Question
Question
Delegating a Subdomain + NSD setup
Hi
First time with DNS, but I need to delegate a subdomain to my own DNS.
Is it possible in DO interface ?
I’ll enumerate my questions to make it easier to reply :)
1) Is this right what i’m doing on screenshots?
First one is DNS records of exampledomain.com (not real) that delegated to ns1.digitalocean.com as usual, it works fine.
http://i.imgur.com/mioLBUW.png
Second is what im trying. I add a domain “sub.exampledomain.com” and add NS record to it.
http://i.imgur.com/WSRLlGL.png
So it works like that?
2) In 2nd screenshot i put two “glue” A records - it’s just i tried to make it work. I’m not sure is they need there or not? Because already have A record for ns1.exampledomain.com in the parent domain interface (1st screenshot).
3) I’m also trying to realise, can i use for my subdomain only one master-only NS server without slave.
Or if not, I’m thinking can i use my ns1.exampledomain.com as master, and ns1.digitalocean.com as slave. And also i have seen living examples where ns1 and ns2 have the same IP…
(Reliability issues i do not care.)
(But the reliability of the main domain worries me, and that’s why i do not want to setup my own DNS for the main domain itself, and why trying to setup a subdomain for my purposes)
4) Server part. I use NSD server
nsd.conf
zone:
name: "sub.exampledomain.com"
zonefile: "sub.exampledomain.com.zone"
;notify: 173.245.58.51 NOKEY
;provide-xfr: 173.245.58.51 NOKEY
sub.exampledomain.com.zone
ORIGIN sub.exampledomain.com.
$TTL 1800
@ IN SOA ns1.exampledomain.com. hostmaster.exampledomain.com. (
2015080800 ; serial number
3600 ; refresh
900 ; retry
180000 ; expire
1800 ; ttl
)
IN NS ns1.exampledomain.com.
;IN NS ns1.digitalocean.com.
ns1 IN A 104.1.2.3
But what I see it still not working, not resolving (after hours), and SOA record still in ns1.digitalocean.com
$ dig sub.exampledomain.com any +multiline
; <<>> DiG 9.10.2-P2 <<>> sub.exampledomain.com any +multiline
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31654
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sub.exampledomain.com. IN ANY
;; ANSWER SECTION:
sub.exampledomain.com. 1456 IN NS ns1.exampledomain.com.
sub.exampledomain.com. 1456 IN SOA ns1.digitalocean.com. hostmaster.sub.exampledomain.com. (
1439102949 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
1800 ; minimum (30 minutes)
)
;; Query time: 10 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; MSG SIZE rcvd: 128
I use debug-mode: yes and verbosity: 2 in nsd.conf.
But only message i saw in /var/log/nsd.log is :
error: xfrd: zone sub.exampledomain.com: max notify send count reached, 173.245.58.51 unreachable
after I tried to add ns1.digitalocean.com as slave (commented line in nsd.conf and sub.exampledomain.com.zone). Also tried to add reverse zones, but not helps, and i’m not sure whether they are necessary to me.
Would be very grateful if someone answers to at least some of my questions. And I’m going to read the DNS AND BIND book … :))
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×
DigitalOcean doesn’t support DNS delegation yet and adding a subdomain to the DO panel will only delegate it to DO itself.
Use CloudFlare for DNS (you can turn off their additional features) and delegate the subdomain to your NSD server. DO’s nameserver run on CloudFlare so you won’t notice any performance difference.
I’ll second the CloudFlare recommendation. Their free tier will cover what you’re looking for.
I’d also like to add a tip for querying an authoritative nameserver directly, in order to bypass potential DNS record caching issues. In your question, you ran this query:
Add an @ argument to query a specific nameserver directly. For example: