"spare hosts" as personal DNS nameservers for 'mynew.org'

bind at zq3q.org bind at zq3q.org
Tue Jul 11 20:04:32 UTC 2017

Hi Niall:

On Tue 7/11/17 15:24 +0100 "Niall O'Reilly" wrote:
> On 11 Jul 2017, at 14:57, bind at zq3q.org wrote:
> > Assume I register domain 'mynew.org' with registrar namecheap; and as 
> > an exercise,
> > I plan to setup my own two authoritative DNS nameservers for 
> > 'mynew.org'.
> >
> > I have several linux VMs, that are under used, so I want to use them
> > for the nameservers for 'mynew.org'.  **Neither are in 'mynew.org';
> > is that going to work?**
> Unless you misconfigure things, it should just work.

**I think I have one thing wrong, pls confirm:**
Assume my 'spare nameservers'  are these fictious ones:


I did **not** register:

    pup  as a nameserver for mynew.org in asdf.org
    zap  as a nameserver for mynew.org in xen.prgmr.com

One of my real hosts *is below xen.prgmr.com*, like the fake 'zap' above,
so I would have to email
prgmr.com support to get them to add

    mynew.org. IN NS zap.xen.prgmr.com.
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ << Is this valid?

to the xen.prgmr.com zone.

Is this correct?

I tried to get terminology roughly right.  In my fictious example,
I had to pick a registrar (not namecheap) to help me create the 'asdf.org'. Then to
get a NS record for pup.asdf.org to be authoritative for "mynew.org."
in the zone for 'asdf.org', I have to deal with the registrar's web GUI, and
"register" pup.asdf.org as this NS.  If course there is also a SOA, and NS
record in the "mynew.org." zone. Sorry if I'm getting pedantic, but
I would appreciate anyone correcting me so I understand.

> > namecheap support seems to suggest that the personal DNS authorative 
> > nameservers
> > for 'mynew.org', must be in 'mynew.org', as in
> >
> >     ns1.mynew.org
> >     ns2.mynew.org
> Nonsense.


In fairness, different support email lead me in conflicting directions.
They do have a 'custom DNS servers' option, that seems to support name servers
that are "non vanity" / "outside-the-domain-they-are-authoritative-for" nameservers.
That option silently failed for me (see "I think I have one thing wrong" above).
It's frustrating that my registrar does not share any error logs that could pin
point the problem.

>            OTOH, if your registrar is obdurate, you may need to find
> a creative work-around.
> > This is not what I want, since I do not want to spin up 2 new servers.
> You can work around the obduracy without spinning up any new server.
> Simply use the addresses of each of your existing servers in the AAAA
> (you are using IPv6, I hope?) and A records for the new names.

I prefer not to use a work around. I'm willing to go with another
registrar, if someone could suggest one.

In any case, see if I understand you:
So, at the registrar level for mynew.org, I specify the vanity name
servers ns1.mynew.org, and ns2.mynew.org with the IP addresses of
pup and zap.  I also add (sorry IP4) 'A' records for ns1.mynew.org, and
ns2.mynew.org in the mynew.org zone for nameservers pup and zap.

> Of course, this can only work if your servers have public, reachable 
> addresses.

They are public.


THANKS Niall for the help and good words!


More information about the bind-users mailing list