nobaloney
NoBaloney Internet Svcs - In Memoriam †
By default most of us are running DirectAdmin on servers with BIND set up for use both as a caching nameserver (so the server can use it's own nameserver) and as an authoritative nameserver (so we can use it to resolve the domains we host).
Recently DNS Report began reporting the use of a recursive nameserver for authoritative reporting as a FAIL condition. Whether they should or not is highly controversial; most small nameservers on the 'net are used for both.
However they are, and anyone that ever uses DNS Report to look up a domain hosted by you and using your nameservers, will see a FAIL condition. Which will cost you in support time, credibility, and customers.
So many of us will want to start using different nameservers for recursion than we do for authoritative DNS reporting.
Here's how:
The following instructions are for those of us running CentOS, RHEL, or RHL; if you're running another OS you should do something similar.
Before you do anything else make sure you're not using your own nameserver to resolve lookups from your own server:
# cat /etc/resolv.conf
You'll see something like this:
Once youv'e changed that file (you don't have to restart or reboot anything when changing the /etc/resolv.conf file) you can must sure you dont have the caching nameserver installed:
# rpm -qa | grep caching
If you get a response with a caching-nameserver version, you'll have to remove it.
But first, save two files so you can restore them later (use cp -p to preserve their ownership and permissions).
Those files are:
/etc/named.conf (or wherever it is on your server, if /etc/named.conf is a symbolic link)
/var/named/named.ca (or wherever it is on your server, if /var/named/named.ca is a symbolic link)
Then remove the caching-nameserver:
# rpm -e caching-nameserver
Then restore those two files you backed up, to the place where they were originally (also using cp -p.
When the caching nameserver is restored and the files restored, add this line to the bottom of the options section of /etc/named.conf (just above the first line with only }; on it.
Then restart your nameserver:
# service named restart
Once you've done that make sure your server can resolve DNS requests without using your newly set non-recursive nameserver:
# nslookup google.com
If you don't get an answer you've done something wrong and you'll have to remove that line you added to /etc/named.conf and restart your nameserver again so your server will work while you figured out what you've done wrong.
Recently DNS Report began reporting the use of a recursive nameserver for authoritative reporting as a FAIL condition. Whether they should or not is highly controversial; most small nameservers on the 'net are used for both.
However they are, and anyone that ever uses DNS Report to look up a domain hosted by you and using your nameservers, will see a FAIL condition. Which will cost you in support time, credibility, and customers.
So many of us will want to start using different nameservers for recursion than we do for authoritative DNS reporting.
Here's how:
The following instructions are for those of us running CentOS, RHEL, or RHL; if you're running another OS you should do something similar.
Before you do anything else make sure you're not using your own nameserver to resolve lookups from your own server:
# cat /etc/resolv.conf
You'll see something like this:
It's important that none of those IP#s are to your own server, as that server won't be usable as a caching nameserver once you make the change. If you're in a data center they should be able to give you the addresses of two nameservers you can use. Note from the above that if you've got that 127.0.01 line you must remove it; it's pointing to your local system. If you've got your own connection to the 'net you should be able to ask your ISP for the IP#s of two nameservers you can use. Make sure they're reliable; your server will be severely crippled if/when it can't reach them.nameserver 127.0.0.1
nameserver 12.34.56.78
nameserver 12.33.56.78
Once youv'e changed that file (you don't have to restart or reboot anything when changing the /etc/resolv.conf file) you can must sure you dont have the caching nameserver installed:
# rpm -qa | grep caching
If you get a response with a caching-nameserver version, you'll have to remove it.
But first, save two files so you can restore them later (use cp -p to preserve their ownership and permissions).
Those files are:
/etc/named.conf (or wherever it is on your server, if /etc/named.conf is a symbolic link)
/var/named/named.ca (or wherever it is on your server, if /var/named/named.ca is a symbolic link)
Then remove the caching-nameserver:
# rpm -e caching-nameserver
Then restore those two files you backed up, to the place where they were originally (also using cp -p.
When the caching nameserver is restored and the files restored, add this line to the bottom of the options section of /etc/named.conf (just above the first line with only }; on it.
Code:
recursion no;
Then restart your nameserver:
# service named restart
Once you've done that make sure your server can resolve DNS requests without using your newly set non-recursive nameserver:
# nslookup google.com
If you don't get an answer you've done something wrong and you'll have to remove that line you added to /etc/named.conf and restart your nameserver again so your server will work while you figured out what you've done wrong.