The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Setup OWN DNS Resolvers? Cpanel DNS Only

Discussion in 'Bind / DNS / Nameserver Issues' started by Experiance, Oct 3, 2009.

  1. Experiance

    Experiance Registered

    Joined:
    Oct 3, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Does anyone know how to setup my OWN DNS resolvers?
    I have 2x cPanel DNS only machines and am now setting up my own VPS.
    I would like to use my OWN dns servers rather than my datacentres resolvers.

    So in my /etc/resolv.conf - I want my own 2x cPanel DNS servers

    How do I do this? When i change over it does not work, added the VPS IP to the firewall, still nothing.
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I am getting the very strong feeling that you apparently know nothing about DNS resolvers! :D :rolleyes:

    The DNS resolvers HAVE NOTHING to do with the resolution of your domains that are hosted on your server!

    This is NOT where you setup your DNS server addresses for the server or your zones!

    The DNS resolvers actually has to do with resolving external domains which are not located on your server (IE: the rest of the internet) and is where your server goes when it needs to make a connection to some other server someplace out on the internet.

    You can have your own DNS servers but use the "resolvers" of your hosting provider which you need to do else is is very likely your server won't know how to route out of the server provider's network and out into the internet anywhere!
     
    #2 Spiral, Oct 3, 2009
    Last edited: Oct 3, 2009
  3. Experiance

    Experiance Registered

    Joined:
    Oct 3, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I do not want to use my datacenteres resolvers however I am at present.
    I am setting up 10 internal vps and want to setup my own resolvers.

    This has nothing to do with my own sites dns etc.
     
  4. Experiance

    Experiance Registered

    Joined:
    Oct 3, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Another way of putting it ...

    If i resold these vps, I dont want customers seeing the datacentre IPs in the resolv.conf - I want to run these VPS with my own resolvers.
     
  5. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The reason that it doesn't work currently for you is that your dedicated name servers are most likely not allowing recursion. This means that when the VPS servers attempt to use your name servers for resolvers, they will only permit serving DNS zones which they contain..ie your hosted domains.

    ISP or Data center resolvers are simply configured to allow recursion from any requests within their network (or some allow open recursion to anyone such as OpenDNS.org.

    While you can configure recursion for specific IP blocks, I suggest a better idea is to simply set the VPS servers to utilize the OpenDNS resolvers which are:

    208.67.222.222
    208.67.220.220

    Otherwise you would need to add a directive like the following to your dedicated name server options:

    allow-recursion { 127.0.0.1; localhost; 111.222.333.444; 111.222.333.555; };
    (specifying the IP's of any VPS servers which you want permitted)

    Not sure of the exact syntax to use for blocks of IPs as I am unsure if CIDR masks can be used.
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Again you seem to be quite a bit confused ... :rolleyes:

    What difference does it make the IP address?

    Note that your resolvers are supposed to be setup with numeric IP numbers and not with hostnames so "whose" IP is in the network resolver makes absolutely no difference whatsoever!

    To illustrate the point a bit further, the IP addresses the data center assigns to your server for your own DNS servers using your own domain on your own server will be registered TO THEM same as their network resolver IP numbers anyway so you gain absolutely NOTHING trying to use your own server IPs as the resolver configuration. Beyond not gaining anything useful, you could actually hurt the server and cause latency and hostname to IP network resolution problems for the server trying to use your own server IPs as the resolvers!

    To show you what I mean ....

    Code:
    # whois -h whois.arin.net x.x.x.x
    
    Run the above command and replace "x.x.x.x" with the number IP address of your data center's resolvers

    Run the above command again except make "x.x.x.x" the primary IP address of your server

    Notice anything in particular? LOL
     
    #6 Spiral, Oct 4, 2009
    Last edited: Oct 4, 2009
  7. Experiance

    Experiance Registered

    Joined:
    Oct 3, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Do not roll your eyes at me.
    We have our own PI space (Yes. PI not PA) so using our own IPS (resolvers) in the resolv.conf would make a difference if any of our users pop in and whois the IP, which a lot do as they are sold out to technical minded people instead of the standard end user.

    Again you assume you know everything...

    This is now working, I have setup the cPanel DNS to:
    allow-recursion { 192.168.1.1; xx.xx.xx.xx/24;};

    I have also set those up to use the OpenDNS resolvers.
     
  8. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator

    Glad to hear my suggestions worked for you and nice also to know that CIDR masks worked in the allow-recursion rule.
     
  9. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    If you have your own directly registered IP block, we wouldn't be having this conversation as you would already have a resolution routing solution upstream else you would not be able to map any of your IPs locally to your server in the first place.

    Let's take a step back here for a moment ....

    What is your issue that you are actually running into?

    I got that you are trying to hide reference to your upstream from your clients, I get that really --- just don't see the reasoning behind it as I could always tell you who you purchase from and who they purchase from and all resellers in between irregardless of how you set things up and nothing you could really do about that and the areas you are trying to mask would not be something every day average users would even look at let alone understand; thus, you are trying to mask the IPs in an area where it won't really have any impact because the only people who would think to look there would know how to find out the real details about everything totally irregardless of what IP you setup in there.

    What I would concentrate on more heavily is your actual DNS servers you use with your domains and your clients and make sure those are using your CIDR block and setup PTR records on each IP in your block that maps back to hostnames on your own domains. Those are the areas that will make the most difference with your average users.

    Now do you understand what I am talking about?

    Now taking this to a different viewpoint being technical, there is no technical reason you could not use your own resolver provided that DNS server was NOT located on your hosting server, allowed zone transfers between your servers and that server, and that resolver in turn DID in fact subsequently map to other external resolvers at your upstream provider and outside your network then you would be able to use your own resolver as an intermediary in that case.

    Hope that helps ;)

    PS: I do know everything! LOL
     
Loading...

Share This Page