bind on vps

Sun Feb 13 21:12:34 UTC 2011

On 02/13/11 17:16, Walter Alejandro Iglesias wrote:
> On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote:
> 
>> On 02/13/11 12:52, Walter Alejandro Iglesias wrote:
>>> It will be a web hosting sever.  I wrote my own web client
>>> panel and my own bash scripts to automate the upload of new
>>> client's virtual domains.  That's why I want to run my own dns
>>> server; I want to be able to update the registers in my own
>>> machine.
>>
>> you do know that you should have two SERVERS for your dns?
>> Giving two different IPs for your box will work. but is a very bad idea.
>> Even if everything else is on that machine, for some uses (eg. mail)
>> having no DNS data is worse than having a failed server.
> 
> I read in forums about people that could run their own DNS
> server at the same server they had their sites, that's why I
> tried.  But I know (and I understand why) that the good
> practice is to have two external DNS servers in different
> locations.  

It's not only good practice, it's a requirement per RFC103[45]. You'll
go by with two IPs for one machine, and if it's only HTTP there won't be
enough difference if this machine fails. However you could also consider
looking for some other DNS services. Some ISPs provide secondary for
free, there might also be a free DNS service somewhere. Or you could
find someone in similar situation as you and be secondary for each other.

> 
>>> Reverse zone
>>> ------------------------------------------------------------------------
>>> ; 11.22.33
>>> $TTL	86400
>>> @	IN	SOA	ns1.mydomain.com.	root.mydomain.com. (
>>> 				2011011901	; Serial
>>> 				8H		; Refresh
>>> 				2H		; Retry
>>> 				4W		; Expire
>>> 				1D)		; Minimum TTL
>>> @	IN	NS	ns1.mydomain.com.
>>> @	IN	NS	ns2.mydomain.com.
>>> 44	IN	PTR	mydomain.com.
>>> 44	IN	PTR	www.mydomain.com.
>>> 45	IN	PTR	virtualdomain.com.
>>> 45	IN	PTR	www.virtualdomain.com.
>>> 44	IN	PTR	ns1.mydomain.com.
>>> 45	IN	PTR	ns2.mydomain.com.
>>
>>
>> First, as stated before, I doubt if anyone will ask your server for that
>> info.
> 
> Stop here, this is my obscure point: how do you get that your
> dns be asked?  What do you need?  What must I ask to my isp
> (my vps provider in this case) for?  What do you mean by "to be
> designated nameserver for the IPs"?

Generally (not only for reverse DNS) you need one thing: delegation.
That is, the parent zone (this being .com for mydomain.com and
22.11.in-addr.arpa here) needs to answer 'I don't know about
mydomain.com, ask ns.mydomain.com'. And that's the part your server has
nothing to say yet, as it happens before query reaches your server.
Usually (that being the three places I know personally ;) the place
where you register your domain has some kind of web panel where you can
either setup the zone (if you use their nameservers) and/or enter the
nameservers you want to handle queries. And that's the part you want to do.

Now, specific about this part: first, disclaimer: I've never
administrated any reverse zones.
But still, probably your ISP/VPS provider would be the place to ask. Try
doing dig -x 11.22.33.44, and if it returns anything, then you have
reverse set up. Maybe some web panel from your ISP allows you to change
that to anything else, and maybe you even need it. But if you are doing
only HTTP and DNS than anything would be fine, as long as it resolves to
anything, and resolves back to you (so if you do dig -x 11.22.33.44 and
then dig what-you-got-from-previous you end with 11.22.33.44).
IMHO you don't need to handle any in-addr.arpa zone at all, your ISP
does it for you. You could change what it resolves to, via a web
interface and/or email directly to them,but chances are you don't need it.

>> Second - what is the name of 11.22.33.44? Is it mydomain.com?
>> www.mydomain.com? ns1.mydomain.com? AFAIK there can be only one PTR record.
>>
> 
> Yes, I release of my mistake.  Just one domain for ip.
> 
>>> In case my configuration is OK,
>>> what must I ask to my vps provider?
>>
>> Probably nothing. If you can dig/nslookup on your host from external
>> hosts, then it looks they don't need to do anything.
>>
> 
> This is exactly what a cannot do: to dig/nslookup from
> external hosts.

Not exactly. You've stated that you CAN ask your server from external
hosts, but only if you specify to ask it. What you want to achieve is
having valid resolution without asking your specific server. And that's
the delegation step.

> Well, my goal (tell me if it is a fantasy:)) is to be able to
> update automatically my registers.  I ignore the features and
> flexibility of bind, perhaps I should change the strategy.
> Could you give me some clue?  Can I use bind just as slave of
> the external name server (being it godaddy's dns or my vps
> provider's one)?

Being a slave server won't do you any good, slave (as the name suggests)
has nothing to say about contents of the zone.
The main problem here is that you want to update delegations, which
don't depend on your server. I don't think a fully automated setup is
possible, at least if your registry doesn't provide some non-webpage
interface to alter delegations. There would be at least one
non-automated step: buying the domain and telling (it should be possible
in the process) that it should be handled by your servers.
It's a once per zone operation, but has to be done.
Rest (adding zone for your bind, changing the IP it resolves to) could
be automated.

Torinthiel