The internet operates using IP addresses, linked to domain names via the Domain Name System (DNS). Whether you set up your DNS or use a hosting provider’s service, you map a Fully Qualified Domain Name (FQDN) to an IP address. For instance, the FQDN mail.howtoforge.com corresponds to the IP address 78.46.214.220.
This guide uses the domain xyzzy.tld as an example. A Host Name is a discrete label assigned to a device in a network, like foobar. Combining it with the domain name forms an FQDN, such as foobar.xyzzy.tld.
Domains intended for external use must be registered. Registrars typically require two name servers. Some allow registration without immediate specification, granting up to one month before the domain could be revoked for non-compliance.
Operating your name servers necessitates two physical servers. With only one host, you can consolidate services (e.g., websites, emails, databases, DNS), but the second name server needs external arrangement.
For internal name service, registration isn’t mandatory, and a single name server suffices.
This tutorial’s ISPConfig portion anticipates a multiserver setup: one acts as a web host, and two serve DNS functions, collectively named web, ns1, and ns2. A simplified configuration involves two hosts where the web performs DNS tasks alongside another name server.
In a name server, various records exist. Assign A-records to your hosts’ IP addresses or AAAA-records for IPv6. Populate NS records with your name servers’ hostnames.
Organize essential details like this:
| host or domain | IP address | Used for |
|---|---|---|
| xyzzy.tld | 192.168.260.71 | web page address |
| web | 192.168.250.71 | web server |
| ns1 | 192.168.250.73 | name server |
| ns2 | 192.168.258.75 | name server |
1.1 Using ISPConfig 3.x
Deploy three hosts with ISPConfig using a multiserver setup. This guide references Debian GNU/Linux 9.5 and ISPConfig 3.1.12 for testing.
Setting up DNS templates is advantageous for multiple domains; see the ISPConfig manual, chapter 4.8.1.3. For a single domain setup, templates aren’t necessary.
Navigate to the DNS tab and press “Add new DNS zone manually”. This DNS zone functions as your domain’s configuration file.
Below is an image of the DNS zone form. For customer setups, enter the customer name in the form. Leave it blank for personal setups.
Save and proceed to the Records tab.
In the Records tab, add DNS records by selecting the green button associated with each record type. When entering FQDNs, append a dot (“.”) to the hostname to avoid errors.
Add additional records as required.
A red ball indicates saving to disk is underway, with a number showing pending records. Wait two minutes or until it disappears before testing; otherwise, tests may reflect outdated configurations.
For further name servers or when ISPConfig is installed on a single host, additional hosts can be added. Ensure Linux and ISPConfig are installed on these hosts with a static IP address. These setups can run from an office or home, although static IPs may have costs attached. Some hosting providers offer accessible low-cost plans, including a static IP address. Consider an ISPConfig multiserver setup across various hosts.
If you’re confused, refer to the ISPConfig manual.
1.2 Using Provider’s Name Service
Skip this section if you’re employing ISPConfig for DNS.
Hosting providers often bundle DNS services, or you can find a third-party DNS provider.
Instructions for using these services vary widely. Generally, you’ll need to input the information gathered earlier.
Refer to the previous section to adapt to your provider’s form.
Your provider likely operates a shared name server infrastructure. Name servers might appear as ns1.yourprovider.com, ns2.yourprovider.com. Providers may offer glue records, allowing for ns1.xyzzy.tld, ns2.xyzzy.tld. Consult instructions for glue record availability.
1.3 Testing
Verify DNS functionality by accessing ns1 or ns2, and conducting tests. This example utilizes Debian GNU/Linux 9.5 Stretch; the process should resemble Ubuntu. Alternatives for Windows include nslookup, as it lacks the host command.
root@ns1:~# host web.xyzzy.tld 192.168.250.73
Using domain server:
Name: 192.168.250.73
Address: 192.168.250.73#53
Aliases:
web.xyzzy.tld has address 192.168.250.71
root@ns1:~#
This test indicates the correct name server and resolution to the intended IP address. This approach is essential because:
- The host command specifically tests DNS functionality, while a ping might rely on /etc/hosts.
- Specifying the DNS server IP ensures testing accuracy and validity.
- Using IP numbers avoids resolution failures due to misconfigured services.
Conduct similar tests for other hostnames:
- Correct erroneous IP addresses.
- Verify spellings for unrecognized names.
- Ensure FQDN terminations with a dot in ISPConfig entries.
- If “connection timed out, no servers could be reached,” ensure the server is running and network connectivity is intact. Verify server status using
systemctl status bind9.service
.
Check DNS zones and servers:
root@ns1:~# dig @192.168.250.73 xyzzy.tld
; <<>> DiG 9.10.3-P4-Debian <<>> @192.168.250.73 xyzzy.tld
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64352
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xyzzy.tld. IN A
;; ANSWER SECTION:
xyzzy.tld. 3600 IN A 192.168.250.71
;; AUTHORITY SECTION:
xyzzy.tld. 3600 IN NS ns1.xyzzy.tld.
xyzzy.tld. 3600 IN NS ns2.xyzzy.tld.
;; ADDITIONAL SECTION:
ns1.xyzzy.tld. 3600 IN A 192.168.250.73
ns2.xyzzy.tld. 3600 IN A 192.168.250.75
;; Query time: 0 msec
;; SERVER: 192.168.250.73#53(192.168.250.73)
;; WHEN: Fri Aug 10 15:41:53 EEST 2018
;; MSG SIZE rcvd: 122
root@ns1:~#
Ensure dig accurately displays NS and A records. Replicate tests with the alternate name server’s IP to confirm both servers function correctly.
Test further by configuring your workstation’s DNS settings to use the new name servers. Modify your OS-specific DNS settings; on Linux, edit /etc/resolv.conf, and for Windows, access the Network settings.
1.4 Reverse Name Service
Skip this section if you don’t require reverse DNS (PTR records).
PTR records resolve hostnames from IP addresses, reversing typical DNS operations.
For internal DNS, set up reverse services on the same servers. Within ISPConfig, create reverse zones and add PTR records for each IP.
For public reverse DNS, coordinate with the entity allocating your IPs to establish records. Specify PTR needs or leverage provider interfaces for configuration.
To configure reverse DNS with ISPConfig, create a DNS zone for reverse services. Use the first three octets of your IPs in reverse, appended by “.in-addr-arpa”. For example, 192.168.250/24 becomes 250.168.192.in-addr-arpa. Include NS records for consistency.
Create PTR records as shown:
Test with the host command:
root@ns1:~# host 192.168.250.71 192.168.250.73
Using domain server:
Name: 192.168.250.73
Address: 192.168.250.73#53
Aliases:
71.250.168.192.in-addr.arpa domain name pointer web.xyzzy.tld.
Assign multiple PTR records per IP if necessary, although this typically isn’t desirable.
For mail servers (e.g., mail.xyzzy.tld), configure PTR records as many mail services validate the sender’s IP hostname correlation.
1.5 Tools
To assess DNS service status, use:
systemctl status bind9.service
An “Active: active (running)” status indicates operational DNS. Disregard “network unreachable resolving … AAAA” messages, which imply missing IPv6 support.
If the service is active but the host command yields no results, examine the zone file integrity. Use named-checkzone if bind rejects the zone. On Debian GNU/Linux, review /etc/bind/pri<zone name>.err.
root@ns1:~# named-checkzone 250.168.192.in-addr.arpa /etc/bind/pri.250.168.192.in-addr.arpa.err
zone 250.168.192.in-addr.arpa/IN: has no NS records
zone 250.168.192.in-addr.arpa/IN: not loaded due to errors.
root@ns1:~#
Correct errors within ISPConfig if configured through the panel.
Review log files by restarting the service and inspecting /var/log/syslog using:
grep named /var/log/syslog
Utilize online name service validators like zonecheck.org, mxtoolbox.com, or zonemaster.net.
1.6 Getting Help
If seeking forum assistance, sharing your domain name expedites support. Concealment hampers diagnosis. For private inquiries, disclose the domain privately to a trusted DNS expert for troubleshooting.
1.7 Registering a Domain
Once your DNS setup is successful, register your domain or add DNS servers to an existing registration, rendering it globally accessible in approximately 4–48 hours.
When registering servers like ns1.xyzzy.tld, input IP addresses. If only the hostname is provided, access becomes impractical without knowing the IP. Employ glue records to address this and support naming conventions rather than raw IP entries.
Future registrations, like plugh.tld, can reference ns1 and ns2.xyzzy.tld since they’re recognized from xyzzy.tld’s established records.
FAQ
- What is a Fully Qualified Domain Name (FQDN)?FQDN refers to the complete domain name for a specific computer or an entity connected to the internet, including both the hostname and domain name (e.g., mail.howtoforge.com).
- How many name servers do I need?Generally, two name servers are required for domain registration to ensure redundancy and reliability.
- Can I set up DNS with a single server?Yes, but for public domains, you’ll need a second server for redundancy. For internal purposes, one server is adequate.
- What is the purpose of glue records?Glue records bind a hostname to an IP address to resolve domain-to-address mismatches and enhance DNS resolution efficiency.