So I'm trying to use backup DNS, as I only have 1 IP distributed to a clustered system, which is probably not optimal... but I'm working with limited resources. I have added the AXFR (Allow Zone Transfers) in the Main DNS Zone page for my primary site, and have added an NS record pointing gethosting.today to ns2.afraid.o r g should this be the miyagi.gethosting.today (name of primary in cluster) to ns2.afraid.o r g? I also have added an A record pointing ns2.afraid.o r g to 174.37.196.55 (afraid. o r g s ip). Now the part I don't understand is this I also don't know if I should put anything in Update ACL either on ISP config backend. On Their ACL I added my IP I'd love to confer with someone about this. Am I missing some steps. Also, What would be the dig command to properly check these changes? I am only getting a non-authoritative answer from my name server using nslookup. So This is what led me to believe something is amiss in my setup.
Tutorial on DNS setup: https://www.howtoforge.com/tutorial/setting-up-your-own-name-service-with-ispconfig/ Slaves know from the serial number if master has newer zone info. Master uses push to the slaves it knows about, so those slaves start zone transfer immediately.
Yes... but how do I test that it is working as expected. The backup DNS that is. Code: root@miyagi:~# dig @192.168.0.26 gethosting.today ; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> @192.168.0.26 gethosting.today ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63921 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: babd04a31169cbfadbf5579d5ba3f5b7d61bfe0c6d675e84 (good) ;; QUESTION SECTION: ;gethosting.today. IN A ;; ANSWER SECTION: gethosting.today. 3600 IN A 174.105.101.49 ;; AUTHORITY SECTION: gethosting.today. 3600 IN NS daniel-san.gethosting.today. gethosting.today. 3600 IN NS ns2.afraid.org. gethosting.today. 3600 IN NS miyagi.gethosting.today. ;; ADDITIONAL SECTION: miyagi.gethosting.today. 3600 IN A 174.105.101.49 daniel-san.gethosting.today. 3600 IN A 174.105.101.49 ;; Query time: 0 msec ;; SERVER: 192.168.0.26#53(192.168.0.26) ;; WHEN: Thu Sep 20 15:32:07 EDT 2018 ;; MSG SIZE rcvd: 195 Code: root@miyagi:~# nslookup gethosting.today Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: gethosting.today Address: 174.105.101.49 root@miyagi:~# nslookup gethosting.today ns2.afraid.org Server: ns2.afraid.org Address: 2607:f0d0:3001:92::2#53 Name: gethosting.today Address: 174.105.101.49 Is this sufficient? Should I remove Daniel-san.gethosting.today from the nameserver rotation? Can I consider backup DNS working as expected? That link didn't really seem relevant except for my local name server, and some configuration checks. Default name server seems to work, my concern is the backup DNS.
I think it is redundant and should be removed as one dns (miyagi) from that ip should suffice. For the dns backup server, you should check afraid.org manual for it to confirm (or community forum) but it seems to be fine to me when I checked at https://intodns.com/gethosting.today.
Half of the tutorial is about testing the name server. If you have two name servers, you must have two NS records (not three). The name servers you registered when getting the domain name and NS records on master and slave name servers must match.
Yeah I wasn't sure how to properly check that the backup dns from freedns was actually doing anything. I guess I could always simulate name server failure by bringing down bind or some other method? @Taleman I'm going to remove daniel-san in that case.
Test a particular name server with host command giving the name server IP-address (or use nslookup in same way). the IP number in host command after FQDN is the name servers address where the query is sent. This way we are sure we are testing the name server we just set up. Code: host web.xyzzy.tld 192.168.250.73
