DNS help for a newbie

Discussion in 'Installation/Configuration' started by J.U., Aug 8, 2016.

  1. J.U.

    J.U. New Member

    Can somebody please help me set up my DNS records with my registrar?
    I have a server that is only accessible by IP address. I wish there was a chapter on DNS setup with the "Perfect Server" manuals.
    1. I am not sure if I will be able to add further domains with ISPConfig if I use my registrar's name server. Or do I have to run my own name server (bind)? Do I need a separate IP address for this?
    2. Do I have to configure Bind manually like here or will ISPConfig take care of it when eventually properly installed?
    3. I was trying to follow this example but not successful so far.
      • Do I have to prepare bind beforehand?
      • I am not sure what the writer means be "delegating dns". With my registrar I can either edit dns records OR direct a domain to an external name server. I can't do both things at the same time.
      At the moment my setup is like this.
      Edit: I have corrected ns.eastcentral.eu to ns.eastcentral.eu. (With a dot)
    Last edited: Aug 8, 2016
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You can use your registrar's nameservers with domains hosted on an ispconfig server, there's no problem with that. You simply wouldn't need to install bind, and don't need to add any zones under the DNS tab; you'd of course need to use your registrar's interface for adding your DNS zones/records.

    While you can do some manual configuration (eg. hardening/securing the bind server config), everything listed in that particular page is handled by ISPConfig. If you're going to run a bind server, start with a default bind config provided by your OS, let ISPConfig setup it's own configuration, and see what that gets you. You might make sure (eg. test via a web-service) that it's not an open resolver, at a minimum; further configuration/hardening could be done if/when you have a little time to read up / learn more and implement it, but isn't generally required.

    If you're going to run a nameserver with ispconfig, you need to have bind installed and the isconfig installation/update procedure will setup the named config to let it add zoned.

    Delegating DNS would be setting a domain to use your external servers. Either you add DNS records at your registrar and list their nameservers for your domain, or you use your own nameservers and add DNS records to them (ie. via DNS tab in ispconfig).

    Your MX records need a destination name of whatever your ispconfig mail server hostname is (or even mail.eastcentral.eu.), they are invalid without that (I'm surprised the registrar lets you save them incomplete like that).
  3. J.U.

    J.U. New Member

    Still at the same place. Don't know what I can do to move on.
    My registrars tell me they can put glue records but don't recommend running a name server on a VPS with 1 IP address and indeed iana standards state:
    So I'm reverting to using theirs.
    • Do I have to uninstall bind then?
    • What can I do to finally obtain lets encrypt certs? They sound like unreachable magic to me now. Whatever I do is wrong.
    My domains now look look like this (at the registrar's):
    * A
    eastcentral.eu. A
    ftp A
    localhost A
    mail A
    poczta A
    s1 A
    webmail A
    www A
    eastcentral.eu. NS ns1.futurehost.pl.
    eastcentral.eu. NS ns2.futurehost.pl.
    eastcentral.eu. MX 10
    mail MX 10
    It's in the DirectAdmin parlance, so mail=mail.eastcentral.eu. The MX records actually look good in viewdns.info Other than it tells me that I have duplicate MX A records:
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Normally you do need two nameservers. I think I've seen registrars which allowed only one, but thought it odd and your quote confirms it shouldn't be done.
    You can leave it installed if you use it, eg. for a local resolving server (handy for mail servers to have their own local resolver to avoid DNS query limits for rbl's from shared resolvers). Or uninstall it if you don't need it; though it probably uses very little memory if it's unconfigured and unused, it's a good practice to disable (or uninstall) any services you're not using.
    That has very little to do with running a DNS server. For letsencrypt certificate requests to work, you need to make sure all the subdomain names you've added have DNS records pointing to your server. If you're using your registrar's dns servers, then you need to add those there.
    I'm not familiar with DirectAdmin syntax, and what you posted is a little confusing to me, so in checking live DNS records for your domain:
    # host -t mx eastcentral.eu
    eastcentral.eu mail is handled by 10 eastcentral.eu.
    eastcentral.eu mail is handled by 10 mail.eastcentral.eu.
    You have 2 MX records, and each resolves to the same address:
    # host -t a eastcentral.eu.
    eastcentral.eu has address
    # host -t a mail.eastcentral.eu.
    mail.eastcentral.eu has address

Share This Page