I am trying to bind a domain name to a vps but I am failing..
I get this when I dig:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> ns1.example.com @61.15.2.95
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49520
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns1.example.com. IN A
;; ANSWER SECTION:
ns1.example.com. 604800 IN A 61.15.2.95
;; AUTHORITY SECTION:
example.com. 604800 IN NS ns2.example.com.
example.com. 604800 IN NS ns1.example.com.
;; ADDITIONAL SECTION:
ns2.example.com. 604800 IN A 178.159.2.95
;; Query time: 314 msec
;; SERVER: 178.159.2.95#53(178.159.2.95)
;; WHEN: Sat Apr 15 14:26:22 +04 2017
;; MSG SIZE rcvd: 106
Problem
;; WARNING: recursion requested but not available
since it is just a warning I tried to register it at quickhostuk but I got this error at dns management:
Failed to Modify Domain Nameservers: Nameserver not found at registry
here is what I did..
say, my vps IP is: 61.15.2.95
domain name: example.com
name servers:
- ns1.example.com=>61.15.2.95
- ns2.example.com =>61.15.2.95
1.I installed bind9.
2.I created a zone in named.conf.local
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
};
3. I created a db file for db.example.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.example.com. root.ns1.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
@ IN A 61.15.2.95
ns1 IN A 61.15.2.95
ns2 IN A 61.15.2.95
4.I modified named.conf.options and I added my vps ip to forwarders, I also tried google's 8.8.8.8
and 8.8.4.4
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
61.15.2.95;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
How should I correctly put it all together to make it work?
Best Answer
;; WARNING: recursion requested but not available
is actually a good sign when running an authoritative server, it is not supposed to provide recursion.Instead of changing anything on the server side, you can simply add
+norec
to thedig
command line to not request recursion and the warning will go away.For an authoritative server you also do not need
forwarders
. You may actually want to go one step further and specifyrecursion no
to be really sure you do not accidentally provide recursion access.Regarding the problem, where you get the message
Failed to Modify Domain Nameservers: Nameserver not found at registry
in your interactions with your registrar I would guess that this has to do with the specific process of changing nameservers with this registrar.As your nameserver names are inside your own zone, you will need glue records. I'm guessing that adding the necessary information for these glue records may be a separate step that you need to complete first.
Your question also suggests that you are using the same IP address for "two" nameservers. This sounds like a way to trick the enforcement of what is actually very sound policy of having some redundancy in place.
Finally, I will note that if you do not know how to run a nameserver and your end goal is something else altogether (running some other services), you are very likely better off using some established and properly managed dns hosting solution rather than setting up your own infrastructure for this.