How to Create DNS Server Step by Step ?

Last Update:2020-08-04 Source: Internet

Author: User

Keywords how to create dns server centos create dns server how to create dns alias in windows server 2012

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Introduction
Today, a brother company consulted me about the technology of migrating DNS to understand how to prepare and how to safely migrate DNS from a third-party service provider to self-built DNS. Recently, it may be because large companies are paying more and more attention to DNS resolution security, or DNS attacks have become more and more serious recently, and they may feel that they have more confidence in maintaining DNS resolution. But the matter of DNS migration is sometimes more complicated and error-prone (more often it is not smooth. During the migration process, website access is sometimes good and sometimes bad, and some areas are good and some areas are bad).

Alibaba Cloud Simple Application Server: Anti COVID-19 SME Enablement Program
$300 coupon package for all new SMEs and a $500 coupon for paying customers.

Since domain name resolution is a top-to-bottom process (DNS system can be said to be the world’s largest and most basic "cloud" service), it is necessary not only to understand how to build DNS, but also to deal with registrars, and when problems arise How to troubleshoot. Especially when the ns name you use does not exist, you may want to create the NS name.

Glossary
Generally speaking, DNS is resolution, but in the DNS industry, more detailed names are used. My explanation here may be inaccurate, but the purpose is to briefly explain with words that everyone can understand. For more details, please refer to technical books or manuals:

Registry/Domain Name Registry
The tld of each domain name is operated by a registry. For example, Verisign is responsible for .com domain names, and CNNIC is responsible for .cn domain names. The registry receives requests from registrars to manage domain, contact and host

Registrar/Domain Name Registrar
Receive end-user requests, and register and manage domain names with the registry. When we register domain names, we always register with the registrar, and the registrar has a system to communicate with the registry.

Top-level domain
The domain name is a symbol separated from right to left by ".", the higher the level, the higher the level. A top-level domain has a corresponding registry to operate and manage. Such as cn is a top-level domain.

suffix
A top-level domain may have multiple domain name suffixes. One domain name suffix + one individual character can form a domain name. For example, cn, com.cn, and net.cn are domain name suffixes.

domain name
A group of characters + domain name suffix form a domain name. Such as codox.cn, codox.net, foo.com.cn, bar.org.cn, etc.

Host record
After the domain name, multiple resolution records can be created, which can be used in web sites, such as journal.codox.cn. Also known as fully qualified domain name (FQDN)

hostObject/dns record
The NS used for domain names (main domain names, not host records), such as dns7.hichina.com and dns8.hichina.com used by codox.cn

scenes to be used
The following may be involved:

Pseudo-self-built: Do not take the usual path, the domain name suffix used by oneself is rather peculiar. After registration, when modifying DNS to a third-party/or previous self-built resolution server, an error such as "DNS server is illegal"
Self-built DNS, NS service resolves your own domain name: If your own domain name is codox.cn, the DNS used is ns1.codox.cn/ns2.codox.cn
Self-built DNS, but there are multiple domain names with different suffixes, using the same set of DNS
Pseudo-self-built
Sometimes customers may apply for the domain name foo.site as a personal website, using a third-party resolution, such as ns1.myns.com/ns2.myns.com. However, when the DNS of foo.site is changed to ns1.myns.com/ns2.myns.com at the registrar, an error is reported, saying "DNS is illegal", "DNS does not exist" and so on. It’s okay to use this set of DNS for the domain name with com suffix, but not the site domain name? why?

When a domain name uses a certain DNS, it must be registered in the registry through the registrar, must be registered in the registry through the registrar, and must be registered in the registry through the registrar. For example, if the domain name foo.site wants to use the DNS of ns1.myns.com, a registrar must register the DNS of ns1.myns.com in the site registry (only the ns1.myns.com name is required during registration, no Additional information required). As long as there is a registrar registered in the site registry, any *.site domain name can use ns1.myns.com in the future. You know, ns2.myns.com is similar.

Some students may find that the suffix of this ns (.com) is different from the suffix (.site) of the domain name using this ns. In this case, when registering ns, you do not need to fill in the ip of the server corresponding to ns, which is purely for reporting. Some registrars have optimized this process: when someone uses this cross-suffix ns, if all the registries of the domain name do not exist, just register it.

Of course, why do you need to register and go through this process? Anyway, the NS of ns1.myns.com will not be written into the DNS system of the top-level domain of the site. Why is it unnecessary? I also find it cumbersome and unnecessary, but this is stipulated by the standard of the domain name registration system (EPP).

Self-built DNS
Some large companies, or those who have technical pursuits to build their own DNS to resolve their own domain names, may have this need. Let's take my domain name as an example:

Domain name: codox.cn, the domain name has been registered.
DNS used: ns1.codox.cn, ns2.codox.cn, which have not been created yet.
There are 2 DNS servers, ip respectively: 1.1.1.1 and 2.2.2.2. The server has been purchased.
Create hostObject

This is the first step: register ns1.codox.cn and ns2.codox.cn with the cn registry, and create the ip corresponding to the dns.

How to create? Each registrar operates in different ways. Take Alibaba Cloud and godaddy as examples to illustrate:

Create hostObject in Alibaba Cloud

Create a hostObject in Alibaba Cloud, which is called "domain name server registration". Location: After logging in to the console, click "domain name" on the left to open the domain name list, click "management" behind the codox.cn domain name to open the domain name console (that is, after opening the management resolution record, click "Basic" in the navigation bar at the top of the page management"). In the domain name console, click "DNS modification/create" on the left, and you will see a "Domain name server registration/modification" button on the right. After you click in, there will be a registered location. In my example, choose "Resolve domestic English domain names"

Create hostObject in godaddy

Call "create hostname" in godaddy (Chinese interface), click on the domain name in the control panel to perform the "Settings" tab of the domain name details, there is a "Host Name" column below, click "Manage" to see the added hostObject, of course Can be created.

Modify DNS

The soldiers are divided into two ways. While creating the dns, it may be necessary to simultaneously build the resolution server software on the dns server, such as bind. Here blabla believes that the old driver is very familiar.

After creation, in addition to adding analysis records such as www.codox.cn., jounal.codox.cn., etc., you must remember to add the following records, otherwise the domain name will be abnormal

codox.cn. IN NS ns1.codox.cn.
codox.cn. IN NS ns2.codox.cn.
ns1.codox.cn. IN A 1.1.1.1
ns2.codox.cn. IN A 2.2.2.2

After adding, run the following command to see if this is normal:

dig codox.cn NS @1.1.1.1
dig codox.cn NS @2.2.2.2
dig ns1.codox.cn @1.1.1.1
dig ns2.codox.cn @1.1.1.1
dig ns1.codox.cn @2.2.2.2
dig ns2.codox.cn @2.2.2.2
dig othe.your.record.codox.cn @1.1.1.1

After the above check confirms that there is no problem, you can modify the NS records of the domain name at the registrar to ns1.codox.cn and ns2.codox.cn.

Note: After modification, the resolution record on the original dns server should not be deleted within 48 hours, and the resolution record above should be kept correct.

Self-built DNS-Share

If after codox.cn uses ns1/2.codox.cn this group of dns, I register a codox.net domain name and also use ns1/2.codox.cn, what should I do? I have to create a hostObject in the .net registry, because as long as I use this set of dns, someone else’s net domain name must have never been used, and no one has created it for me. Therefore, if my codox.net domain name uses this set of dns, I have to create this set of dns in the .net registry (in fact, it is for reporting). But how to create it? There are two types:

1. Need to be created manually. For those that need to be created manually, log in with the account of the domain name codox.cn, manage the domain name of codox.cn, create dns according to the above-mentioned "create hostObject" method, and use it to resolve the ".net domain name".
2. Created automatically. For some registrars, the ns of the cross-registry you use will be automatically created if ns1.codox.cn does not exist in the .net registry. Such as godaddy.

other questions

1. How many NSs can be used for a domain name?
You can write up to 13 ns. For example, google.com uses 13 ns names.

2. Can one ns use multiple ips?

Yes, up to 13 IPs can be used. And you can add an ipv6 address.

3. My self-built dns is working normally, and websites using this dns domain name can also be accessed, but when dig mydomain.com ns, it just doesn’t return ns records, why?

Your domain name is in the dns of the registry, and the domain name is normally authorized to your self-built dns. But in your self-built dns, mydomain.com NS record is not written. In dig or nslookup, after getting mydomain.com NS ns.mydomain.com from the DNS of the top-level domain, it will still go to ns.mydomain.com to query the NS record of mydomain.com once, and return empty if it is not written. Up. But generally the host records of www.mydomain.com can be used normally and the website can be accessed normally.

4. What kind of hostObject needs to fill in the ip when registering, and what is not needed?

When the suffix of the dns name and the suffix of the domain name-that will use this ns, when the two suffixes belong to the same registry, the ip must be filled in and the domain name holder can register. Otherwise, there is no need to fill in the ip, any registrar can.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More