Setting up your own nameserver, hosted on your server

To use your own nameservers you have to:

  • define it in Sentora
  • change your registrar's information for the domain(s)
  • setup the glue records (always in your registrar's tools)

Warning :

To be compliant with IANA name server requirements, you MUST have at least 2 redondant name-servers with two differents IPs. (see below for more info)

If you own only one server, you cannot build a compliant name server and you will do it at your own risk.
Sentora does not advise or approve building uncompliant nameservers.

1) Setting up your nameserver(s) :

Once you are logged in to the Sentora interface for your server:

- go to Domain>Domains and ensure your root domain (yourdomain.tld) is added. If not, add it.

- go to Domain>DNS Manager and select your root domain from the drop down box, then click on "Select". If there is "No records were found ..." create the default records with the button "Create Records". The default records are now created for that domain.

  • tab "NS": 2 nameserver records @ pointing at ns1.yourdomain.tld and ns2.yourdomain.tld
  • tab "A": 4 records, all pointing at your hosts IP for @, mail, ns1 and ns2
  • tab "CNAME": 2 records ftp and www, all pointing to your hosts IP using @
  • tab "MX: 1 record (priorty 10) pointing at mail.yourdomain.tld

If your server uses IPv6 instead of IPv4, you have to replace the IPv4 records in tab "A" by using the same records (except IPv6 value) in tab "AAAA" and to remove "A" records.

(NOTE: you are strongly advised to create an spf record manually, see also Online tools to check anything, "To setup and test SPF record").

The mandatory records to act as nameservers are the two ns1 and  ns2 "A" (or "AAAA") records, plus both "NS" records.


Ensure that port 53 is open on your server, else Bind will never receive any request!
You can check it with Port forwarding tester

 

2) Setting up your registrar's name server pointers.

Login to your registrar domain handling tool pages.

2.1) Find the page which shows the "nameservers" list for your domain, something like:

  • DNS1: a.dns.gandi.net
  • DNS2: b.dns.gandi.net
  • DNS3: c.dns.gandi.net

(this list was gathered from gandi.net registrar manager. Sentora has no special agreement with Gandi).

Enter the page or form that enable you to change this list content and replace the server list by your nameservers URLs :

  • ns1.yourdomain.tld
  • ns2.yourdomain.tld (at last two different are mandatory)
  • [ns3.yourdomain.tld] (... if you have more redundant servers)

 

2.2) Enter the page that enables you to chage the "Glue records". For each nameserver (ns1, ns2) enter its name and IP as required on the form.

Glue record entries are MANDATORY when the subdomain used for a nameserver is inside the same domain that the nemaserver resolves itself.

Example :
  You want to use the subdomain ns1.yourdomain.tld for the main name server that resolves your domain yourdomain.tld.
  Imagine the dialog between an application that want to access to yourdomain.tld and the nameservers:

  • What is the IP address for yourdomain.tld ? -> I do not know, ask to the name server that handles yourdomain.tld
  • What is the name server for yourdomain.tld? -> It is ns1.yourdomain.tld
  • What is the IP address of ns1.yourdomain.tld? -> I don't know, ask to its parent name server (which resolves subdomains of yourdomain.tld)
  • What is the name server for yourdomain.tld?

 => Glue record is mandatory to break the self resolving loop:

  • What is the IP address of ns1.yourdomain.tld? -> I have glue record, it is [IP address]

 

2.3) Wait for propagation to complete. (Can take up to 48 hours.)

See also Setting up DNS and Online tools to check anything

 

NOTICE - why redundant nameservers are important:

A normal query to resolve a domain (request for IP from domain name) is normally handled in a few milliseconds.

When a name server is down, it requires all servers along the chain in the internet to wait until a final time-out occurs (usualy between 2 000 to 15 000 milliseconds), which locks ram and processes during this time. And this state is propagated all around the world.

Using the same computer to host both primary and secondary nameservers (per example with a virtual server hosted on the same computer in order to have another IP) does not offer any redundancy: if the the computer is halted, both nameservers will be down at the same time and all requests to resolve all the domains that they host will fail in time-out.

So, setting your system up this way is only cheating.  And worse, on the computer side, an extra VPS adds a significant load for a task that is completely useless.


Currently, the IANA only requires that a nameserver have redundancy, but does not penalizes nameservers that are not redundant (yet).
Due to the number of newbie servers and nameservers exploding across the web. It is possible that the IANA may choose one day to ban nameservers that are the source of too many problems (Down time, connection loss, etc.).

So, each nameserver owner must be 100% RESPONSIBLE for their servers and nameservers... and do the best they can to ensure that the resolution of a domain is always a success (and is correct), because it impacts not only his website and domains, but also the whole World Wide Web.

Cheating cannot be a solution. Hosting a world wide public server, selling hosting space, and more, nameservers, is NOT a game!

PenWant to help ? Click here to report mistake or to send complement to add.