Feature Request: Option for no DNS

K

keefe007

Verified User
Joined
Dec 25, 2004
Messages
291
I would really like to see a setting/feature to specify whether or not a DA server will be hosting DNS for a domain or not. Right now if DNS is being hosted elsewhere I have to delete the zone file, but this sometimes causes other issues. It would be great to have an option somewhere for this.

Keefe
 
What harm does the DNS zone cause? If your domain is not pointed to your server then I don't see a problem.
 
The zone causes numerous problems:

1) Email users on that DA server would not be able to email that particular domain if mail was pointed elsewhere.

2) Other websites/scripts located on this server would not be able to reach hostnames for this domain (if they needed to for some reason).

3) Anyone using this server for DNS lookups would get incorrect/missing information on that domain. Since we are an ISP, many users are using our DNS server as their primary.

Keefe
 
Please note that this is for general information. ISP's in general probably do not use DirectAdmin at all.

keefe007 said:
The zone causes numerous problems:

1) Email users on that DA server would not be able to email that particular domain if mail was pointed elsewhere.
Click to expand...

Not true. You have to remove the domain from the /etc/virtual/domains file to fix that issue. Its not a DNS issue.

2) Other websites/scripts located on this server would not be able to reach hostnames for this domain (if they needed to for some reason).
Click to expand...

True only if you are running a caching nameserver and your server is listed in /etc/resolv.conf. Note you should NOT be running a caching nameserver and your server should NOT be listed in resolv.conf.

3) Anyone using this server for DNS lookups would get incorrect/missing information on that domain. Since we are an ISP, many users are using our DNS server as their primary.
Click to expand...

DirectAdmin was not written for ISP's but for hosting companies. So you are trying to use a tool for the wrong reason.

But if you want to ignore the warnings you can always use the custom scripts to do whatever you want automatically. You can easily set it up to automatically remove the zones when a domain is added. Or you can chattr +i /etc/named.conf so that domains never get added.
 
Not true. You have to remove the domain from the /etc/virtual/domains file to fix that issue. Its not a DNS issue.
Click to expand...

Actually there's a setting for this in DA under e-mail management --> MX Records. Regardless of this setting, if a server is using itself for lookups it wouldn't be able to send mail because the MX record would be wrong.

True only if you are running a caching nameserver and your server is listed in /etc/resolv.conf. Note you should NOT be running a caching nameserver and your server should NOT be listed in resolv.conf.
Click to expand...

This is true even if the name server is not a caching nameserver. If bind finds a zone locally it will trust that information.

Also, I think is pretty common for a DA server to use itself in resolv.conf, at least for a primary nameserver.

In terms of proper server administration and cleanliness, a DNS server that isn't authoritative for a specific domain shouldn't host that domain's dns zone anyways.

There are many more situations, besides the one I mentioned here, that require a DA server to host a website without hosting DNS so I wouldn't say this is just limited to ISPs.

Your script suggestions would work, however, this feature really needs to be settable per-domain.

DirectAdmin would certainly benefit from a per-domain setting for DNS. It could be something just like the MX record setting. Possibly a checkbox "Use this server to handle my DNS for this domain."

Keefe
 
You joined this forum before I did so you should know these things as well as I do and you should agree with me.

You should already know that the MX record setting you speak of removes the domain from the /etc/virtual/domains file and that is all unless you are actually changing the MX setting then it would also change the zone.

You should also know that bind will not use a local zone if you are not running a caching nameserver and the local server is not in /etc/resolv.conf.

You should also know that it has been the strong opinion of many here that a caching nameserver should not be used for a hosting company and that most DirectAdmin administrators if they listen to the advice will absolutely not have their own server listed in /etc/resolv.conf. You are an ISP and perhaps you need a caching nameserver.

But since you are not going to believe me I will now leave it to others to correct your thinking. I almost never give my opinion about things. What I state is the evidence I have observed through testing. And I can reproduce the results.
 
Last edited:
Regardless of the opinions on what to have in one's resolv.conf and whether or not to allow recursion, the issue still remains. One should *never* have domains in a DNS server that the server is not authoritative for. This is in the RFC for DNS.

Back to the main point. Since there are multiple situations where a DA server would be hosting a domain without hosting the DNS, this feature should be available on a per-domain basis and I believe many user's would benefit from it.

Keefe
 
I am just saying that you have a unique situation that most of the rest of us don't have. If its easy enough then the DA staff will include it I am sure.
 
keefe007 said:
Regardless of the opinions on what to have in one's resolv.conf and whether or not to allow recursion, the issue still remains. One should *never* have domains in a DNS server that the server is not authoritative for. This is in the RFC for DNS.
Click to expand...
Perhaps; I don't recall and I'm not taking the time to look it up. I believe that the ISC Group, publishers of BIND, have said that you should not use the same nameserver for both cacheing and for authoritative DNS. I know that Dan Kaminsky has (explanation of reason why [exploit] here.)
Back to the main point. Since there are multiple situations where a DA server would be hosting a domain without hosting the DNS, this feature should be available on a per-domain basis and I believe many user's would benefit from it.
Click to expand...
There's that pesky unintended consequence: DirectAdmin uses what you might call a shortcut; it uses the presence of the domain in the local DNS files as a determination of whether or not a domain exists on the file. Perhaps it shouldn't, but bottom line: it does.

So if you remove DNS for a zone then you risk ending up with multiple instances of the same domain on your server. I didn't design DirectAdmin and I didn't test this, so I don't know what happens.

However, as an ISP you should probably have two separate nameservers available on different networks for your caching DNS, and you might want to have two separate nameservers on different network for your authoritative DNS (and use your DirectAdmin server(s) as hidden masters, which is what we do, even though we're not an ISP (I sold off my last dialup ISP business just before the turn of the Century).

Jeff
 
Hello,

I can understand the cases where you wouldn't want dns on your server at all. Although I'm not sure it would be a DA feature at this time (possibly in the future) there are ways of making it happen with your existing system.

1) Globally for everyone: Edit the directadmin.conf and use a plecibo file to replace the /etc/named.conf. Eg: /etc/named.conf.fake.. create an empty file, and DA will be happy to use it to add/remove zones.. even though it won't do anything.


2) On a per-user basis.
By combining a few features, you can accomplish this.

- Custom Package Items for the checkbox for dns on/off.
- domain_create_post.sh to read the value of the custom item from that users user.conf file.. and delete the domain from /etc/named.conf. You'd also need to use the user_modify_post.sh in case you change the checkbox to add it back to the named.conf again.

John
 
keefe007 said:
I would really like to see a setting/feature to specify whether or not a DA server will be hosting DNS for a domain or not. Right now if DNS is being hosted elsewhere I have to delete the zone file, but this sometimes causes other issues. It would be great to have an option somewhere for this.
Keefe
Click to expand...

I would love to have this feature too. Unfortunately, it is being requested since 2007 without much luck, so I am not very optimistic about it:
More flexible DNS control
More Control Over Services
DNS hosting as a hosting package feature
Enable/disable services for specific users
External MX *and* external NS
 
DirectAdmin Support said:
Hello,
2) On a per-user basis.
By combining a few features, you can accomplish this.

- Custom Package Items for the checkbox for dns on/off.
- domain_create_post.sh to read the value of the custom item from that users user.conf file.. and delete the domain from /etc/named.conf. You'd also need to use the user_modify_post.sh in case you change the checkbox to add it back to the named.conf again.
Click to expand...

I am afraid it's not going to work well. At least it didn't work well back in the year 2007 when I tried this approach:
Webcart said:
We've been experimenting with creating "DNS hosting" custom package item and using its value to automatically delete DNS zones where necessary. We've also created domain_create_post.sh, domain_destroy_post.sh and domain_change_post.sh scripts to maintain an accurate list of existing domains (DA currently uses named.conf file as the index to determine if a domain exists on the server or not).

Unfortunately, this didnt work quite well, since DA apparently checks DNS zone entries for number of tasks. For example, an attempt to add/delete a subdomain failed when there was no DNS zone. Also, it wasn't possible to tell DA to use external mailserver for such domain.
Click to expand...
 
floyd said:
Yes it is. Very easy.
Click to expand...

Well, may be I wasn't clear enough or you didn't take the time to read the whole post carefully. So, let me clarify: after removing DNS zone from named.conf file, I was unable to uncheck "use local mailserver" checkbox inside DA. It was quite a while ago and I don't remember all the details but I think DNS management page became unavailable.
Of course one could log in via SSH and edit /etc/virtual/domains file manually avoiding DA control panel altogether, but that's not what I would refer to as "telling DA to use external mailserver for such domain" ;)
 
you didn't take the time to read the whole post carefully
Click to expand...
You can insult me if you like. I don't care.

after removing DNS zone from named.conf file, I was unable to uncheck "use local mailserver" checkbox inside DA
Click to expand...

Reverse the order. And you don't have to use SSH at all.
 
I'd like to also request this feature. I'm not going to waste my time arguing the semantics. It would be a useful feature for at least a few people and is worth the time implementing in my opinion.
 
floyd said:
Reverse the order. And you don't have to use SSH at all.
Click to expand...
This is a one way road. That is, you change it once and hope you will never have to touch it again. It might work for you now but try increasing customer retention to the point where your customers change domain registrars, mail hosting and/or spam filter provides more often than they change webhost then we will talk again.

floyd said:
DirectAdmin Support has already spoken on the matter. Solutions for the few people who need it have been given.
Click to expand...

I think you are confusing "solution" with a "workaround".
Although they both might achieve same technical short-term goals, they are quite different for people with corporate experience who are used to consider support, maintenance, documentation, knowledge transfer etc for every customization they implement however small it might be.

Having "DNS hosting" and "E-mail hosting" settings integrated into hosting package would simplify account management and server maintenance, provide easier way to integrate with 3rd parties (such as support system, billing systems etc) AND it shouldn't be time consuming to implement.

In any event, I am really not sure why you are so negative. You don't find this feature useful - fine, don't support it. But this is a forum for posting feature requests not objections. May I suggest we keep this discussion on topic.
 
Webcart said:
This is a one way road. That is, you change it once and hope you will never have to touch it again. It might work for you now but try increasing customer retention to the point where your customers change domain registrars, mail hosting and/or spam filter provides more often than they change webhost then we will talk again.
Click to expand...

I don't see how this comment has anything at all to do with my comment about deleting the domain from /etc/virtual/domains

You said:

after removing DNS zone from named.conf file, I was unable to uncheck "use local mailserver" checkbox inside DA.
Click to expand...

And I told you, in not so many words, to uncheck it first and then delete the zone. Problem solved.

I think you are confusing "solution" with a "workaround".
Click to expand...

For me they mean the same thing.

In any event, I am really not sure why you are so negative. You don't find this feature useful - fine, don't support it. But this is a forum for posting feature requests not objections. May I suggest we keep this discussion on topic.
Click to expand...

I am not being negative excepting in pointing out that first having the DNS zone on the server does not hurt anything unless you are running a caching nameserver, which BTW you should not since it is very dangerous in itself, and if you remove the DNS zone it can actually break things like the check that DA does before adding a domain.

Imagine what would happen if a domain was added under a certain user and then the DNS was removed and then at a later point somebody tried to add that same domain again under a different user. The DNS check would prevent that but since the DNS has been removed all sorts of problems can happen.

So to accomplish this feature part of the core of DA would have to be rewritten.

DirectAdmin Support has already given their answer on this so a continuing discussion on this feature for the time being is moot.

I do see the big picture and see all the possible problems that can ensure because of this feature. I have only named one here. This feature has potential to wreak havoc on a server if used by a non experienced admin and we know from all the posts on this forum how many there are out there.

I would be remiss if I saw a danger and did not point it out to my fellow admins. Its not a matter of supporting a simple feature or not. Its a matter notifying admins of the potential danger of using such a feature. If you choose to ignore the danger then that is up to you. But I feel it is my moral duty to at least warn people.

So please take this with the spirit it is intended. Its intended as a warning, not that I am simply opposed to a feature. In fact I do not oppose any features unless there is such a danger of using it.
 
This certainly is the place for discussion, both negative and positive, on any feature request. How else would JBMC staff (JBMC is the publisher of DirectAdmin) know how people feel about a given feature.

As Floyd points out, this change would require some fundamental changes to how DirectAdmin knows about the existence of a domain on your server.

I'd like to see the thread kept open so others with honest opinions (rather than arguments) can continue to post.

Jeff
 
You must log in or register to reply here.
Back
Top