How to use Directadmin as NS1 and domain provider nameserver as NS2

k1l0b1t

Verified User
Joined
May 10, 2020
Messages
33
Location
Belgium
Note: The domain provider must allow this, If you are unsure, Contact your Domain provider.

It's best-practice to have name servers on 2 different machines, Direct-admin adds this feature to use 2 servers running directadmin, but when you have only one server there is an alternative: Using the Domain provider's NS as secondary.

To do this you need to know the IP addresses of the servers that will request AXFR on the domain-providers end. I'll be using 1.2.3.4 as an example.

Edit /etc/named.conf and uncomment the line

Code:
//allow-transfer { none; };
and enter the IP as follows:

Code:
allow-transfer { 1.2.3.4; };
If they use multiple IP's, just append them, seperated with a ";".

Now you will have to do a update to the domains. (so that the SOA records change) and in a few hours you should be able to see that both your own nameserver and the domain provider's nameserver are serving the same dns-records. (you can use "dig domain.com soa @ns1.yournameserver.com" and "dig domain.com soa @ns2.yourprovidersnameserver.com" to view / compare the SOA records)

You might then change the nameservers, so that the secondary nameserver is the providers nameserver.
 
Last edited:

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,254
Location
Maastricht
Doesn't this also need a notify or allow-notify next to the allow-transfer? Or does DA use a rndc reload so the notify is send out automatically?
 

k1l0b1t

Verified User
Joined
May 10, 2020
Messages
33
Location
Belgium
The notify is indeed send out automamtically. In my case my providers nameservers don't do anything with notify requests, they just poll periodically (they look at the refresh field on the SOA record).

edit: When I look at `service status named` after restarting named, I see that it sends the notifies.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,254
Location
Maastricht
Thank you for confirmnig this.
I think this would be a nice solution for users with 1 ip who want to run their own nameservers this way as this makes it also easier to create wildcard ssl certificates if I'm not mistaken.

Nice job!
 

k1l0b1t

Verified User
Joined
May 10, 2020
Messages
33
Location
Belgium
Yeah, Thats why I'm using it, I have one IP on my personal webserver. It's allso handy if you have say 2 ip's, but only one server to have redundant DNS.
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
370
what do you fill in then as nameservers in your Directadmin panel ? :
ns1.directadminserver.com
n2.yourproviderserver.com

Because standard installation start always with:
ns1.directadminserver.com
ns2.directadminserver.com
O simply delete ns2.directadminserver.com ?
 

k1l0b1t

Verified User
Joined
May 10, 2020
Messages
33
Location
Belgium
You can change it (at least you can at reseller level). As long as the two autorative nameservers are the same as the ones in the NS record (preferably do it on a user-to-user basis, as most registrars only allow their nameservers to be set secondary if the domains are purchased with them).
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
792
Location
Netherlands Germany
You can change it (at least you can at reseller level). As long as the two autorative nameservers are the same as the ones in the NS record (preferably do it on a user-to-user basis, as most registrars only allow their nameservers to be set secondary if the domains are purchased with them).
You still need the ip adres in a zone record for that nameserver?
 

k1l0b1t

Verified User
Joined
May 10, 2020
Messages
33
Location
Belgium
You still need the ip adres in a zone record for that nameserver?
No, you need a NS-record. for example, within directadmin dns you have 2 ns records:
domain.com NS ns1.thisserver.com
domain.com NS ns2.providerserver.com

In case you meant that ns1.thisserver.com still needs a ip record in the zone of thisserver.com: yes.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,254
Location
Maastricht
O simply delete ns2.directadminserver.com ?
It's the same as you do when using multi server setup, but then with other domain name, like ns2.otherdomain.com

Next to that, we always use 2 A records on our multiserver setup too for nameservers.
Like (used local examples):
ns1 A 14400 192.168.0.1
ns2 A 14400 10.0.0.40 <-- external server not our local ip, only present as A record in zone

This can easily be done this way for all users. It's really quite the same setup as multiserver setup, except this way you can use an external nameserver with afxr.

However, you must have set the nameservers for the users at the registrar indeed, and you must find a nameserver provider where you can use afxr to use this as ns2.

It's a very nice solution.
Personally I prefer a cheap vps for like 2 dollars a month with directslave on it.
 
Top