Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Proper way to setup DNS cluster
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Proper way to setup DNS cluster

kontamkontam Member
edited March 2013 in Help

Hello everyone,

I want to learn more about how DNS works so I'm setting up my own DNS cluster of two servers to serve my website on a third server.

1.Type of software
Which dns software should I choose? I'd like to hear hands on experience opinion, BIND, djndns, NSD, powerDNS and most importantly why?

2.Authoritative vs Recursive?
Which one to server me better? I still don't quite understand the difference between these two.

So how should I go about it? I don't want complete solutions such as automated scripts or complete solutions such as cPanel DNSonly, I want to learn so I need to setup master and slave manually. So as I see it, my website server (1.1.1.1) has many domains hosted on it and I want to set up two different nameservers to server my website. One DNS server is master (1.1.1.2) and another one is a slave (1.1.1.3). Each time a query is made, the DNS server looks it up on the master, a slave is only a copy.

Every guide I've read so far is confusing, I don't know how to set them up properly. Is anyone willing to go help me with this one? I was thinking of either OpenBSD or CentOS for server software.

Comments

  • flyfly Member
    edited March 2013

    meh centos

    nsd3 all the way:

    http://blog.voltaire.sh/2012/08/09/nsd3-configuration/

    I would fiddle around with setting up your own slave, but then once you get the gist of it, I would run a hidden master on your VPS while using your provider's DNS servers as slaves. For example, I'm using Linode's, while you can also use any other provider that supports AXFR, like dns.he.net or rage4.

    Take a look at setting up dnssec as well:

    http://blog.voltaire.sh/2013/02/13/dnssec-on-nsd3/
    http://www.nlnetlabs.nl/publications/dnssec_howto/

  • mikhomikho Member, Provider
    edited March 2013
    Get a LES NAT VPS! (or 10) in United States (3), Germany, Bulgaria, France, Norway, Australia (2), Singapore. | -> 500gb NAT Storage
  • NeoNeo Banned

    PowerDNS and Mysql Replication ;D

  • We're using MyDNS-NG in a master/client configuration, and quite like it. The cluster is serving about 4000 zones, and the slaves can run on 128mb VPS instances without issue.

  • NeoNeo Banned

    Yeah you can use 2x 128MB VPS's for it.

  • I used to use nsd3 before I decided my needs were simple and my registrar could have the work.

    I didn't use slaves with inter-node syncing...just had a script that pushed out configs to each server and forced a reload. My updates weren't that frequent and it was simple.

    For LET support, please visit the support desk.

  • sleddogsleddog Member
    edited March 2013

    @kontam said: I want to learn so I need to setup master and slave manually. So as I see it, my website server (1.1.1.1) has many domains hosted on it and I want to set up two different nameservers to server my website. One DNS server is master (1.1.1.2) and another one is a slave (1.1.1.3). Each time a query is made, the DNS server looks it up on the master, a slave is only a copy.

    The master DNS server is where you maintain your zones and make changes: add, remove, modify zones. These changes are then propagated to one or more slave servers. The master and slaves are all authoritative for your domains. A dns query for one of your domains might go to either of your dns servers, and it should receive exactly the same response from each server.

  • danodano Member
    edited March 2013

    I personally like the PowerDNS with MySQL primary-secondary-etc situation myself. I currently run this config on one project, and it's been almost maintenance free - I can create a record in the web-based control panel I have on the master, and when I check the table in a remote node, it's always been updated also. This config is very flexible though, and I prefer it to Bind on any day.

  • Thank you all so very much. I've read all those articles which links you posted here. I actually wanted to hear the reason behind using mydns or powerdns. Do I have to add zones manually with all of them?

    @sleddog you mentioned authoritative word, can you give me an example of recursiveness?

    I keep reading that BIND is de facto a standard in the industry, but is as well very vulnerable.

  • Just remembered I wrote an NSD tutorial:

    http://freevps.us/thread-2349.html

    For LET support, please visit the support desk.

  • sleddogsleddog Member
    edited March 2013

    @kontam said: you mentioned authoritative word, can you give me an example of recursiveness?

    If you run a recursive nameserver, then it can be used to resolve domains that you do not control.

    For example, if your nameservers are recursive, I could send a dns request to your nameserver for "microsoft.com" and your nameserver would provide a response.

    If your nameservers are "authoritative-only", then they provide responses for only your domains -- the domains you have configured (and the ones you have set at the registrar to use your nameservers). In this case, a dns query for "microsoft.com" would be refused.

    When you run your own nameservers, you absolutely want them to be authoritative-only. Allowing then to be recursive opens the door for various kinds of nastiness.

    Thanked by 1Mridul
  • @raindog I've seen your tutorial before, it's good, thank you for posting.

    @sleddog thank you very much, you have explained to me in few simple words what complete articles couldn't.

    One more question for you guys. Which dns software except BIND doesn't need to be restarted after adding zones? And what's the easier way to automate adding zones? Thank, you have all been so helpful.

  • gbshousegbshouse Member, Provider

    @kontam - you can try PowerDNS with MySQL backend. If you need third party DNS feel free to contact me via PM for some extra Rage4 DNS free usage tier ;)

  • Powerdns any day. The guide mikho is mentioning is a repost of an old guide and that is highly out of date.

  • mikhomikho Member, Provider

    @blergh_
    Not a repost at all, I did the setup on two buyvm yearly vps. I did however read some outdated guides to point me in the right direction ( solus being one of them ).

    Get a LES NAT VPS! (or 10) in United States (3), Germany, Bulgaria, France, Norway, Australia (2), Singapore. | -> 500gb NAT Storage
  • DalCompDalComp Member
    edited March 2013

    @MikHo, Most important thing is that it's working. And now I have 4 DNS servers up and running, all by following your guide. Keep the site updated! ;)

    I'm here to collect your heart

  • mikhomikho Member, Provider

    Thank you @DalComp
    There are one or two more 'guides' scheduled for this week. They are held back since I'm not really happy with the "flow" when reading them.

    Get a LES NAT VPS! (or 10) in United States (3), Germany, Bulgaria, France, Norway, Australia (2), Singapore. | -> 500gb NAT Storage
  • My vote for Bind.. It was very easy to set up the master and 2 slaves on VPS and running fine since last 1.5 years..

  • mikhomikho Member, Provider

    @blergh_

    Never seen that site before, but its the internet. Still alot more to explore.

    Get a LES NAT VPS! (or 10) in United States (3), Germany, Bulgaria, France, Norway, Australia (2), Singapore. | -> 500gb NAT Storage
  • I've setup master and slave DNS with PowerDNS and MySQL using the guide MikHo posted: http://www.lowendguide.com/database/powerdns-cluster-with-poweradmin-web-interface/

    I don't want anything else running on my name servers so I'll have to add zones manually through the console. Are there any templates on how to do that?

    Thanks everyone for being so helpful. I decided to go with the PowerDNS, we'll see how it goes.

  • BTW: March 3: The post is now updated with a note that it is not recommended to be enabled on public servers.

    What is that?

  • @kontam said: BTW: March 3: The post is now updated with a note that it is not recommended to be enabled on public servers.

    What is that?

    Was in reference to recursion. Recursion on a public server is asking for abuse

  • Oh that, thanks.

    It's been almost 24h and my dns is not switching. I have glue records setup pointing ns1 and ns2 to my two nameservers and have setup a record for my domain.com pointing to my server IP. It's still showing the old website.

    Could it be that poweradmin hasn't correctly added the zone file? I can't find the zone file location to check manually. Where is this located? I'm using PowerDNS.

  • @kontam said: Could it be that poweradmin hasn't correctly added the zone file? I can't find the zone file location to check manually. Where is this located? I'm using PowerDNS.

    Check the database file

    I'm here to collect your heart

  • table 'records' is fine. I have no option but to wait, it's been more than 15h so far and it has never ever taken more more than few hours before when I changed nameservers on different servers.

  • You sure it's not DNS cache?
    Check out https://developers.google.com/speed/public-dns/

    I'm here to collect your heart

  • I flushed dns cache on my PC, still no change. I remember propagation taking too long when I've setup a whm/cpanel server with self-owned nameservers. Also took long to propagate, but after that it's been working very quickly. Maybe this is the same case. We'll see. Thank you.

  • AmfyAmfy Member

    @kontam said: I flushed dns cache on my PC, still no change. I remember propagation taking too long when I've setup a whm/cpanel server with self-owned nameservers. Also took long to propagate, but after that it's been working very quickly. Maybe this is the same case. We'll see. Thank you.

    Not sure what you are talking about, but try dig yourdomain.com @ns1.yourdns.com

    Dig even supports some kind of tracing stuff, etc. Pretty helpful for debugging :)

  • It says ns1.domain.com couldn't get address for. That can't be, I have ns1.domain.com in my godaddy cpanel setup correctly with the IP pointing to my nameserver where pdns is up.

  • @kontam said: godaddy cpanel

    Godaddy what?

    I'm here to collect your heart

  • control panel

    I just saw my resolv.conf has google and vps provider nameservers in it, omg, I've changed them to:

    nameserver "ns1 ip"
    nameserver "ns2 ip"

    Okay, now let's see if it works.

  • @kontam said: I just saw my resolv.conf has google and vps provider nameservers in it, omg

    I don't see the problem?

  • Woohoo now it works. :) I'm so happy. Thank you all. :)

  • If you've followed the guide in the site, i would advise to redo it but with binaries off the powerdns.com website as the ones from apt/yum/etc are too old now. 2.* is crazy old and outdated compared to say 3.2

  • I'm running 2.9.20, is there a way to update it?

  • @kontam

    Fetch the packages off the website, replace, update mysql-schema's among other things. Check the website for the documentation.

    http://doc.powerdns.com/upgrades.html#from2.9to3.0

  • @blergh_ said: If you've followed the guide in the site, i would advise to redo it but with binaries off the powerdns.com website as the ones from apt/yum/etc are too old now. 2.* is crazy old and outdated compared to say 3.2

    Then remember that you have to manually keep it updated.

    Distro package binaries are not the bleeding-edge version. They are stable and secure (stability & security patches are backported). Unless you have a good reason to move away from the packages provides by your distro, it's generally better not to.

  • @sleddog

    lol. Have you even read the changelogs or docs for updating between 2.9 to 3.*? I suppose not. Updating isn't too hard, just read the docs.

  • @blergh_ said: lol. Have you even read the changelogs or docs for updating between 2.9 to 3.*? I suppose not. Updating isn't too hard, just read the docs.

    It's good that you read changelogs and know what you're doing. Not everyone does.

    The OP is learning, and is not an experienced admin. The safe and sure route is to stick to the distro packages. Many people work their asses off for RedHat (CentOS) and Debian to bring secure and stable software to the masses. As an experienced sysadmin you should know better than to tell novice uses to ignore that and install bleeding-edge software instead.

  • So should I stick with the distro package?

  • @kontam said: So should I stick with the distro package?

    I do. They say that if it's working then don't touch it.
    Unless you know what you're doing ofc.

    I'm here to collect your heart

  • @sleddog

    This isn't bleeding-edge but rather a quiet big change in the way PowerDNS works.

    Let me quote the doc's (that you apparently did not bother to read)
    " Warning

    Version 3.0 of the PowerDNS Authoritative Server is the biggest change in PowerDNS history. In some senses, this means that it behaves somewhat like a '1.0' version. We advise operators to carefully perform the upgrade process from 2.9.x, and if possible test on a copy of the database beforehand. "

  • @blergh_ said: Let me quote the doc's (that you apparently did not bother to read)

    Correct. Because I don't use powerdns.

    I was advocating a best practice not specific to powerdns: stick to the distro packages unless you have a good reason not to, and you know what you're doing.

  • agentmishraagentmishra Member, Provider

    nice tutorial

    lots of help even after so many days...

    keep up the good work.

    skype id : agentmishra, gtalk id : agentmishra, email : [email protected]

  • eddynetwebeddynetweb Member
    edited May 2014

    If there is one thing I hate, it's improperly setup open resolvers, no recursive!

    Is inflation really at 0.5%? What a conundrum...

    eddynetweb.net | DigitalOcean referral.

Sign In or Register to comment.