DirectAdmin farm behind Bind9 (DNS forwarder)

Dcode

Verified User
Joined
Jul 30, 2024
Messages
6
Hey guys,

I wanted to ask for help on this since i can't manage to solve the issue i have at hand with DNS nameservers, they just don't work, now none of these servers are rented, everything is onsite on our office,

So i have the following infrastructure:

For DNS (Fails):
FW (port53/UDP)--->VM (Bind9)---->backend group of servers with DirectAdmin (Server1, server2, etc.)

We set our own nameservers ns7.dcodehosting.com and ns8.dcodehosting.com as any domain in Directadmin (new domain, etc.) and created A records for ns7 and ns8 (but i'm not sure this is what i should be doing)

Registered the nameservers in our registrar panel pointing to our public ip and set the the nameservers for the domain (dcodehosting.com) as ns7.dcodehosting.com and ns8.dcodehosting.com (i'm using the same IP for testing and convenience, the idea is later on add an external DNS server),

This setup seems to propagate but fails to properly resolve, if i try a dig in the bind9 vm all is good, if i try a dig @8.8.8.8 i see that sometimes resolves, sometimes goes with servfail, so i'm not sure if i set it up wrong on directadmin or what.

Anyone has a guide on how to config the nameservers behind a forwarder? (be that bind9 or dnsdist?)

Thanks in advance!!
 
Adding a dig @1.1.1.1 dcodehosting.com to show what happens, time difference between the dig is about 40 min:


dnserror.png
 
You should create glue records ns7 ns8 at your domain registrar.

yon don't need to create domain in Directadmin.
 
For incoming DNS connection testing., you should testing by dig from outside network into your server IP.
Code:
dig "One of domain inside directadmin server" @{Server IP}

because from your testing by dig inside server into other dns provider, we don't know if relate to outgoing traffic or incoming traffic.
 
Fair point, i was testing this out over VPN connected to the office, and since i did not configured the local DNS to avoid this issue, i might have been getting this error because i was inside the network now that you say it, i'll check this out to see what happens and get back here with the results, thanks @Ohm J !
 
I always use the domain, so I can set the A and NS records of nameservers to be used for new accounts, then I'm always sure things are working correct. Old style. :)

Anyway, you have to secure your named.conf seems you didn't do that yet, normally this is done by DA automatically if I'm not mistaken.

Also if you want to send mail from these servers, then verify if the PTR/rDNS record is pointing to your correct hostname which is not the case right now.

Have a look here:
 
Well sadly i could not manage to get it working using bind9 as a forwarder, so i decided to go with the "classic" option, meaning a direct forward to a master and then just use multiserver to replicate with the rest of the servers, if i ever make it to work with bind9/powerdns or similar, i'll post a tutorial.

Thanks everyone for your help!
 
Back
Top