Difference between revisions of "DNS"

From Server Knowledge Base
Jump to navigationJump to search
 
Line 187: Line 187:


A lot of .gov.uk are managed by https://www.ja.net
A lot of .gov.uk are managed by https://www.ja.net
To do a WHOIS lookup on .gov or .gov.uk domains, go to http://cqcounter.com


== Installing PowerDNS ==
== Installing PowerDNS ==

Latest revision as of 12:17, 2 May 2013

301 Redirect

http://www.123-reg.co.uk/support/answers/Domains/Web-Forwarding/how-do-i-add-301-permanent-web-forwarding-2520/
http://www.123-reg.co.uk/support/answers/what-is-the-difference-between-301-and-302-web-forwarding-2511/

Alternatively, place the following in your index page:

<?php
Header( "HTTP/1.1 301 Moved Permanently" ); 
Header( "Location: http://serverIP" ); 
?>

Add a DNS Record in Plesk 9 and 10

Plesk 9: http://www.webfusion.co.uk/support/answers/how-do-i-add-a-dns-record-to-my-vps-server-%E2%80%93-vps-2-0-plesk-9-2298/
Plesk 10: http://www.webfusion.co.uk/support/answers/how-do-i-add-a-dns-record-to-my-vps-server-%E2%80%93-vps-3-0-plesk-10-2382/

Best practice when moving sites

BIND

Key file error in Ubuntu

WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)

Cause and Fix

To resolve on a WHM/cPanel server do:

mv /etc/rndc.conf /etc/backuprndc.conf
cp /etc/named.conf /etc/backupnamed.conf
vim /etc/named.conf

Lines 1-5:

include "/etc/rndc.key";

controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1 localhost; } keys { "rndc-key"; };
};

Then just do any rndc commands and it should not say the error any more.

Enable Query Logging

This can be used to check when nameservers on your server are queries for results, do:

rndc querylog

And then do:

tail -f /var/log/messages

You should then see entries such as this when the website is visited with a clear cache:

Sep 20 16:15:24 ftpuser named[2726]: client 81.21.76.12#49649: view external: query: domain.co.uk IN A + (37.122.208.32)
Sep 20 16:16:20 ftpuser named[2726]: client 66.90.68.15#61686: view external: query: domain.co.uk IN A -ED (37.122.208.32)
Sep 20 16:16:20 ftpuser named[2726]: client 66.90.68.15#58646: view external: query: domain.co.uk IN AAAA -ED (37.122.208.32)
Sep 20 16:16:39 ftpuser named[2726]: client 93.113.174.225#34122: view external: query: domain.co.uk IN NS + (37.122.208.32)
Sep 20 16:16:39 ftpuser named[2726]: client 93.113.174.225#38358: view external: query: domain.co.uk IN MX + (37.122.208.32)
Sep 20 16:16:39 ftpuser named[2726]: client 93.113.174.225#44659: view external: query: adobe.com IN A + (37.122.208.32)
Sep 20 16:16:39 ftpuser named[2726]: client 93.113.174.225#44659: view external: query (cache) 'adobe.com/A/IN' denied

To disable it do this again:

rndc querylog

DJBDNS Data file location

/usr/local/djbdns/var/data

cd /usr/local/djbdns/var

cat data.XXXXX | grep domain.co.uk

+ - A
Z – SOA
& - NS
‘ – TXT (used for SPF)
@ - MX

Domain Alias

If a domain's DNS is correct and they are pointing it to a different domain, but the website content is different on the right URL, this means you will need to add a domain alias. Go to:

Hosting Services > Domains > Control Panel for the domain (should only be on entry so web forwarding works) Website and Domains tab > Show Advanced Operations Domain Aliases > Add Domain Alias > Enter the alternate domain name

This needs to be done through Plesk otherwise domain.com will not go to domainexample.com, vice versa or example.com to www.example.com

/etc/apache2/mods-enabled/dir.conf shows the default priority in which the index page is picked up and this should be set in the htaccess file as well.

DNS Settings and Records

  • NS - specifies which are the DNS servers (NS = NameServers) for your domain. A nameserver is a program that maintains a list of your domain names and their corresponding IP addresses, allowing visitors to find the domains hosted on your server. They hold DNS records.
  • A - Address. specifies IP addresses corresponding to your domain and its subdomains.
  • MX - Mail Exchange. Specifies where the emails for your domain should be delivered.
  • CNAME - Canonical Name. Specifies redirects from your domain's subdomains to other domains / subdomains.
  • SPF - Sender Policy Framework (SPF) is an attempt to control forged e-mail. Uses the TXT record format.
  • PTR - Pointer record. Pointer to a canonical name. Unlike a CNAME, DNS processing does NOT proceed, just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD. Many mailservers, accordingly to RFC1912 2.1, will not accept mail from mailservers with no PTR (reverse DNS) entry.

- When someone looks up your IP, they are able to resolve it to hostname. Similar to when someone looks up your domain and the A record returns the IP

  • SOA - Start Of [a zone of] Authority record. Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.

Tools and Checks

Everything SPF related

Add an SPF record: http://www.123-reg.co.uk/support/support/answers/how-do-i-add-an-spf-record-to-my-domain-name-349/

Manage Domain > Advanced DNS, add a TXT record with @ in the first namefield and the string in the second.

Check SPF Syntax: http://www.mtgsy.net/dns/spfwizard.php/
How SPF records work: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Add SPF for Gmail http://www.google.com/support/a/bin/answer.py?answer=178723/

Failover Nameservers

This is quite complicated, use http://www.intodns.com/ to check these settings afterwards. To explain this I will use this website as an example which runs off a Linux server. serverkb.co.uk was bought with 123-reg and the website content is hosted on server number one - 212.67.205.129.

serverkb.co.uk will use the 123-reg nameservers: ns.123-reg.co.uk and ns2.123-reg.co.uk by default and so we will use these two as part of four nameservers in total.

I have set up the nameservers ns.mymusicstation.co.uk and ns2.mymusicstation.co.uk on server number two - 37.122.208.32. Now to get this to work you need to:

  • First - Add the domains that you want to have four nameservers (ns.123-reg.co.uk, ns2.123-reg.co.uk, ns.mymusicstation.co.uk and ns2.mymusicstation.co.uk) to the server which will run as a nameserver. In this case I have added serverkb.co.uk and mymusicstation.co.uk to server number two.
  • Second - Setup server number two to have one domain run as the nameserver. In this case, mymusicstation.co.uk uses server number two for it's nameserver by having the following DNS records in place:
mymusicstation.co.uk.    NS ns.123-reg.co.uk.
mymusicstation.co.uk.    NS ns2.123-reg.co.uk.
mymusicstation.co.uk.    A  37.122.208.32
mymusicstation.co.uk.    NS ns.mymusicstation.co.uk.
mymusicstation.co.uk.    NS ns2.mymusicstation.co.uk.
ns.mymusicstation.co.uk  A  37.122.208.32
ns2.mymusicstation.co.uk A  37.122.208.32
serverkb.co.uk           A  212.67.205.129
  • Third - Setup the main domain that you are trying to have four nameservers for to have only the following DNS records:
@               A  212.67.205.129
serverkb.co.uk. NS ns.mymusicstation.co.uk.
serverkb.co.uk. NS ns2.mymusicstation.co.uk.
  • Fourth - In /etc/named.conf ensure you have the following so the SOA record syncs with the nameservers:
allow-transfer {"212.67.202.2";};
allow-transfer {"92.51.159.40";};
// Comment ns.123-reg.co.uk  = 212.67.202.2
// Comment ns2.123-reg.co.uk = 92.51.159.40
// Comment After making the allow-transfer change run rndc reload
  • Fifth - Ensure /var/named/yourdomain.co.uk.db has the right TTL, SOA nameserver (e.g. ns.123-reg.co.uk) and SOA Serial Value. Ensure /etc/nsd/nsd.conf or the bind configuration file has something like/similar the following:
database: /var/lib/nsd/nsd.db
        difffile: /var/lib/nsd/ixfr.db
        ip4-only: yes
        pidfile: /var/run/nsd/nsd.pid
        username: named
        xfrdfile: /var/lib/nsd/xfrd.state
        zonesdir: /var/named
        ip-address: 127.0.0.1
        ip-address: 37.122.208.32
zone:
        name: "mymusicstation.co.uk"
        zonefile: "mymusicstation.co.uk.db"
zone:
        name: "serverkb.co.uk"
        zonefile: "serverkb.co.uk.db"

And that /etc/rndc.key is something such as key "rndc-key" { algorithm hmac-md5; secret "=="; };

  • Sixth - Run /usr/local/cpanel/scripts/updatenameserverips and check the following file if you have resolvers /etc/resolv.conf
  • Seventh - Ensure the SOA Expire and Serial is the same at all nameservers and reverse DNS is set for your domain.

Find hidden domains (e.g. police)

dig +trace domain.co.uk

.gov.uk

A lot of .gov.uk are managed by https://www.ja.net

To do a WHOIS lookup on .gov or .gov.uk domains, go to http://cqcounter.com

Installing PowerDNS

This is on an Ubuntu 12.04 server.

apt-get install pdns-server pdns-backend-mysql

Run through the install until it fails with:

mysql said: ERROR 1064 (42000) at line 1: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'type=InnoDB' at line 10

vim /etc/powerdns/pdns.d/pdns.local.gmysql

Change localhost to 127.0.0.1, then connect to MySQL with mysql -p and use your database:

use pdns

Then go to Section "1. Example: configuring MySQL" of this documentation until after the final GRANT ALL MySQL command. Then quit out of MySQL.

Test the connection to the database:

mysql -h 127.0.0.1 -u MySQLuser -Ddatabasename -p
*password*
quit

Start PowerDNS:

/etc/init.d/pdns start
/etc/init.d/pdns status

Warning: Host names and the MNAME of a SOA records are NEVER terminated with a '.' in PowerDNS storage! If a trailing '.' is present it will inevitably cause problems, problems that may be hard to debug.

You will then need to install the PowerDNS Recursor:

apt-get install pdns-recursor

Configure PowerDNS

In progress...


Issue creating subdomain

If you get the following error when adding a subdomain in Plesk:

"The specified directory contains a service directory"

See if upgrading Plesk to the newest available version will help. Try to run the following commands within this thread: http://forum.parallels.com/showthread.php?t=105624

Please bear in mind in version 10.4.4 the way DNS zones work have changed: http://kb.parallels.com/en/112966

Hosts file

Commonly in C:\Windows\System32\drivers\etc\hosts

If you are Administrator but still can't edit the file, go to Start > search for notepad > right click it and Run as Administrator. Then go to File > Open and navigate to C:\Windows\System32\drivers\etc and Open the hosts file. You will then be able to save the file.

Alternatively, install a program called HostsMan.

Most common DNS settings

DNS Entry/Name/Host Record Type Destination/Target/Value/Content
@ A Server IP Address
* (Asterix) A Server IP Address
ftp CNAME www
mail A Server IP Address
webmail A Server IP Address
www A Server IP Address
@ MX (set Priority e.g. 0, 10 or 20) mail.yourdomain.co.uk

If your domain registrar is 123-reg to set the above records up; pick a domain, Manage > Advanced Domain Settings > Manage DNS > Advanced DNS.
It is always advised to use your domain registrars name-servers. In 123-reg this can be done going to Manage > Advanced Domain Settings > Change Nameservers > Set nameservers to 123-reg

Nameservers are DNS records that serve DNS records. The DNS records then tell browsers visiting your website which server to go to.

Nameserver Daemon (NSD)

Be aware if you use this DNS service it doesn't seem to listen on 0.0.0.0:53 and IP:53, only DNS locally at 127.0.0.1

To switch from NSD to BIND in WHM go to Service Configuration > Nameserver Selection

NSD Integration with cPanel
Setting up Nameservers in a cPanel & WHM Environment

Reverse DNS

Reverse DNS should propagate to the root name servers in 30-60 minutes. It is common to set this to a domain or mail.yourdomain.com


Set nameservers to point to your own server

Part of this process is done through the domain registrar. You need to change the nameserver to ns/ns2.domain.co.uk . To prevent circular dependencies GLUE records (an A record) need to be set too which are the nameserver -> VPS IP. Explanation

Setup the following DNS records in Plesk (in Websites & Domains > DNS Settings) or in WHM, this will set the server to be the nameservers for that domain. So you basically want this setup:

Host: yourdomain.co.uk
NS record
Value: ns1.yourdomain.co.uk

Host: yourdomain.co.uk
NS record
Value: ns2.yourdomain.co.uk

Host: ns1.yourdomain.co.uk
A record
Value: Server IP address

Host: ns2.yourdomain.co.uk
A record
Value: Server IP address

If you have two IPs you can set the values to different IPs. Both nameservers can be on the same IP if you wish, it causes no problems.

The DNS settings within Plesk are only picked up if the VPS is it's own nameserver, however leave these as they are if you do manage the DNS through your domain registrar's control panel.

Plesk Nameserver setup guide

Sync DNS Zones with Plesk Database

cd %plesk_bin%
dnsmng.exe update *

It will sync DNS zones for all domains with Plesk database data.

Website setup with www

If this has been done, you can add the following record to DNS:

@ A www

If this is picking up content from a different site, check in Tools and Utilities > IP Addresses to see what the IP address is set as and what the default site is. If there is more than one domain it needs to be set as Shared, not Dedicated. Setting the default site to the one with the issue can also help as well. If the default site is set to none, it may pick up the content from /var/www/vhosts/htdocs/default

The record: www CNAME domain can take over 1 hour to propagate.

If you try to add a domain alias for www in Plesk and it fails, remove the A/CNAME record in Plesk's DNS settings for that domain.

WHOIS privacy

WHOIS privacy on .com domains has to be paid for. .co.uk addresses can get it for free.

Notes

EPP key = Auth code

You need to renew a domain before transferring.

To point a subdomain at a server, normally you go into the domain registrars DNS control panel and add the example bit of example.testwebsite.com as an A record to the IP address of the server.

From CLI to check just the nameservers do:

whois domain.co.uk | grep -i -A 3 "name server"