Home Explore Help
Sign In
shmalebx9
/
ffwww
forked from fedfree/ffwww
Watch 1
Star 0
Fork 0
Files
Branch: master
Branches Tags
ffwww
/
site
/
docs
/
dns
/
index.md

index.md 3.0 KB
Permalink History Raw

title: DNS configuration x-toc-enable: true ...

Introduction

This section is geared towards authoritative DNS servers. For example, if you had the domain name domain.com, you might have these name servers:

  • ns1.domain.com
  • ns2.domain.com

Your domain name must have at least two name servers. Firstly, we will cover how to set up the DNS server itself. Later, we will cover how to configure records such as A, AAAA, TXT, NS and other records inside zone files.

Yes. You can run it yourself. This is dark magic, that Fedfree will teach you how to use.

No fancy web interface. Just good old fashioned zone files, edited in Vim. Let's jump right in!

Requirement

Operating system

Linux or BSD is totally fine.

IP addresses

If you're only running IPv4, you need at least 2 IPv4 addresses, publicly routable with port 53 open for DNS. This section will not cover how to open ports on your firewall, or forward ports on your router, but you can refer to other information elsewhere for that.

If you're running IPv6 aswell, you need at least two IPv6 addresses. We recommend running dual stack IPv4 and IPv6 infrastructure, for all services. IPv4 is the legacy internet, and has been since the 90s. Just because the rest of the world still hasn't caught up, doesn't mean you should copy bad practises. You should always run both IPv4 and IPv6!

Authoritative name server setup

When you resolve a domain name, you use one of the root DNS servers on the internet, the NS record for that domain specifies which name servers are to be used. If you're running your own DNS servers, then a glue record must be set, specifying the IPv4 and IPv6 address of each DNS host, e.g. ns1.domain.com might specify 81.187.172.130, which would be the IP address of that name server. That server is what responds, resolving names to IPs (and IPs to names, if configuring PTR records for reverse DNS).

It's called the authoritative name server, because it's the designated master server for your domain. You will additionally set up a slave server as backup, in case the main one goes down. When you want to reconfigure a domain name, the name server will send new information to the root DNS servers.

That is what we will be setting up, in these tutorials. Fedfree recommends the use of gandi.net for domain name registrations, because:

  • Very friendly to libre software projects (lots of libre projects use gandi)
  • Many, many options in the control panel, including the ability to set IPv6 glue records!

Debian (bind9)

Refer to debian-bind.md

Other name server daemons exist, but we will use bind.

TODO: cover other operating systems, e.g. OpenBSD.

DNS configuration

This section will cover how to configure domain names, once your name server software is up and running.

Bind (any distro)

Refer to zonefile-bind.md