Multiple nameservers for multiple dedicated servers on a single domain

domain nameserver dns-zone

The chapter on zone records in Zytrax's DNS for Rocket Scientists might help explain:

$ORIGIN example.com.
@             IN      SOA   ns1.example.com. hostmaster.example.com. (
                        2003080800 ; se = serial number
                        12h        ; ref = refresh
                        15m        ; ret = update retry
                        3w         ; ex = expiry
                        3h         ; min = minimum
                        )
              IN      NS      ns1.example.com.

Walking through this quickly:

  • The SOA is a Start Of Authority. The majority of what is says is not relevant right now, but the server part is (the part saying ns1.example.com.). In the server name, you put:

    Any name server that will respond authoritatively for the domain. So a valid value could (potentially) be ns.anyotherdomain.tld., or in effect, any server that has a NS entry within your domain.

  • the NS entries are the next part. Each NS entry is basically an

    authoritative records for the zone's name servers.

    In other words, the NS record is what tells the world at large who to ask for records within your domain. There is no need whatsoever for your NS servers to be entries within your domain, they can be ANY valid FQDN.

  • Finally, if you were nominating servers (via NS records) that are within your domain (as in the example above), then you would also need to create a valid A record (e.g. ns1 IN A 192.168.0.3).

Google handles any third-party for which it deals with the DNS via a very simpe setup, under googledomains.com.

Their googledomains.com. DNS infra for example handles krebsonsecurity.com, and no doubt thousands of other domains.

All that is required is:

  • a suitable SOA:

    ;; QUESTION SECTION: ;krebsonsecurity.com. IN SOA ;; ANSWER SECTION: krebsonsecurity.com. 21600 IN SOA ns-cloud-d1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300

  • a suitable set of NS records:

    ;; QUESTION SECTION: ;krebsonsecurity.com. IN NS ;; ANSWER SECTION: krebsonsecurity.com. 21600 IN NS ns-cloud-d2.googledomains.com. krebsonsecurity.com. 21600 IN NS ns-cloud-d3.googledomains.com. krebsonsecurity.com. 21600 IN NS ns-cloud-d1.googledomains.com. krebsonsecurity.com. 21600 IN NS ns-cloud-d4.googledomains.com.

  • those NS records point to A records under the same googledomains.com domain, e.g.:

    ;; QUESTION SECTION: ;ns6.googledomains.com. IN A ;; ANSWER SECTION: ns6.googledomains.com. 86400 IN A 216.239.34.10

So, basically: use the same approach as googledomains. SOA and NS records are all you need in most cases. Possibly spend some time reading Zytrax's guide - I've found it very useful to grasp the fuller picture of DNS. And don't let the title fool you - I'm closer to a potato gun engineer than a rocket scientist, and I eventually got it.

Related

Is it safe to ublock 587, SMTP submission port?
Default browser on Windows Server 2016 Remote Desktop Session Host
Distributed large file hosting
Using MAILTO in cronjob?
Two user folders under documents and settings
Proper way to disable Apache listening on localhost
HTTP Connection to a web server without port forwarding
MDT v. 8443 + ADK v. 1703 = boot-order changed after Post Install using UEFI
Split Brain DNS and DNS forwarding
Trouble enabling display_error in php.ini
HP ProLiant ML310e G8 v2 ssd
Ansible - jenkins plugin failing on Google Container Engine (GKE) - infinite loop with ingress