purri
By:
purri

Delegating a Subdomain + NSD setup

August 9, 2015 2.3k views
DNS Debian

Hi

First time with DNS, but I need to delegate a subdomain to my own DNS.
Is it possible in DO interface ?

I'll enumerate my questions to make it easier to reply :)

1) Is this right what i'm doing on screenshots?

First one is DNS records of exampledomain.com (not real) that delegated to ns1.digitalocean.com as usual, it works fine.

http://i.imgur.com/mioLBUW.png

Second is what im trying. I add a domain "sub.exampledomain.com" and add NS record to it.

http://i.imgur.com/WSRLlGL.png

So it works like that?

2) In 2nd screenshot i put two "glue" A records - it's just i tried to make it work. I'm not sure is they need there or not? Because already have A record for ns1.exampledomain.com in the parent domain interface (1st screenshot).

3) I'm also trying to realise, can i use for my subdomain only one master-only NS server without slave.

Or if not, I'm thinking can i use my ns1.exampledomain.com as master, and ns1.digitalocean.com as slave. And also i have seen living examples where ns1 and ns2 have the same IP...

(Reliability issues i do not care.)

(But the reliability of the main domain worries me, and that's why i do not want to setup my own DNS for the main domain itself, and why trying to setup a subdomain for my purposes)

4) Server part. I use NSD server

nsd.conf

zone:
    name: "sub.exampledomain.com"
    zonefile: "sub.exampledomain.com.zone"
    ;notify: 173.245.58.51 NOKEY
    ;provide-xfr: 173.245.58.51 NOKEY

sub.exampledomain.com.zone

ORIGIN sub.exampledomain.com.
$TTL 1800
@       IN      SOA     ns1.exampledomain.com.    hostmaster.exampledomain.com. (
                        2015080800              ; serial number
                        3600                    ; refresh
                        900                     ; retry
                        180000                  ; expire
                        1800                    ; ttl
                        )

        IN      NS      ns1.exampledomain.com.
        ;IN      NS      ns1.digitalocean.com.

ns1     IN      A       104.1.2.3

But what I see it still not working, not resolving (after hours), and SOA record still in ns1.digitalocean.com

$ dig  sub.exampledomain.com any +multiline

; <<>> DiG 9.10.2-P2 <<>> sub.exampledomain.com any +multiline
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31654
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sub.exampledomain.com.                IN ANY

;; ANSWER SECTION:
sub.exampledomain.com.         1456 IN NS ns1.exampledomain.com.
sub.exampledomain.com.         1456 IN SOA ns1.digitalocean.com. hostmaster.sub.exampledomain.com. (
                                1439102949 ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                1800       ; minimum (30 minutes)
                                )

;; Query time: 10 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; MSG SIZE  rcvd: 128

I use debug-mode: yes and verbosity: 2 in nsd.conf.
But only message i saw in /var/log/nsd.log is :

    error: xfrd: zone sub.exampledomain.com: max notify send count reached, 173.245.58.51 unreachable

after I tried to add ns1.digitalocean.com as slave (commented line in nsd.conf and sub.exampledomain.com.zone). Also tried to add reverse zones, but not helps, and i'm not sure whether they are necessary to me.

Would be very grateful if someone answers to at least some of my questions. And I'm going to read the DNS AND BIND book ... :))

2 comments
  • DigitalOcean doesn't support DNS delegation yet and adding a subdomain to the DO panel will only delegate it to DO itself.

    Use CloudFlare for DNS (you can turn off their additional features) and delegate the subdomain to your NSD server. DO's nameserver run on CloudFlare so you won't notice any performance difference.

  • I'll second the CloudFlare recommendation. Their free tier will cover what you're looking for.

    I'd also like to add a tip for querying an authoritative nameserver directly, in order to bypass potential DNS record caching issues. In your question, you ran this query:

    dig  sub.exampledomain.com any +multiline
    

    Add an @ argument to query a specific nameserver directly. For example:

    dig  sub.exampledomain.com any +multiline @ns1.digitalocean.com
    
1 Answer

This question was answered by @jesin:

DigitalOcean doesn't support DNS delegation yet and adding a subdomain to the DO panel will only delegate it to DO itself.

Use CloudFlare for DNS (you can turn off their additional features) and delegate the subdomain to your NSD server. DO's nameserver run on CloudFlare so you won't notice any performance difference.

View the original comment

Have another answer? Share your knowledge.