secondary dns using zoneedit and granitecanyon

[varg]

Hello,

I've got a cPanel server and I am trying to setup secondary dns for some of our more controversial websites that we host. I've opted to use Zoneedit and GraniteCanyon along side of our DNS. Has anyone else looked into this solution? We are going to start charging a $10 maintenance fee to all of our more controversial clients who opt to use our secondary dns feature. What steps do I need to take after ZoneEdit and Granite Canyon give me the nameservers?

Note: I do want to use this alongside of our DNS as primary.

Thank you.

Also, does 5 minutes seem like a reasonable ttl?

PS, as far as I know, ZoneEdit nor granitecanyon have cpanel/whm installed on their servers.

 

[varg]

I need this like yesterday..can't someone help me figure this out?

Thanks.

 

[sawbuck]

What we do is use ZoneEdit as secondary slave name servers. Seems different than what you want as it
sounds like you want them to be additional primaries. In any event what you need to do is
edit the zone files for the appropriate domain records to use those additional name servers.
HTH

 

[alex042]

This may cause some issues especially when you make changes to the domains. We have a customer who uses zoneedit for his domain and I noticed that when changing the ip's of some accounts, it seemed like all of the ones under our cpanel dns server moved almost immediately, but his site was down for a day or two until everything was manually changed in zoneedit and refreshed through the dns system.

 

[sawbuck]

Using Zone Edit or other services as secondaries (slaves) doesn't require any manual editing as the zone transfers take place automatically when information changes at the primaries via the zone transfer function.

 

[alex042]

I thought he was referring to using zone edit as primary dns.

 

[varg]

Damn, so no one from cPanel can reply to this to clarify how to set this up?

 

[FriedEgg]

I'm using EveryDNS for secondary DNS (up to 20 domains free, no limits with $15 donation), and here's what I do.

1. They need to be allowed to transfer records in Bind's configuration file (/etc/named.conf). For me, it's something like:

options {
allow-transfer { 64.158.219.3; 127.0.0.1; };
};

In this case, 64.158.219.3 is the nameserver EveryDNS does transfers from, so that will be different with ZoneEdit. Generally it's one or all of the actual secondary nameservers you're assigned.

2. I add the domain I want to have secondary DNS on at EveryDNS (I imagine ZoneEdit has something similar).

3. I update the zone record (/var/named/example.com.db) to include the extra namservers:

example.com. IN NS ns1.example.com.
example.com. IN NS ns1.everydns.net.
example.com. IN NS ns2.everydns.net.
example.com. IN NS ns3.everydns.net.
example.com. IN NS ns4.everydns.net.

Where ns1.example.com is my primary nameserver (ie on my server). You could set these up in the zone file templates, or you can just add them by hand when necessary.

4. I then list all of the dns servers at the domain registrar.

When I make a change to a zone record (don't forget to update the serial!) on my master nameserver, it sends out a notify, and the secondary dns servers transfer and update their records.

 

[tawfiq]

FreidEgg, thanks for your post, clear and usefull

i am currently doing the same with zoneedit.com except i was using both my own server dns and zonedit as primaries and i had to edit both whenever i needed to make a change to a zone.

however, the way you describe it as to use the additional dns servers as slaves is certainly alot less headache when editing zone settings.

 

[varg]

Indeed, thanks a lot :D

 

[varg]

Originally posted by tawfiq
(don't forget to update the serial!)

What exactly does this do, and how do I do it? (sorry for sounding braindead but I've done everything else up to this point and I'm not sure what you mean.)

Thanks

 

[varg]

nevermind, i figured out what the serial was and i got the slaves going. cheers

 

[varg]

Just an update..

I had some help from someone in a Linux chan that sounded like they knew what they were talking about and he told me that you couldn't use the allow-transfer within the options directive, and this would make sense. Here's what I did:

in your named.conf use:

zone "example.com" {
type master;
file "/var/named/example.com.db";
allow-transfer { $ip; $ip; };
};

Where $ip = your IP

/etc/rc.d/init.d/named restart

Seems to work. When I had it in the options directive, I would get errors when restarting named.

 

[FriedEgg]

You can... I do. I'm not sure why it didn't work for you. From the Bind documentation:

allow-transfer
Specifies which hosts are allowed to receive zone transfers from the server. You can also specify the allow-transfer option in the zone statement, in which case it overrides the options allow-transfer statement. If not specified, the default is to allow transfers from all hosts.

So, yes, you can do it per zone, but I personally find it easier to do it globally. Also, in yours, I assume by "your IP" you mean the IP's of the nameservers? It wouldn't make sense to just allow yourself to transfer to yourself locally.

 

[sawbuck]

Another way to accomplish the same thing just more secure.

acl "trusted" {
127.0.0.1;
69.10.XXX.XXX;
216.122.XXX.XX;
199.232.XXX.XX;

};
options {
directory "/var/named";
version "not currently available";
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
};

 

[varg]

Originally posted by FriedEgg
I assume by "your IP" you mean the IP's of the nameservers? It wouldn't make sense to just allow yourself to transfer to yourself locally.

Of course