set domain to a ubuntu 20.04 vps with bind

domain-name-system bind vps domain ubuntu-20.04

so I have a ubuntu 20.04 vps and a website running on it, I wanted to point my domain to it. but nslookup railnet.ir gives ** server can't find railnet.ir: SERVFAIL
the vps ip is 87.236.210.159 and the domain is railnet.ir the thing I did:
apt install bind9 and then the configs: /etc/bind/named.conf.options:

options {
    directory "/var/cache/bind";
    allow-query { any; };
    forwarders {
        8.8.8.8;
        8.8.4.4;
    };
    dnssec-validation auto;
    listen-on{
        87.236.210.159;
    };
    listen-on-v6 { none;};
};

and /etc/bind/named.conf.local:

zone "railnet.ir" {
        type master;
        file "/etc/bind/db.railnet.ir";
        allow-transfer { 87.236.210.159; };
        also-notify { 87.236.210.159; };
};

and eventually /etc/bind/db.railnet.ir:

$TTL    604800
@       IN      SOA     ns1.railnet.ir. myemail.gmail.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns1.railnet.ir.
@       IN      A       87.236.210.159

and also in my domain provider website I did set server name to ns1.railnet.ir and ip address to 87.236.210.159

this is my first time doing such thing, so obviously I'm doing something wrong, but can't figure it out


First of all, you have to define ns1.railnet.ir. in your zone. Add a line

ns1 IN A 87.236.210.159

Second, your DNS server does not reply. dig railnet.ir @87.236.210.159 does not return any answers. To figure out why, have a look at the logs provided by bind. Likely it can't open the zone file for some reason, or finds it invalid.

Third, your also-notify and allow-transfer points back to yourself based on what you write. Commonly these should point at your secondary DNS servers for that domain.

Start by making bind reply authoratively for all valid names, e.g.

  • dig railnet.ir SOA @87.236.210.159 should return ns1.railnet.ir
  • dig ns1.railnet.ir A @87.236.210.159 should return 87.236.210.159

When that's done, update whois, and hopefully glue records will be configured correctly.

In addition, you probably want to define some ACL's. As it is now, bind answers everything anyone bothers to ask. You probably want it to answer to zones it controls, and deny other queries.

In addition, DNS is one of those things that's a bit finicky to host yourself. Not impossible, but with only one domain you have to rely on glue records. Together with caching, this can lead to short downtime being cached. It's often a better approach to host DNS externally, with e.g. Cloudflare.

Related

Can 2 websites www.example.com and www.example.eu reside on the same server
kubeapi server as kubernetes pod
After removing .htaccess can no longer access phpmyadmin
how to install php5-memcached in linux?
worker_connections are not enough while have idle workers
OHV VPS ports remain "closed" and can't be changed, why?
HP Proliant ML350 Gen9 doesn't start
Does it matter to partition something before dd?
Multipart text/html email from Invision Community not parsing correctly [closed]
SPF broken by forwarding on the recipient side : what do?
Fastest way to copy files locally in linux
AWS ECS Fargate, container to container communication