.com.

mydomain.com.          300     IN      SOA     ns1.my-isp.com. postmaster.my-isp.com. 2020121716 86400 300 3600000 300

mydomain.com.          300     IN      NS      ns3.my-isp.com.

mydomain.com.          300     IN      NS      ns1.my-isp.com.

mydomain.com.          300     IN      NS      ns2.my-isp.com.

 

;; ADDITIONAL SECTION:

ns1.my-isp.com. 82530   IN      A       321.321.321.321

ns3.my-isp.com. 82530   IN      A       456.456.456.456

 

;; Query time: 249 msec

;; SERVER: 192.168.1.70#53(192.168.1.70)

;; WHEN: Thu Dec 17 18:01:12 GMT 2020

;; MSG SIZE  rcvd: 253"

 

could you please advise if this is correct

By: till
Reply  

@mrbronz: Please use the ISPConfig support forum here at howtoforge to post your support requests and not the comment section of the tutorial.