I encountered problems when manually steering the DNS for the first time. Even experienced friends mentioned encountering strange problems in similar situations.

We have a Debian Stable on VDS (firstvds, unfortunately) and bind (8.4.7). Several PHP sites are running on it, along with the customer's server. Additionally, we have our own Debian Squeeze server which hosts a Python site. The main domain, let's call it domain.com, is linked to the IP of the VDS server. However, one of the subdomains needs to access my IP. That is, domain.com is on the VDS IP, while sub.domain.com is on mine. This task seemed simple at first, but then things got interesting.

Zone File:

$TTL 3600 <br/>
domain.com. IN SOA ns1.firstvds.com. root.domain.com. (2010090201 10800 3600 604800 86400) <br/>
domain.com. IN NS ns1.firstvds.com. <br/>
domain.com. IN NS ns2.firstvds.com. <br/>
domain.com. IN NS ns3.firstvds.com. <br/>
domain.com. IN MX 10 mail <br/>
domain.com. IN MX 20 mail <br/>
domain.com. IN A [IP VDS] <br/>
www IN A [IP VDS] <br/>
ftp IN A [IP VDS] <br/>
mail IN A [IP VDS] <br/>
smtp IN A [IP VDS] <br/>
pop IN A [IP VDS] <br/>
sub IN A [IP of your server] # - this is where the fun begins

I analyzed everything, and I constantly update the zone ID in the first line as required. I restart bind, which updates the DNS after a few hours. Then I use SSH with VDS to perform the following command:

root:~# host sub.domain.com

sub.domain.com A [My server's IP]

And everything seems fine. However, every 3-4 hours (during DNS updates), the IP changes. Sometimes the subdomain has the old IP, other times it has the new one. This is what it looks like from my machine (the console displays the time):

[21:24:05]:vas3k@arch ~&gt;nslookup sub.domain.com<br/>
Server: 192.168.0.1<br/>
Address: 192.168.0.1#53<br/>
<br/>
Non-authoritative answer:<br/>
Name: sub.domain.com<br/>
Address: [new IP]<br/>
<br/>
[23:26:06]:vas3k@arch ~&gt;nslookup sub.domain.com<br/>
Server: 192.168.0.1<br/>
Address: 192.168.0.1#53<br/>
<br/>
Non-authoritative answer:<br/>
Name: sub.domain.com<br/>
Address: [old IP that is on VDS]

You can see that the DNS keeps oscillating between IP addresses. After a few hours, it returns to normal, only to repeat the process. Since we are launching the website soon, I would like to resolve this issue. I am not an experienced admin and this is my first time handling such matters. I even attempted to delete and re-add the domain through ISPmanager, but encountered the same issues. Sometimes, both IP addresses appear in a Non-authoritative answer at once.

This issue has been occurring for over a month. I have made several modifications to the zone file, but the problem persists. I'm not sure if it is worth contacting FirstVDS support, as they usually claim "your server, your problem" and suggest reinstalling everything.

PS: I apologize for using fictional domains, but I hope the explanation was clear.

It is highly probable that the information on the FirstVDS name servers is inconsistent. My recommendation would be for you (or the customer) to reach out to technical support, as they will be able to provide assistance.

By the way, did you make the edits to the file manually or through ISPmanager? It is advisable to use ISPmanager as it updates the zone serial and notifies external servers to update the domain information accordingly.

PS: ns3.firstvds does not exist, so it would be best to remove it (both from the zone file and ISPmanager settings).

If I understand correctly, the DNS master for the domain is managed by FirstVDS themselves?
In that case, I have a few questions:
1. Do you have your own DNS server set up on the VDS? If so, why isn't it included in the zone configuration?
2. If you don't have your own DNS server, is it possible to designate FirstVDS's DNS server as a slave in their web interface?
3. a) If the answer to the above question is yes, then you can configure your DNS server as the master and theirs as the slave.
b) If not, it might be worth trying to set up your own DNS server as a slave to FirstVDS's server. This will allow you to observe the zone configuration during IP changes and examine any relevant keys.

If my interpretation is incorrect, please provide further clarification.

Are you making modifications to the zone file on the primary server?

It seems like there is a possibility that you are editing the secondary server instead, and the primary server overwrites your changes after 3 hours.

To clarify, make sure to edit the zone file directly on the primary server, specifically using ns1.firstvds as the primary server. When updating an entry, change the serial number in the format of a date followed by a unique number (from 00 to 99). The specific number is not crucial, but it should differ from the previously entered serial number, and it is preferable not to modify the date.

PS: You can try using the following format for adding a record:
sub.domain.com . A ipaddr

Additionally, it may be helpful to consult the documentation or support resources provided by FirstVDS for further guidance.

Firstly, it's important to ensure that the changes you make in the zone file are correct and properly updated. From the information you provided, it looks like you have correctly set up the A record for the subdomain to point to the IP address of your server. However, there could be a few things to consider:

1. TTL (Time to Live): The TTL value in your SOA record is set to 3600 seconds (1 hour). This means that changes to your DNS might take up to an hour to propagate. It's possible that during this propagation period, different DNS servers or clients may resolve to different IP addresses for the subdomain. Consider increasing the TTL value to minimize these inconsistencies during updates.

2. DNS Caching: DNS records are often cached at various levels, such as your local machine, your ISP, and other DNS servers. This caching can cause delays in seeing the updated DNS information. You might want to check if any caching is occurring and clear the cache if necessary.

3. DNS Server Configuration: It's also possible that there may be issues with the DNS server itself. You mentioned that you are using bind 8.4.7, which is quite an old version. It might be worth considering upgrading to a newer version or checking for any known issues related to DNS resolution.

Contacting your hosting provider's support team can still be a good idea, especially if you have exhausted your options and need assistance with troubleshooting the issue further. They may be able to provide insights or suggestions specific to their infrastructure.

In addition, you can also use online DNS tools to check the DNS records for your domain and subdomain from different locations to see if they are consistent.