I forgot how to do my own DNS since last time I had a server. Here's what I did:

- Register 2 IP's as nameservers
- Create virtual sites called ns1 and ns2.domain.com
- A records pointing ns1 and ns2.domain.com to my main IP

Is that right?

This link might help:
http://teamcobalt.interliant.com/pg_faq_setupdns.shtml

Originally posted by syanet
I forgot how to do my own DNS since last time I had a server. Here's what I did:

- Register 2 IP's as nameservers
- Create virtual sites called ns1 and ns2.domain.com
- A records pointing ns1 and ns2.domain.com to my main IP

Is that right?

Almost,

Make two virtual sites, both with unique IP's

In your DNS management make two A records, both with the proper unique ip and host used in the virtual site (xx.xx.xx.xx , dns1)

Register the sites as hosts with your registrar

Regards,

Mike

Yeah, verisign (nsiregistry.com) only allow one registered nameserver per IP, so you can't point them both at the same IP (what would be the point anyway? see below).

It's also not just about putting the appropriate NS and A records in your zonefile. If you're running your nameservers as a subdomain of mydomain.com, before anyone even thinks about querying your nameserver for the information, they have to be told what your nameserver's IP addresses are. This has to be via a glue record returned as a result of the client's request to the gtld-servers.net. Therefore, it is imperative that nsiregistry sees the correct nameserver names and the correct IPs.

Why are people bothering to run two nameservers on the same machine anyway? It adds almost no redundancy (or any other) benefits.

If you truly want to have the redundancy benefits of having a secondary dns (I don't know why most web hosters would actually need this, unless they have mirrored content elsewhere, in which case they can run the slave nameserver in the same location), you should consider asking someone else to secondary for you. Maybe you could even swap. Check out http://www.ns2exchange.com. While you're at that, you can swap backup mail exchangers too.

There may not be much need to do all this - having domains that resolve is of questionable use when you're merely doing web hosting on a single machine. But if you're offering third party dns services, dynamic dns services, etc. then it becomes very important...

Think I got it now.

-2 IP's registered as nameservers.
-Each of these made into a virtual site with their unique IP address.
-Each has an A record pointing ns1 and ns2.domain.com to it's own unique IP address.

Right?

Yeah, ignore everything I said, why don't you? :)

Anyway yes, that will work. But parts of it are not needed.

Each com/net/org nameserver must have its own IP, but nameservers do not need any associated virtual websites. ie, you don't need to make http://ns1.yourdomain.com produce anything meaningful.

hmmm...Something is wrong here. It's been 3 days since I registered the nameservers and pointed the domain there, but nothing :(. I've pretty much narrowed it down to the server for three reasons.

1. I don't trust myself :).
2. I verified the nameservers were registered correctly and my domain is pointing to it.
3. Here's what I have in DNS parameters (Yes, it's enabled as well):

domain.cc -> 216.40.xxx.41
ns1.domain.cc -> 216.40.xxx.195
ns2.domain.cc -> 216.40.xxx.196
www.domain.cc -> 216.40.xxx.41
domain.cc -> mail.domain.cc

[Edited by syanet on 04-03-2001 at 07:59 AM]

It was rather irritating figuring out what the problem was, since there really is no problem according to what you posted. You didn't say what your domain is, so I had to dig to find out :( This wastes time for me, and slows down problem resolution for you too.

Since you decided not to publish your domain, I won't do so below either, but it's really not difficult for someone determined to find out <shrug>


> whois XXXXhost.cc@whois.nic.cc
[whois.nic.cc]

Registrant Information:

Domain Name: XXXXHOST.cc
Creation Date: 010327

Nameservers:
NS1.XXXXHOST.CC
NS1.XXXXHOST.CC


This information is (c) 1997, 1998, 1999, 2000, 2001 eNIC Corp.


Here's something clearly dodgy, thought it shouldn't really stop resolution of your domain. why do you have two nameservers, both ns1.XXXXhost.com? (also to the point, why does the CC nic allow it?)


> host -t ns cc. a.root-servers.net.
Using domain server:
Name: a.root-servers.net
Address: 198.41.0.4
Aliases:

cc name server NS1.GLOBALDNS.COM
cc name server NS1.SEATTLE.US.NETDNS.COM
cc name server NS1.NEWYORK.US.NETDNS.COM
cc name server NS1.SANFRANCISCO.US.NETDNS.COM
cc name server NS1.LONDON.UK.NETDNS.COM
cc name server NS1.TOKYO.JP.NETDNS.COM


I choose the closest authoritative nameserver to me for futher queries.


host -t ns XXXXhost.cc. ns1.london.uk.netdns.com.
Using domain server:
Name: ns1.london.uk.netdns.com
Address: 212.62.6.38
Aliases:

XXXXhost.cc name server ns1.XXXXhost.cc


No glue record returned for ns1.XXXXhost.cc - how am I even supposed to query it for http://www.XXXXhost.cc, etc?

When I spoke about nsiregistry previously I meant in the case of com/net/org TLDs, as most of us use. Apparently the CC nic doesn't use the same system as verisign does, so you'll probably have to make sure that the IP addresses of your name servers are submitted to your CC nic...

Then again, I don't really know how the CC nic operates. Every .cc domain I've looked so far (precious few) have had nameservers outside of .cc - perhaps you should just use nameservers registered under other domains then. eg. ns.someotherdomainyouown.com


> ls paidhost.cc
[[216.40.XXX.195]]
$ORIGIN XXXXhost.cc.
@ 1D IN A 216.40.XXX.41
ns2 1D IN A 216.40.XXX.196
www 1D IN A 216.40.XXX.41
ns1 1D IN A 216.40.XXX.195


This seems to be mostly as you described in your post, except that you don't have the CNAME for @ -> mail; you should also consider adding an MX record eventually.

P.S. Took a look at your website. Some comments:

1) Your trouble ticketing system http://www.XXXXhost.cc/trouble.htm
has a field to submit the user's password, and the contents of the form are submitted without SSL. Is the user's password really necessary? If so, some form of encryption may protect the user better...

2) Similarly with signing up - credit card details over the internet in plain http.

3) Please select regarding sales support, general questions and account information all lead to the same e-mail address @ rr.com :) You could at least make aliases for sales@, info@ and accounts@XXXXhost.cc or something

Realise your business isn't up and running yet, but you might want to look into those.

I'll go back and fix thse things once I get the domain up. Still have to get the e-mail on the RaQ working and such. I also fixed the NS2 error, damn copy and paste. If you go to http://www.nsiregistry.com and do a whois on ns1 and ns2.domain.com, they come back valid, so it looks like they were registered correctly. Could just not having a secondary nameserver cause this problem, or is it still somehting else?

Still have made no progress so I was looking over enic's site and came across this:

DNS Servers need not be NSI or eNIC registered hosts.

I registered mine with a registar (www.itsyourdomain.com) that hosts sme of my other domains, so that shouldn't be a problem. We've verified my DNS setup on the RaQ is correct, so that's okay too.

What else could possibly cause this? I'm now approaching 4 days since the last time I updated the nameserver location:(.

I told you - the glue record for ns1 and ns2.XXXXhost.cc is not available. There MUST be some way for you to tell itsdomain or enic that ns1.XXXXhost.cc is at 216.40.XXX.195, and likewise for ns2.

Those records MUST be given to enic, and MUST be returned by the .cc nameservers, or users will never be able to find out what the IPs of the nameservers are.

Still having major problems. I decided to convert the .cc to a .net since it's easier to add and delete nameservers through opensrs. I registered the new nameservers on Friday and pointed my domain there, but it's still not resolving. I don't know what the problem is theis time. NSIregistry shows the nameservers registered correctly, just as before.

> date
Mon Apr 9 13:05:49 BST 2001

> whois XXXXhost.cc@whois.nic.cc
[whois.nic.cc]

Registrant Information:

Domain Name: XXXXHOST.cc
Creation Date: 010327

Nameservers:
NS1.NIC.CC
NS2.NIC.CC

Originally posted by syanet
I decided to convert the .cc to a .net since it's easier to add and delete nameservers through opensrs.

I'm no longer using the .cc name.

You appear to have assigned your nameservers to the wrong IPs (either make your nameserver listen on .221 and .222 or make ns1 and ns2 point at the correct IPs).

I suspect you made a typo on the 221/222 - should be 121/122.

> whois XXXXhost.net@whois.opensrs.net
[snip]
Domain servers in listed order:
NS1.XXXXHOST.NET 216.40.XXX.221
NS2.XXXXHOST.NET 216.40.XXX.222

> host -t ns XXXXhost.net
Host not found, try again.

> host http://www.XXXhost.net 216.40.XXX.195
Using domain server 216.40.XXX.195:
Host not found. try again.

> host http://www.XXXhost.net 216.40.XXX.196
Using domain server 216.40.XXX.196:
Host not found. try again.

> host http://www.XXXhost.net 216.40.XXX.221
Using domain server 216.40.XXX.221:
Host not found. try again.

> host http://www.XXXhost.net 216.40.XXX.222
Using domain server 216.40.XXX.222:
Host not found. try again.

host http://www.XXXXhost.net 216.40.XXX.41
Using domain server 216.40.XXX.41:
http://www.XXXXhost.net has address 216.40.XXX.41

Here's the direct quote from an e-mail I received:

"I assigned you 2 additional IP's: 216.40.196.221 - 222"

So I have the right IP's assigned to ns1 and ns2.domain.com.

"make your nameserver listen on .221 and .222"

What exactly do you mean by that? Aren't they already pointed there?

I got it! I turns out I used 121 for my A records rather than 221. I can't beleive it took another person half way around the world to point out a mistake that simple. Thanks for the help.

:) It's always those little things you don't really think twice about that end up getting ya :D