How do I configure DNS on a Linux server?
August 13, 2007 2:41 AM   Subscribe

How do I configure DNS on a Linux server?

I've got a virtual dedicated Linux server through Godaddy. I'm trying to set it up so that the domain name resolves to the proper location. I jumped through all the hoops in their guide, but am still getting a "server not found" error when I try to hit the domain in my browser. It's been over four days now since I set it up, and it's no longer resolving to a Godaddy parked domain page, so I know it's not a propagation issue. I submitted a help ticket to Godaddy, and their response was that I don't have "a proper zone file setup for mydomainnamehere.com." How do I do this? Their email was remarkably light on details of how to do this.
posted by Doofus Magoo to Computers & Internet (40 answers total)
 
Specifically, here's what their email said:
After further investigation it appears that you do not have a proper zone file setup for mydomainnamehere.com. Below is the latest information for your domain, retrieved using the dig command on your server.

[root@ip-XXX-XXX-XXX-XXX etc]# dig mydomainnamehere.com

; <>> DiG 9.2.4 <>> mydomainnamehere.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER< - opcode: query, status: servfail, id: 57849br> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomainnamehere.com. IN A

;; Query time: 99 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 12 10:19:56 2007
;; MSG SIZE rcvd: 29

As you can see there is no IP assigned to the A record. Without this setup properly, no computer in the world will know what to do with mydomainnamehere.com (namely, resolve it to your server's IP address). This explains why entering your domain in the browser doesn't work. You will need to properly configure your named services to have working DNS. This can be done either through your control panel or via SSH.
posted by Doofus Magoo at 2:43 AM on August 13, 2007


hmm I am pretty sure they are wrong.
If you look at the ;;->HEADER< - line you will notice the status is status:servfail which means the server failed.br>
Usually this means you couldn't get a response out of the nameserver. Is the service running and is communication to the server ok?
posted by gadha at 2:54 AM on August 13, 2007


I can hit the server fine using the IP address, if that's what you're asking. Which service do I need to check to see if it's running?
posted by Doofus Magoo at 3:30 AM on August 13, 2007


it would depend on your dns server -- usually DNS or bind or bind9.

also if you can ssh into the server and do a
"netstat -o -a" you should see two lines similar to this:

tcp 0 0 machinename:domain *:* LISTEN off (0.00/0/0)

udp 0 0 machinename:domain *:* LISTEN off (0.00/0/0)
posted by gadha at 3:54 AM on August 13, 2007


The first line is:

tcp 0 0 *:https *:* LISTEN OFF (0.00/0/0)

... then I have similar lines, but instead of https, it's imaps, pop3s, mysql, pop3, 9999, imap, http, sieve, ftp, ssh, smtp, and some other stuff.
posted by Doofus Magoo at 4:00 AM on August 13, 2007


I've got three UDP entries (at the end, right before the line "Active UNIX domain sockets", but they're a bit different:

udp 0 0 *:56733 *:*
udp 0 0 ip-XXX-XXX-XXX-XX:domain *:*
udp 0 0 ip-XXX-XXX-XXX-XX:domain *:*

Note that the IP address in those three entries don't quite match my server IP (mine ends in .28, these end in -2, but are otherwise identical).
posted by Doofus Magoo at 4:02 AM on August 13, 2007


a$ whois example.com
(look for name servers, say, 1.2.3.4)
a$ dig example.com @1.2.3.4
(if not get results, make sure that address is yours. If so,)
a$ ssh 1.2.3.4
b$ netstat -an |grep ":53 .*LISTEN"
(If you get results, then you have a nameserver running, but it's not set up correctly.)
(If you get no output, then you don't have a nameserver running.)
posted by cmiller at 4:11 AM on August 13, 2007


yeah, what cmiller much more eloquently said
posted by gadha at 4:15 AM on August 13, 2007


your udp lines show that something is listening where you would expect the dns server (ie presumably you have the dns server running). you should also have tcp line(s) with "domain".

are you sure that you have followed section 4 of the guide correctly? do all the screens look like the diagrams?
posted by andrew cooke at 4:19 AM on August 13, 2007


I got results from netstat:

tcp 0 0 XXX.XXX.XXX.XXX:53 0.0.0.0:*
tcp 0 0 127.0.0.1:53 0.0.0.0:*

So I have a nameserver running, but it's not set up correctly? Sorry to be so obtuse, but what now?
posted by Doofus Magoo at 4:21 AM on August 13, 2007


The machine your server is hosted on may or may not be running a DNS server of its own (not likely that it would be on a GoDaddy shared hosting server farm), but it will be running a DNS client (to be able to hit central DNS servers for lookups). What you've got to do, and what every computer in the world that wants to hit your domain depends on, is that, for every service your domain is going to support, that there is an appropriate DNS record pointing at your server machine, on the DNS machine that is authoritative for your server. If you're using GoDaddy's DNS machines (no reason you shouldn't in shared hosting), then that's where you should put your "A" records, via your hosting control panel. If you have another DNS provider that you want to use for some reason, you have to point to the other DNS host's DNS servers as the authoritative source for your domain "A" records. This has nothing to do with whether a DNS server happens to be running on your host machine, or not.

Thus, for a domain responding to http and ftp protocols you might have "A" entries like:

{name} {ttl} addr-class A address
www.mydomainnamehere.com IN A 128.32.133.1
ftp.mydomainnamehere.com IN A 128.32.133.1

If you have mail services running on that server (unlikely) you'll need appropriate Mail Exchange (MX) records, too. Most shared hosting setups run mail through dedicated mail servers, so it's quite likely your MX records should be pointed at different machines than your hosting machine, and for mail spool redundancy, should have some longer TTL values and retry fields, so that outside mail servers that can't reach yours in an outage, keep trying over a few days, so that you don't lose mail. You may also want or need CNAME, PTR, and WKS records for your domain in DNS, if you'll be doing things like supporting sub-domains, etc.
posted by paulsc at 4:22 AM on August 13, 2007


my guess is you entered something wrong in one of the screens for section 4 of the guide. some kind of typo, for example, or skipped a step. i would go back and check each step carefully.
posted by andrew cooke at 4:23 AM on August 13, 2007


I'll check out step 4 of the guide once I'm in the office in an hour or so; thanks andrew cooke.

Paulsc, I'm afraid your explanation, while seemingly very informative, is quite a bit over my head.
posted by Doofus Magoo at 4:29 AM on August 13, 2007


GoDaddy maintains at least a couple of publicly visible DNS servers. One is called ns1.godaddy.com and resolves for me today as 208.139.132.201. Another one is ns2.godaddy.com which is running on the same IP address today.

Your DNS records, and those for thousands of other domains hosted by GoDaddy, could be hosted on these same DNS servers. The control panel for GoDaddy is probably setup to load your records on the GoDaddy DNS servers, with appropriate pointers to the actual machine serving your domain, by scripts running behind your GoDaddy control panel.

I agree with andrew cooke that you should carefully review your Web hosting control panel setup. If you are just serving files on http, you may just need records for www.yourdomainhere.com. If you will be using SSL for secure transactions, you'll need additional entries for https, as well as an SSL certificate installed. If you want to provide files for download via ftp, you'll need entries for your ftp protocol, etc. That's what all those additional "services" line entries are for, "... then I have similar lines, but instead of https, it's imaps, pop3s, mysql, pop3, 9999, imap, http, sieve, ftp, ssh, smtp, and some other stuff." imap, POP3, and smtp are various mail protocols. mysql is for setting up port access to a MySQL server process running your host, which is not something you should do, for security purposes. ssh is secure shell, which is a way of encrypting your traffic to your host, when talking to it over terminal mode.
posted by paulsc at 4:52 AM on August 13, 2007


So I have a nameserver running, but it's not set up correctly? Sorry to be so obtuse, but what now?

Yes, you have something like a nameserver running, and yes, it's probably not set up.

What now? Well, there are a few dozen kinds of nameservers. For whatever you're running, you have to tell it that

1) It is authoritative for example.com
2) How long you wish any information you give out to be considered still fresh
3) What names you wish to have in that zone, the type of record, and some data. e.g.,
"www", "A" (record), "1.2.3.7"

From that machine, you should be able to type
b$ host -t ${recordtype} ${chosenname}.example.com. 127.0.0.1
and get results. Don't test this from your local machine. There's too much stuff between you and the piece you're testing.

-----

Running a nameserver isn't for the faint of heart. Consider using someone else's.
posted by cmiller at 5:09 AM on August 13, 2007


i'm not sure if you understand, so forgive me if i'm stating the obvious, but the web control panel will do the same thing as configuring the server by hand. providers like godaddy provide control panels like that so that users like you don't need to get into all these details.

also, because of the way unix works, you should avoid doing things by hand unless you are sure that you do not want to use the control panel. it is possible to break/confuse these control panels by making hand adjustments. that normally doesn't matter because experts do everything by hand (so it doesn't matter if the control panel is broken) and others always use the panel (so it doesn't get confused). but what you seem to be heading towards here is mixing a bit of both and i would strongly, strongly advise against that until you have no other resort.

if you check the control panel against section 4, and everything looks exactly right, then i would suggest you reply to godaddy saying that the control panel is configured correctly and ask them to verify that the control panel is working. only if that doesn't help should you think about doing changes by hand.
posted by andrew cooke at 5:24 AM on August 13, 2007


Well, the problem is that I did use the control panel, and it apparently didn't work. :) I don't want to do this crap via the command line any more than I want to hit my head against a brick wall, and am going to go back through the manual now and verify that I did everything properly.
posted by Doofus Magoo at 6:01 AM on August 13, 2007


I'd echo the suggestion to try to use the control panel first.

If you can't get it going that way, then the next thing we need to know is what DNS server software you're running. Setting up an authoritative server really isn't that hard -- DNS is a relatively simple protocol -- but they all have different configuration file formats.

From a very high overview, the DNS system remembers (at least) two nameservers for every domain. When a client looks up 'example.com', it first talks to the root servers, which tell it to talk to the .com master server; the .com master server then tells it to talk to example.com's registered nameservers. Then the client asks one or more of the nameservers on the list it's given.

Those nameservers need to be set authoritative for the domain in question, and they need to reply to the query, whatever it is. At minimum, they'll need a zone file with at least two NS (nameserver) records (matching what the DNS system has), and A (address) records for those machines. Normally, there will also be at least one MX record (mail exchanger: this tells mail servers where mail headed to example.com goes), likely with an A record to match.

From there, you mostly just have A records for machines in the domain. In your case, you might be fine with just two more A records; the basic one for the domain (giving example.com an IP address, which is optional), and one for www.example.com.

So, to reiterate:

Two NS records for the domain: required
An A record for each NS record that's in your domain: required
(if they're in another domain, like ns1.godaddy.net, you don't list the A records yourself: that's GoDaddy's problem.)
At least 1 MX record: suggested
An A record for the MX if it's in your domain: required. Again, if it's outside your domain, that domain takes care of the A record.
A records for domain.com and www.domain.com: suggested
A records for anything else you have: optional

The exact syntax of the config files, however, will be different based on what DNS server you're running, so that's as useful as I can be without more info.
posted by Malor at 6:20 AM on August 13, 2007


Also, remember that changes take awhile to propagate to the net. You should make a change, and then query your own server directly with the nslookup utility on your desktop. Open a command prompt and type nslookup.

At the prompt, type server 'my.server.ip.address'

Then type:

> set type=A
> www.example.com

Server: your.server.name
Address: your.server.ip.address

Name: www.example.com
Address: W.X.Y.Z


If you get back an address, you're answering for the domain. If you get an error message, you're still misconfigured.

In nslookup, you can use SET TYPE= to ask for records of different types. Things you want to check for:

> SET TYPE=NS
> example.com


Make sure you get at least two records with included IP addresses that are correct. The result should look like:

example.com nameserver=ns1.example.com
example.com nameserver=ns2.example.com
ns1.example.com internet address = W.X.Y.Z
ns2.example.com internet address = V.W.X.Y


Then check for mailserver:

> SET TYPE=MX
> example.com

example.com MX preference = 10, mail exchanger=mail.example.com

(lots of extra output duplicating exactly what's above: it looks like an NS query does)
mail.example.com internet address = W.X.Y.Z

If you get those things, your server is working properly, but it may take a day or so for the rest of the Internet to agree, because the nameservers cache results to cut down traffic.
posted by Malor at 6:34 AM on August 13, 2007


Ok, checked the control panel. Everything I did matches what they're showing, although it seems like there should be more instructions after page 21, rather than just going straight to "How to upload via FTP."

How do I check what DNS server I'm running?

I did the NSLOOKUP thing. Here's the output:

Z:\>nslookup
Default Server: (my current domain)
Address: (my current server's IP)

> server (site's IP address)
Default Server: ip-(site's IP address).ip.secureserver.net
Address: (site's IP address)

> SET TYPE=NS
*** Can't find address for server TYPE=NS: Non-authoritative answer
> (site's name)
Server: ip-(site's IP address).ip.secureserver.net
Address: (site's IP address)

Name: (site's DOMAIN NAME)
Served by:
- D.GTLD-SERVERS.NET

com
(and a bunch more, for E, F, G, H, I, J, K, L and M)

posted by Doofus Magoo at 7:52 AM on August 13, 2007


"SET TYPE=NS" should be in lower case
posted by gadha at 8:45 AM on August 13, 2007


Thanks gadha:

> set type=NS
> mydomain.com
Server: ip-(SERVER IP).ip.secureserver.net
Address: (SERVER IP)

(root) nameserver = C.ROOT-SERVERS.NET
(root) nameserver = D.ROOT-SERVERS.NET
(root) nameserver = E.ROOT-SERVERS.NET
(root) nameserver = F.ROOT-SERVERS.NET
(root) nameserver = G.ROOT-SERVERS.NET
(root) nameserver = H.ROOT-SERVERS.NET
(root) nameserver = I.ROOT-SERVERS.NET
(root) nameserver = J.ROOT-SERVERS.NET
(root) nameserver = K.ROOT-SERVERS.NET
(root) nameserver = L.ROOT-SERVERS.NET
(root) nameserver = M.ROOT-SERVERS.NET
(root) nameserver = A.ROOT-SERVERS.NET
(root) nameserver = B.ROOT-SERVERS.NET
J.ROOT-SERVERS.NET internet address = 192.58.128.30

posted by Doofus Magoo at 8:49 AM on August 13, 2007


it does look like your name-server isn't properly configured. Are you in any position to give us the ACTUAL domain name?
posted by gadha at 8:59 AM on August 13, 2007


Sure -- it's bidtrix.com.
posted by Doofus Magoo at 9:06 AM on August 13, 2007


well from what I can gather with my (limited) knowledge, the root name servers have:
ns1.bidtrix.com and ns2.bidtrix.com as your nameservers for bidtrix.com

1. both of these resolve to the SAME ip address -- which is incorrect -- (can the same dns server hold master and secondary for the same domain? I've never heard of that).

2. it seems that your dns server doesnt have any records for bidtrix.com -- probably due to this misconfiguration.

If you want a place to host secondary for your domain i'll happily do it.
posted by gadha at 9:13 AM on August 13, 2007


I just took a look at the actual stuff in the pdf file you linked to.. it only goes so far as to tell you how to setup the nameservers for the domain... beyond that you need to configure the actual dns server running on your machine.

depending on what software you're using this will be different.
posted by gadha at 9:17 AM on August 13, 2007


Thanks for the offer, gadha, but I'd like to keep this configuration as close to a "by the book" approach as possible -- whether your offer qualifies I have no idea.

The guide that I linked to in my post mentions nothing about different IP addresses for the primary and secondary nameservers (although that seems quite logical). The screenshot where they show how to enter your nameserver IP addresses (page 20) cuts off the fourth set of numbers.

Do most people getting a virtual dedicated server from these yahoos have a secondary DNS already lined up? I'm just a little confused why such a detailed how-to guide would gloss over this not-at-all-insignificant detail.

And regarding your #2 (no records on my DNS server), how would I fix that?
posted by Doofus Magoo at 9:21 AM on August 13, 2007


I assume you've done step 1 on page 18 which says "add the domain to the control panel"?
posted by gadha at 9:26 AM on August 13, 2007


this manual seems pretty glossy -- is there a more comprehensive one?
posted by gadha at 9:27 AM on August 13, 2007


Yes, the step on page 18 (which references steps on page 11+) has been completed, and I've got the domain in my control panel.

I only wish there was a more comprehensive guide out there. here's a very short article explaining how to set up nameservers on the virtual dedicated servers, but it's even more worthless than the PDF.

How do I determine what DNS software I'm running on the server.
posted by Doofus Magoo at 9:34 AM on August 13, 2007


As far as I can tell from the article wording and the pdf file resource records for the DNS zone seem to happen "magically"... -- maybe they happen automatically -- but there should be a place where you can do things like edit the resource records for things like mail (MX) , alias (A) records etc...

it might be worth deleting everything from the control panel and trying again from scratch verifying each step

I wouldn't start manually editing zone files if you are intent on using the control panel.
posted by gadha at 9:43 AM on August 13, 2007


Yes, you have both ns1 and ns2 set to a specific IP address. This is unusual, and normally registrars will prevent you from doing this. The official rules are that you must have two separate nameservers. (what many people do is use a single server with two IPs to get around this, but the official rule is two nameservers.) But from perusing the godaddy documentation, I think they're ignoring that rule themselves, and setting you up with just one IP deliberately.

This is very poor form, and very low-reliability; they should be offering you backup NS service, where you have a tiny master server, which notifies their monster slave servers; whenever you make a change, it should get propagated to the huge GoDaddy NS system for proper, bulletproof DNS service. Your WHOIS should list the GoDaddy servers, not your tiny little VPS.

When you're hosting at a freaking registrar, running your own primary DNS on a virtual private server just about defines a stupid setup. From seeing this, and from other things I've seen from GoDaddy in the past, I'd strongly suggest finding a different webhost. You're getting a shoddy product when it would be trivial for them to provide you with an extraordinarily good one.

Ok, if you want to stay there, it looks like you may not have set up the domain in the Simple Control Panel. According to the docs, that should create zone files for you. Have you done that?
posted by Malor at 10:03 AM on August 13, 2007


Yes malor I agree... could it be that the control panel gets confused when setting both the primary and secondary as the same ip and somehow futz's the configuration?
posted by gadha at 10:14 AM on August 13, 2007


Yeah, that's the impression I got, too -- that the DNS zone would "happen" when I created the domain in the control panel (e.g., page 18 of the guide says "It's easy to set up a zone file for your domain... because the control panel automatically creates a zone file for any domain you set up."

However, when I go into "DNS configuration" via the control panel for the site, there are no zones configured. I click "Add New Zone," and it starts asking me all sorts of crazy stuff about whether it's a Master/Slave and the TTL and expiration and a bunch of crap I have no idea how to configure. Does it sound like that's what I need to do, is configure a new zone?
posted by Doofus Magoo at 10:27 AM on August 13, 2007


And believe me, Godaddy was not my choice. Shoutout to my homies at TCH.
posted by Doofus Magoo at 10:29 AM on August 13, 2007


doofus... that's the stuff you need the "crazy" stuff... you need to setup zone files for your domain.... - that sounds right
posted by gadha at 10:32 AM on August 13, 2007


This might be of use to you to learn general concepts on DNS zone configuration.
posted by gadha at 10:35 AM on August 13, 2007


I did a whois on your domain and it looks like godaddy is both the registrar *and* the host for your domain? If that's true, I'd just call them up and tell *them* to set it up. Seconding what cmiller said...dns is *really* not for the faint of heart. You're better off not running your own dns server if you're not familiar with it.

Call godaddy...tell them "I registered a domain with you guys and you guys are also doing the hosting, but I can't reach the domain. Help!"
posted by edjusted at 10:49 AM on August 13, 2007


Oh man, I'd break things something fierce if I tried to set the zone file up myself. I think it's going to be a lot easier to "politely inform" Godaddy that the zone file didn't get created like it was supposed to when I added the domain to the server.
posted by Doofus Magoo at 10:53 AM on August 13, 2007


I thought I'd throw out dnsreport.com and dnsstuff.com for the heck of it. I used to use them a little bit to see changes propagate and for minor troubleshooting, etc.
posted by prodevel at 12:54 PM on August 13, 2007


« Older Subnetting for Windows?   |   Quick Post to Blogger from Safari 3 Newer »
This thread is closed to new comments.