Thanks GP for the reply.

I have to say it was my mistake not to mention the following.

Besides the vhost, there is a local DNS inside the droplet and that is why I'm confused.
Make not sense to have a private DNS server if everything has to be resolved on the Digital Ocean's DNS.

Do you mean a local DNS resolver or an authoritative server?

You are free to use your own name servers for either purposes, or to use the ones DO provide or refer you to.

Hey GP!
Sorry I didn't see this comment yesterday.

For this case must be authoritative (at least I guess so) since I'm working on a droplet for Hosting AIO.

Later on I might set up the other two servers for resolve the domains but as for now I only need this one (not many sites really).

Hi Andrew,

Thanks for the reply!.

My droplet has been setup as a full hosting machine with DNS, WEB, FTP and its using the vanity nameservers.

The zones for maindomain.tld were defined on the DigitalOcean DNS as instructed on the Vanity NameServers guide

At this moment the zone at the Digital Ocean DNS looks like this:

$TTL    1800
@       IN  SOA NS1.MAINDOMAIN.TLD. hostmaster.maindomain.tld. (
            1412006639 ; last update: 2014-09-29 16:03:59 UTC
            3600 ; refresh
            900 ; retry
            1209600 ; expire
            1800 ; ttl
            )
             IN      NS      NS1.MAINDOMAIN.TLD.
                     NS      NS2.MAINDOMAIN.TLD.
                     NS      NS3.MAINDOMAIN.TLD.
@   IN A    123.456.789.90 ;Here goes the droplet ip
ns1.maindomain.tld. IN A    173.245.58.51
ns2.maindomain.tld. IN A    173.245.59.41
ns3.maindomain.tld. IN A    198.41.222.173
*   CNAME   @

What do I want to achieve?
Simple, for any new domain where the nameservers are set to ns1.maindomain.tld , ns2.maindomain.tld and/or ns3.maindomain.tld the respectively website loads from my droplet without have to add it to the Digital Ocean DNS.

I know the ideal is to have a DNS redundant config with two separated droplets each one for an exclusive BINDS service, but right now I just want to have this in one machine and grow slowly.

I'm testing this with a second domain that is currently hosted in another server.
At the registrar the nameservers were set as ns1.maindomain.tld , ns2.maindomain.tld and ns3.maindomain.tld

The apache conf is ok and the zone has been set as follows ( inside of the droplet, not in the Digital Ocean DNS):

$TTL 10800
@ IN SOA ns1.seconddomain.com.    postmaster.seconddomain.com. (
    2014093000  ;serial
    21600    ;refresh after 6 hours
    3600    ;retry after 1 hour
    604800   ;expire after 1 week
    86400 )    ;minimum TTL of 1 day
@    3600    IN    A    123.456.789.90
mail    86400    IN    A    123.456.789.90
ns1    172800    IN    A    123.456.789.90
ns2    172800    IN    A    123.456.789.90
www    3600    IN    CNAME   @
ftp    3600    IN    CNAME   @
@    86400    IN    MX    10  mail.seconddomain.com.
@    172800    IN    NS    ns1.seconddomain.com.
@    172800    IN    NS    ns2.seconddomain.com.

Still.. the nslookup returns to me an error or the previous IP address which means the changes started to propagate already but I must have done something wrong but can't figure out what/where.

============ EDITED ============

Now that I think about this (reading what you said before and what I just wrote) I guess I answered to myself and I should have the NS pointing to this machine IP only and not to the Digital Ocean's Name Server IPs... something like this:

$TTL    1800
@       IN  SOA NS1.MAINDOMAIN.TLD. hostmaster.maindomain.tld. (
            1412006639 ; last update: 2014-09-29 16:03:59 UTC
            3600 ; refresh
            900 ; retry
            1209600 ; expire
            1800 ; ttl
            )
             IN      NS      NS1.MAINDOMAIN.TLD.
                     NS      NS2.MAINDOMAIN.TLD.
@   IN A    123.456.789.90 ;Here goes the droplet ip
ns1.maindomain.tld. IN A    123.456.789.90
ns2.maindomain.tld. IN A    123.456.789.90
*   CNAME   @

Am I correct or should I try a different approach?

Just trying out the Proof - Error method I came up with a... hummm how to say... "clumsy" solution to my issue.

$TTL    1800
@       IN  SOA NS1.MAINDOMAIN.TLD. hostmaster.maindomain.tld. (
            1412114877 ; last update: 2014-09-30 22:07:57 UTC
            3600 ; refresh
            900 ; retry
            1209600 ; expire
            1800 ; ttl
            )
             IN      NS      NS1.MAINDOMAIN.TLD.
                     NS      NS2.MAINDOMAIN.TLD.
                     NS      NS3.MAINDOMAIN.TLD.
                     NS      OTNS1.MAINDOMAIN.TLD.
                     NS      OTNS2.MAINDOMAIN.TLD.
                     NS      OTNS3.MAINDOMAIN.TLD.
@   IN A    123.456.789.90
ns1.maindomain.tld. IN A    173.245.58.51
ns2.maindomain.tld. IN A    173.245.59.41
ns3.maindomain.tld. IN A    198.41.222.173
*   CNAME   @
otns1.maindomain.tld.   IN A    123.456.789.90
otns2.maindomain.tld.   IN A    123.456.789.90
otns3.maindomain.tld.   IN A    123.456.789.90

In this way for any new domain that I want to serve from this droplet I just need to set the name servers at the registrar with otns1.maindomain.tld, otns2.maindomain.tld and/or otns3.maindomain.tld

The DNS health status goes fine this way and the only upcoming alerts are related to the use of a single IP Address.

Although this is a quick and easy solution, I don't know if it is the best one or if I should avoid the use of the Digital Oceans NS since I'm using my own on the droplet.

===
DNS Health test performed on:

http://dnscheck.pingdom.com/
http://leafdns.com/
http://mydnscheck.com

It's not really possible for us to suggest you anything - you meticulously edited out every useful piece of information out of your questions.

That being said, your zones appear broken in many ways. It'd be a much better idea to simply use DigitalOcean's DNS panel, especially since your set up is unreliable due to the use of a single DNS server.

Got a specific question you still need assistance with?

EDIT: I see your latest zone file has different nameservers but I honestly can't make sense of what's going on anymore. Let's reset and start from what you have now and what you want to achieve, including all those other domains because it's going to change the end result.

Hey GP!...

I'm not native English speaker so I honestly didn't understand what you meant by "meticulously edited out every useful piece of information out of your questions" but following your request "Let's reset and start from what you have now"

Let me tell you my reality and rephrase the things in here:

I have a few clients for whom I currently provide IT support.
They are asking me for something specific that is web hosting and mail services so the answer(s) to your questions about

=

::::::::: What do I want to do ? :::::::::

Generally speaking

1. Provide e-mail and web hosting services from my own Server and for this I plan to start with one server and grow upon demand.

Technically speaking

1. I want to handle web hosting, and e-mail services from the same server at first.
2. Later on (it's going to take some time for this) I will migrate the services to independent servers each one (as it should be). (One Mail server, One Web Server, Two or Three DNS servers).

So far and for what I want to do I have the droplet with CentOS and the services currently running are web, ftp, mail, dns (Everything ok at services level).

Specifically speaking.
I want to be able to create new accounts/websites only by:

1. Adding the domain in the server (Without have to add it on Digital ocean DNS).
2. Setting the ns on the registrar.

=

::::::::: What do I have at this moment? :::::::::

1. The droplet deployed with the Server OS + Services + Server control panel.
2. Two valid domains call them maindomain.tld (my domain as provider) and seconddomain.com (one of my client's domain)
3. The zone for the maindomain.tld defined and resolved on the Digital Ocean's DNS
4. The zone for the seconddomain.com defined and resolved on the Droplet's DNS

=

::::::::: What does it mean the mess on the latest zone file shown :::::::::

Well... by now I guess you should have an idea about what it what I'm doing but just in case you need to understand better. That is the zone file at Digital Ocean's and it just means that

1st. * maindomain.tld it's resolved on the Digital Ocean's DNS* and for this the NS set on the registrar for maindomain.tld are defined and glued to the Digital Ocean's IPs as follows :

NS1: ns1.maindomain.tld. [ 173.245.58.51 ]
NS2: ns2.maindomain.tld. [ 173.245.59.41 ]
NS3: ns3.maindomain.tld. [ 198.41.222.173 ]

2nd. Any client's domain like * seconddomain.com it's resolved on the Droplet's DNS* and for this the NS set on the registrar for seconddomain.com are defined and glued to the Droplet's IP as follows:

NS1: otns1.maindomain.tld. [123.456.789.90]
NS2: otns2.maindomain.tld. [123.456.789.90]
NS3: otns3.maindomain.tld. [123.456.789.90]

=

::::::::: In conclusion :::::::::

At this moment looks like my issue has been solved and according to the results of the different DNS test I've performed since yesterday everything is fine, except for the fact that the NS for my clients are on the same IP (or as you said on the same server) but this I will change it in the future and I think it won't represent an issue as long as I keep my customer list small.

If you consider this might represent a treat for the domains resolution let me know your thoughts (lets share knowledge).

Also if you have any ideas that might consider a better solution for what I'm doing I'm aways open to listen and learn. ;-)

Thank you for all the advice you guys provide!

It looks like you should be using the DigitalOcean DNS panel instead of your own name server.

Your current set up is unreliable and non-redundant, and using the panel would be even easier than setting this up yourself.

There's also no way to have domains magically start being handled by your web and mail servers. What you're trying to accomplish is usually done through what is called "Configuration Management", and it takes weeks and months to develop automated systems that will reliably detect when a new domain is added to a network and then automatically start serving services based on that. However, that time is definitely an investment because once you're done you spend a lot less time handling the daily operations of your services.

So basically, stick to the basics - your over engineering is killing the reliability of the services you want to provide in the future.

Hi there GP

Thank you so much for your observations!

I'm helping FALUDEROCA here in Brazil!
(He doesn't speak English yet so I was posting on his account/behalf).

Actually we could manage to handle everything at the server level by changing domain to one with a different tld.

At first we were just facing a requirement that the brazilian registrar [registro.br] has as mandatory which is to have a different IP address for each .com.br name server.

I agree that the current setup is not reliable but only because is one standalone server handling the name resolution (although is not a permanent condition because the plan is to have separate name servers on the future to have a healthy environment).

Regarding the configuration management, I know it takes time to develop a more suitable system to accomplish all this endeavor, but if I'm not mistaken (and please correct me if I'm wrong) that's why exist out there solutions like cPanel/WHM, ServerPilot, zPanel/Sentora, Interworks, Vesta, Plesk, and many others that allow you to automate the much as possible all the process in less time than creating your own information system unless you need certain specific conditions that might be out of the scope of this solutions.

I mean, personally I'm not an expert on servers and networking (still learning a lot) but for me that doesn't mean I have to re-invent the wheel instead of use it and improve it!

What we figure out in here was to start with a single server managing all the services and as soon as there is the real need then escalate to the next level.

Saying on this case

Phase 1 :
zPanel -> 1 server does all (but we are aware if one service failure is a threat to the whole system).

Phase 2: (When the business grows)
zPanel or cPanel/WHM License-> (2 DNS servers, 1-2 WEB/DB server, 1-2 EMAIL servers)

Phase 3: (If the growth exceed the expectations)
zPanel, cPanel or Custom System -> ( 2 DNS servers, 2-4 WEB servers, 2-4 MAIL servers, 2-4 DB servers)

His business has a small target/market, and is not running for global services that require a DataCenter and/or dedicated machines. ;-)

I don't think why you insist on thinking running DNS on one droplet is okay - it's not, and this is why registrars go through the effort of preventing people from doing it. The only thing you're doing to yourself is adding additional complexity by the way of having an administrate a service you do not know well. On the other hand DigitalOcean is offering a better service that has been proven to work by thousands of users for free. This is why you should be using the DigitalOcean DNS panel: that way you don't have to purchase 3 droplets to handle DNS and it's not as unreliable as doing it on one machine.

What I meant earlier is that there's no system that will detect domains being pointed at it and then subsequently start serving web/email/etc. If you use a thing like zPanel then that will essentially be doing what the config management system would do for you: create mail accounts, entries in the mail server config, etc., just in a less flexible way. Feel free to do that if you want.

Hi there GP,

I guess that when you said is not ok to have a DNS on a droplet what you meant was that is not ok to have only one DNS to resolve the names instead of two.

Besides the physical space occupied and the derivated costs of infraestructure and hardware, I don't see a difference on to have a DNS running on a VPS(Droplet) or in a Dedicated server.

As I said before I agree with you that the way we set it up doesn't have the reliability required for the purpose we are after in the long term... In fact I know we are killing the essential basis of the internet by doing this which is keep the data flow by having a backup connection in case one node fails and that's the essential for any reliable environment.

Don't kill yourself because we are trowing trough the toilet the best practices and/or the industry standards. ;-)
I don't like it either more than yo do and I decided to think that it just fit our needs at this moment. (More a phase of testing if the idea will work or not than other thing).

We are implementing this but we are going to see up to what point we can adjust the panel (considering is opensource) for our specific needs. In fact we don't discard the idea to use the Digital Ocean's DNS as long as we can manage at our end without have to access for every new domain to the Digital Ocean's Panel and if I have read correctly this can be done trough the Digital Ocean API2.

The truth is at some point we might use custom tlds and by this I mean not acquired at any registrar (yet) and by obvious consequence they won't be reported on propagation to the parent DNS.
The system we are aiming to implement will use domains like.

• office1.mpsp
• office2.mpsp

But we have to keep in mind new users will have the ability to create their own domains under that tld and this whole process should be totally transparent to them. Imagine a service like traditional mass hosting but private for people with limited tech knowledge.

If you wonder why we need to have custom tlds I can't explain deeply the reason... I just know is a requirement related to privacy and Security Through Obscurity (Which I'm not a big fan either but... is a requirement as well).

I'm not sure what custom TLDs or dedicated servers have to do with what I said, to be honest.

Again, the DigitalOcean DNS panel would be a better option for doing everything you mentioned so far. Even if for some unexplained reason you insist on believing the opposite, one DNS server does not fit your needs.

And if you are doing internal DNS, then you don't even need to set anything at your registrar, so then it becomes a non-issue.

Good luck,