Automatic proper DNS settings

S

Snorky

Verified User
Joined
Nov 21, 2024
Messages
16
Hi,

I'm sure I'm not the first one to ask, please point me to a well written sesame street language description for the following; I have a clean DA install. I created my first domain under the Admin level, Im currently not planning to use reseller or reseller/user levels, unless required.

The e-mail generated with this new domain seems to work but is hardly accepted anywhere. I'm getting comments about the DNS and MX records.
1738831216698.png

When I look at the DNS that was created by Direct Admin I find the following below. (I'm using mydomain.com as a placeholder in this example)

Obviously it's missing a lot of stuff like DMARC, DKIM, _acme challenges and all sorts of ....

Why was this not created and how do I do this within 10 minutes? :) In other words, I want this thing to e-mail without problems, preferably automatically for any other future domain registered. Or should I somehow setup 1 domain as a mailserver and use that as default somehwre efor all future domains? Thank you!
ftp3600A178.251.27.23
mail3600A178.251.27.23
pop3600A178.251.27.23
smtp3600A178.251.27.23
www3600A178.251.27.23
mydomain.com.3600A178.251.27.23
mydomain.com.NSns1.server-178-251-27-23.da.direct.
mydomain.com.NSns2.server-178-251-27-23.da.direct.
mydomain.com.3600MX10 mail.mydomain.com.
mydomain.com.3600TXT"v=spf1 a mx ip4:178.251.27.23 ip6:2a00:1938:1100:1:2cdc:57ff:fe3c:406 ~all"
 
1. Your NS records are wrong unless your are doing your DNS at your provider (is your server hostname correct anyway ?)
2. You are missing DKIM records , enable DKIM at email accounts page more info here
3. You are missing DMARC records , more reading here automatic add dmarc record how to is here
 
Last edited:
Additionally you still use a hostname from a domain which is not yours, because da.direct is owned by DA.
Fixing this would also fix your nameservers, at least if you want to run your own nameservers.
Try this howto: https://forum.directadmin.com/threa...e-your-servers-hostname-in-directadmin.70371/
having a properly configured FQDN hostname which you own is one of the most important things for sending mail.

As for DMARC, that is not required unless you send more than 5K mail a month, but it's a plus if you have it running.
 
Thank you both. I started by trying to create and setup my own nameservers, nameserver domain is registered at namecheap and setup as ns1 and ns2 namservers pointing to the DA server. In there I followed you link with instructions, created the folders as described and included your certificate request. I set one domain also at namcheap to use the new nameservers, fingers crossed it's resolving tomorrow. I will then pickup the other settings, thank you.
 
Ok, here is the current whole situation:

I have a domain registered at my original provider. Let's call this domainone.com. That has a website running on that privoders webserver. In the DNS of that hostingpackage I created a subdomain, let's call that da.domainone.com. That subdomain points to this new DA server with the IP address as you see above. So, da.domainone.com is used as the Server's Hostname.

I have registered another domain at Namecheap myself. Let's call this domainonedns.com. At namecheap I created 2 nameservers under that domain:
ns1.domainonedns.com
ns2.domainonedns.com

...both using the single IP address of the server mentioned above. Then I set the domain domainonedns.com to use these new nameservers.

In the DA server I now created another DNS zone for domainonedns.com that has the nameservers ns1 and ns2.domainonedns.com in it. I followed the instructions of @Richard G all the way including creating and chmodding the folder.

In the Admin panel under Server Manager => Nameservers I now entered the 2 new nameservers.

Now, I think I did it all correct up to this point.

However, there already were 2 active domains and hostingpackages created on this DA server which still have the da.direct nameservers in it. Now, I assume I need to change these into ns1 and ns2.domainonedns.com at some point. But I can imagine somehow I need to tell the new nameservers about these exisitng domains before changing their nameservers.

I assume when I now create new packages with a new name, automatiaclly the correct 'zone information' (is that what you call it) is entered into these nameservers which I asusme are now missing for the 2 existing domains.

So the question is; is there a way to 'update' the new nameservers with exisiting domain names? Or, do I maunally need to enter somewhere?
 
Ok, I just chanegd the nameservers at one of the new domains and also at namecheap to point that domain to the new domainservers. Doing a DNS lookup on that new domain and comes up with the new namservers. So that sounds good then.
 
Snorky said:
In the DNS of that hostingpackage I created a subdomain, let's call that da.domainone.com. That subdomain points to this new DA server with the IP address as you see above. So, da.domainone.com is used as the Server's Hostname.
Click to expand...
That's not a good idea. It's best to not create the hostname as a real subdomain because very big chance you will run into issues with mail for example.
I linked to a manual on to how and where to create your hostname and I would advise to create the hostname like that.

Snorky said:
I followed the instructions of @Richard G all the way including creating and chmodding the folder.
Click to expand...
Those instructions were for the hostname -not- for the nameservers!!

You have to read the instructions carefully.
For the nameservers you only have to create the main domain domainonedns.com on your DA server like any other domain and then put A and NS records in there for ns1 and ns2.

The hostname is not created via this way. But is done via DNSmanager in Domain adminstration, so not like create a domain and then create a subdomain in there.
If you done that correctly, you will not find the hostname only in DNS manager, not as part of another domain installation.
 
@Richard G Thanks for being so helpful, yes, i misread that, sorry. Well, I have an issue now, I already setup the new nameservers and they are working. I had a call last night because a service as down that was using a subdomain that didn't exist in these new nameservers yet. I'm saying this, because whatever change I make, I can NOT have it fail. There's stuff already running on it and I can't risk rebooting into something that messes it all up. So, whatever I did wrong, I need to correct it in a bullet proof way. After that, I'll make a full VM backup, assuming this is a good recovery point.

In my example the current chosen hostname is: da.domainone.com
etc/hostname shows only:
da

hostname -f shows:
da.domainone.com

(I understand that the FQDN you are talking about, in this case looks like a subdomain too, just like da.domainone.com.)

hosts file shows indeed something like in your explanantion:
192.168.0.1 da.domainone.com da

I may need more sesame street explanation and ask for the obvious, but your explanation starts with:
"The domain mydomain.com is used her as example and 192.168.0.1 as example server ip"

Now, I assume this mydomain.com didn't just fall from the sky and is a real TLD registered at (in my case) namecheap? In short; does a hostname need a freshly registered TLD? Where there is only 1 A-record and a @ to point to this server's IP? And...then you would still use a server.mydomain.com as a hostname, while that looks like a subdomain?

EDIT: Since I already have ns1.domainonedns.com en ns2.domainonedns.com pointing here, could I not just add another A record in domainonedns.com with da or server and point to it's own IP, and use that as the hostname like server.domainonedns.com?
 
Last edited:
Snorky said:
I need to correct it in a bullet proof way.
Click to expand...
Lets have a look if this is possible. I will remark if it might not be bullet proof.

The /etc/hostname is better to make it the full da.domaineone.com so edit and change.
As for the FQDN hostname, yes it looks like a subdomain.

The hostname -f command is correct and the /etc/hosts files is also correct so those don't need any change.

Snorky said:
In short; does a hostname need a freshly registered TLD?
Click to expand...
No it does not have to be a freshly registered TLD. It must be an existing TLD either new or an existing one which can be used. There is no need for a seperate new TLD for either hostname or nameservers.

A FQDN hostname is required by the RFC's and to not get into odd issues, it's best to have one. An FQDN hostname always looks like a subdomain, but is not a real one. Just like mail.domain.com looks or smtp.domain.com looks like a subdomain too, but in fact is none either.

A subdomain is a part of a domain mostly use for webspace and can be used as sub.domain.com and then you also have webspace for it like /home/user/domain.com/public_html/sub
Nowadays this can also be /home/user/sub.domain.com/public_html for example, those are real subdomains.

Things like the hostname, ftp, mail, smtp, imap are no real subdomains, they only look like them. Here's a good explanation in the answer to the question.
superuser.com

Difference between Subdomain, hostname, host and www in a DNS system?

I am studying DNS from various sources on the internet and cannot comprehend above mentioned terms. I cannot get a real life example of above terms anywhere. What I understand is: Domain: com, edu,...
superuser.com superuser.com

There are 2 ways to use hostnames. You can add an A record, but I never did that as I've seen once a while an odd issue with no spf for hostname when mail is send via php forms for example. So I always make a seperate record via DNS administration in admin which always works well.

You have ns1 and ns2.domainonedns.com which is fine. It's no problem having the hostname from another domain so you can leave it as is.

If you would like to change the hostname to server.domainonedns.com that is also possible, use the howto I created to do that. First change the hostname in DA itself and then use the howto to check and change the rest.
Reboot is needed after changes. Also a new SSL certificate for the hostname. That should all be foolproof too.

If you have everything set to the server.domainonedns.com and domainonedns.com itself is also on the server then in fact you don't need the domaineone.com domain anymore, so you can either use that for something else or on a different vps or remove it.
 
This is really helpful again. I now understand I have a choice, either use the existing hostname and create en DNS record for it, or use a new hostname with the same domain as the domainonedns.com, like da.domainonedns.com.

Since this is becoming a really useful thread for other newbies like myself, let me make a 100% sure what the best way to go is:

DNS Hostname.gif

This is the current situation. Just to be sure what the best way to go is:
Use the current hostname da.domainone.com, fix /etc/hostname to display the full name and create a DNS record for it in administration, or
Change it to something like da.hostservicedns.com and remove the da.domainone.com completely from my own server.
 
Snorky said:
Use the current hostname da.domainone.com, fix /etc/hostname to display the full name and create a DNS record for it in administration, or
Change it to something like da.hostservicedns.com and remove the da.domainone.com completely from my own server.
Click to expand...
You can do both, but if possible mostly (especially for beginners) use the hostname from the admin domain.

So lets take example.com as domain name. Then on the registrar, if you want to run your own nameservers, after DA installatio you have to point the nameservers of example.com to the DA ns ip's (glue records).

Precofingure your server like in my docs for the hostname in the OS.
On installation of Directadmin, DA will pickup the hostname or use this commandline:
DA_HOSTNAME=server.example.com ./setup.sh <license key>
but having it setup before in the OS is better.

Then on the DA server best in this order:
admin domain example.com
DNS
Website
Mail
FTP
ns1 A record
ns2 A record
NS1 NS record
NS2 NS record
SPF
Maybe also DKIM and DMARC depending on what you want.

In DNS administration create a hostname server.example.com
It will have all required settings automatically if all is well. Would look just like a customer domain.
If you want DKIM here too, wait until main domain example.com is finished and resolves, then use the SSH command do create a DKIM key for your hostname.

Snorky said:
Just to be sure what the best way to go is:
Click to expand...
There are 2 ways to do it. I don't know if this is the best way, but I personally consider this the better way. ;)
 
Ok, I used the existing da.domainone.com to create a DNS for, after adding the entire da.domainone.com to the /etc/hostname like you suggested. It created a DNS record for da.domainone.com with all the expected entries.

However, you mentioned:
ns1 A record
ns2 A record
NS1 NS record
NS2 NS record

Why do I need the first two A records for the nameservers? Would this then look like:
da.domainone.com A ns1.domainonedns.com
da.domainone.com A ns2.domainonedns.com

I managed to get letsecrypt cert and even DKIM to display in the DNS of the hostname. This turns out to become an incredadible useful thread :)

One last thing, a bit off subject; I'm getting to the point where I think this is a fantastic recovery point. I doubt if I could repeat this whole installation again step-by-step should anything ever happen to this server. I wonder this:

I make daily automated backups, that seem to create multiple files for admin and users.
I'm hoping the following; if I'm ever forced to dump the server, can I create a new VM on another server (same IP address), install a fresh DA with licensekey as before, and after entering I could just restore these backups to have ALL settings back? Like a 100% copy of what I have now? Or should I still go and stop all services and run a VM copy?

1739799105757.png
 
Snorky said:
Why do I need the first two A records for the nameservers? Would this then look like:
da.domainone.com A ns1.domainonedns.com
da.domainone.com A ns2.domainonedns.com
Click to expand...
No that's how the NS records would look but you should als only use the domain for the nameservers is what I mean. And don't use the hostname here either.
So if you use domainonedns.com for the nameservers then in the domainonedns.com dns records it should look like:

It should look like this:
Code: 
ns1.domainonedns.com.      3600    IN      A       ip.of.ns1
ns2.domainonedns.com.      3600    IN      A       ip.of.ns2
domainonedns.com.  3600    IN      NS      ns1.domainonedns.com.
domainonedns.com.  3600    IN      NS      ns2.domainonedns.com.

In -any- other domain using these nameservers, only these NS records would appear.

If you want to use the nameservers on domainone.com then place the above in the domainone.com dns records, except then you ofcourse change every domainonedns.com to domaineone.com in that case.

As for the backup and restore. If you are sure your will only restore to exactly the same ip address, then ofcourse you can use the setting to use the nameservers from the backup and SPF records of the backup.
In case you made a mistake with something in setting up da, then at least you will have the correct nameservers and correct ip's in spf so you won't have to change that again.
But again, only if ip's are exactly the same.

As for the directadmin settings I don't know, I never use that so I can't give you a decent answer about that.
I always use the admin backup/transfer to a new server with new ip's, then ofcourse I select to use the new values.
And if I have to restore to the current server I can choose which one as both backup and local are normally the same.
 
You must log in or register to reply here.
Back
Top