To support domains, primary and secondary DNS servers need to be created. Two Debian servers are available with two IP addresses in different subnets. Only one domain exists currently (example.com), and ns servers for it should be ns1.example.com on the first server and ns2.example.com on the second server. Registration of DNS servers from the registrar was done.
BIND was installed on the first server with port 53/tcp open, and its configuration was presented. To ensure redundancy, the configuration of the secondary dns on the second server (2.2.2.2) needs to be worked out. An nslookup using the first server (1.1.1.1) is successful, but all other servers respond with a connection time-out, which needs clarification.
This explanation indicates that the server that received the request either isn't working or is currently unavailable, possibly due to incorrect configuration.
To address this issue, you can identify a specific IP and domain and verify that it has been configured correctly. One way to do so is by checking the primary server's configuration file, where there should be a line that includes the following options:
options {
directory "/var/named";
notify explicit;
also-notify { SECONDARY SERVER'S IP ADDRESS; };
allow-transfer { SECONDARY SERVER'S IP ADDRESS; };
};
For the secondary server, you will need to configure the zone file like this:
zone "example.com" { type slave; file "/var/named/slaves/example.com.db"; masters { IP address of the primary server; }; };
Do you require it? Maintain your own DNS, guaranteeing their stability and accurate setup?
You can purchase DNS hosting for yourself at fastvps for only 0.90 euros per year, which will alleviate any concerns you may have =)
DNS hosting is a crucial element of website management that should not be overlooked. It can significantly impact the performance and accessibility of your website.
It's necessary to have identical configurations for both servers. The configuration should include "ns1 IN A 1.1.1.1" for ns1 and "ns2 IN A 2.2.2.2" for ns2.
Time is insufficient for this task.
You need to verify the domain name resolution using "nslookup example.com 174.129.16.254" instead of checking locally.
Based on the fact that "DNS request timed out." is returned when performing "nslookup localhost 174.129.16.254," I assume that your DNS port is closed (Additionally, is this your IP address?).
(P.S) It seems like there could be an issue with the server's firewall settings blocking access to the DNS port. You may want to consider checking the firewall configurations and allowing access to port 53.
In order to ensure redundant DNS servers for the domain example.com, we need to configure the secondary DNS server on the second Debian server (2.2.2.2).
Firstly, ensure that the BIND package is installed on the second server by running the following command:
sudo apt-get install bind9
Next, navigate to the BIND configuration file on the second server, typically located at /etc/bind/named.conf.options, and modify the options section to include the IP address of the primary DNS server in the "forwarders" directive. This will allow the secondary server to forward queries it cannot answer to the primary server. It should look something like this:
options {
directory "/var/cache/bind";
forwarders {
1.1.1.1; // IP address of the primary DNS server
};
// ...
};
After making these changes, restart the BIND service to apply the configuration:
sudo service bind9 restart
To address the issue of other servers responding with a connection time-out when performing an nslookup using the first server (1.1.1.1), there could be several factors at play. Firstly, check the firewall settings on the first server to ensure that incoming DNS requests on port 53 are allowed. This can be done using the following command:
sudo iptables -L
If the firewall is blocking incoming DNS requests, allow traffic on port 53 using the following command:
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
Additionally, verify that the DNS service is running and listening on port 53 by running:
sudo netstat -tuln | grep :53
This should show you if BIND is indeed listening on port 53. If it is not, you may need to review the BIND configuration file to ensure that it is set to listen on the correct interfaces and ports.
Finally, ensure that the domain example.com is correctly delegated to the nameservers ns1.example.com and ns2.example.com with the registrar. This can be done by logging into the registrar's control panel and setting the nameserver delegation for the domain.