Primary Domain & Server Domain

[IT_Architect]

Here is what I'm up to. I'm creating a clean instance of FreeBSD and will be backing it up. Since it's a virtual machine, that's easy to do. Next I think I will install apache, mysql, php, etc. The reason for no DA at this point is I don't know how DA would complicate things if I want to work with CARP and firewalls to prototype a fail-over situation. I may end up moving IP addresses around etc. I'm making sure that the small bare bones VM can be used later for DA, so I read the install guide. Here is what I don't understand in the guide:

Important: The hostname should not be the same as the primary domain name. e.g. gary.com is not a good hostname, where server.gary.com is. Having the same host/main domain name will cause e-mail and FTP problems. Also, please make sure the hostname resolves once you setup DNS.

That doesn't make sense to me. Why would there be a mail and ftp problem? The reason we use dummy domains on the servers for the primary domain is so that no actively used domains become locked to a certain physical server. If I move a domain to another server that was the primary domain, we couldn't send mail to that domain because it would see the old instance on the local server and would route the mail to a local dead mailbox. But why shouldn't the server name and domain be server.s1-mydomain.net and the primary domain s1.mydomain.net. What am I missing?

Thanks!

 

[floyd]

But why shouldn't the server name and domain be server.s1-mydomain.net and the primary domain s1.mydomain.net. What am I missing?

There is nothing wrong with that. You must have misread something. The two whole names you mentioned are different.

You cannot setup mail for the hostname through directadmin.

I prefer to not have a "primary" domain at all. I have many servers where I personally do not have a domain except the hostname which is a subdomain of my business.

Next I think I will install apache, mysql, php, etc.

You should let DA install these until it supports ports from what I hear.

 

[IT_Architect]

There is nothing wrong with that. You must have misread something. The two whole names you mentioned are different. You cannot setup mail for the hostname through directadmin.

Got it! You wouldn't setup mail for the host name anyway. The host name would be the smtp host though.

I prefer to not have a "primary" domain at all. I have many servers where I personally do not have a domain except the hostname which is a subdomain of my business.

I don't understand what you mean. The host has a host name and domain name by virtue of the OS install. The primary domain exists by virtue of the control panel install. I understand the host could be part of a domain other than the primary domain. If you don't have a primary domain, then you wouldn't have a default DNS servers for the virtual domains. What am I missing?

You should let DA install these until it supports ports from what I hear.

Since I'm working with ESXi and VMs, to install DA later, I would simply mean reverting back to the snapshot of the clean install.

 

[squirrelhost]

Every server requires a hostname set up when installing, but it doesn't have to have any real 'domain' hosted on it. All my servers are usually set up with a hostname which is a subdomain of a domain which I own (and host elsewhere).
When asked for a 'hostname' on an order form when renting a server, I do sometimes enter complete rubbish, and it makes no difference.

Sometimes I don't ever get round to adding an A record in any zone file for the 'hostnames' so they never resolve. I always ssh to the ip addresses, so it matters not.

I also have several laptops here (not related to DA of course) which run either FreeBSD or OpenBSD. They all have nonsense hostnames, usually just the model number, so the one with 'tz11' is a sony vaio tz11 notebook. It works fine, I can send email from it. I could change the hostname, and reboot. Wouldn't matter.

 

[nobaloney]

Except that exim, by default, uses your hostname in the helo when it sends email, and if it doesn't resolve and if the IP# doesn't match, many sites will refuse your email as spam.

While SpamBlocker doesn't by default, it has it available as an option. My bet is that many DirectAdmin users do use it as it gots out a lot of spam. Since you're breaking the RFCs, disallowing email from you would be acceptable collateral to lots of server admins.

Jeff

 

[IT_Architect]

but it doesn't have to have any real 'domain' hosted on it...Sometimes I don't ever get round to adding an A record in any zone file for the 'hostnames' so they never resolve. I always ssh to the ip addresses, so it matters not.

The primary domain is defaulted as the mail server, DNS server, control panel, http, and ftp for the virtual domains that use shared IPs. Moreover, for those domains, the primary domain is the email server for reverse lookups to prevent spam. There needs to be a tie somehow between the IP and the domain sending the mail.

The problem with the primary domain being an actively used domain is as long as a domain exists on a server, the local domains cannot email it you need to move it to another server. Changing the primary domain creates a bit of mess, so I buy dummy domains for that role because there is never any point in moving the primary domain that way. What I'm trying to understand is how things work for floyd with no primary domain. I would think I would lose a lot of the automation inherent with DirectAdmin, but perhaps I'm missing something.

 

[floyd]

What I'm trying to understand is how things work for floyd with no primary domain. I would think I would lose a lot of the automation inherent with DirectAdmin, but perhaps I'm missing something.

I am trying to understand the idea of a "primary" domain. I don't know what that would be. I have servers with hostnames based on my companies domain but I do not have any domains those servers myself. I have customers with lots of domains on the server. Those customers could have a "primary" or "default" domain but there is no such thing as a primary domain for the server itself except for the hostname. Where are you adding a "primary" domain?

 

[IT_Architect]

I am trying to understand the idea of a "primary" domain.

The primary domain is the admin user domain when you install DirectAdmin. Admins are also resellers and users. The default IP for shared domains, SMTP, and name servers become the default for the domains created by the users and resellers. Example: primarydomain.com. The server would normally be server.primarydomain.com, ns1.primary domain.com, mail.domain.com, etc. It is the host for a shared certificate. There would be an a ptr record for that ip in the reverse lookup zone so that when a reverse lookup is performed by a receiving smtp host, it will resolve to a valid e-mail server for that domain according to the MX record. This drops the spam score and allows e-mails from the server to have a higher probability of being delivered. The generic/dummy domains I've been using are real, registered, and resolved, domains, but not used for any commercial purpose. Generic names are also more reseller-friendly since you could name it s1-SomeDCName.net. Because they are not used for any commercial purpose, there is never a reason to move them. If you were to move a primary domain that is used for commercial purpose and leave the domain dormant on the local server, no local domain on the server will be able to e-mail the domain that was the primary domain because the smtp server on the local host would resolve the mail to the local no-longer-monitored mailboxes on the local server. If you were to remove the local primary domain, the name servers, and smtp server for the other domains on the server would no longer be valid because they now reference a remote server that doesn't have the mail boxes, ftp credentials, etc. for the local domains. While anything is possible to do, not everything is possible to do without losing the automation inherent with DirectAdmin. The primary domain is made mention of in the DirectAdmin Installation Guide.

What am I missing?

 

[floyd]

The primary domain is the admin user domain when you install DirectAdmin.

I don't have one. The admin user does not have a domain name.

Example: primarydomain.com. The server would normally be server.primarydomain.com, ns1.primary domain.com, mail.domain.com, etc.

Not for me. What you are saying is that is I have 100 servers then I need to register 100 domains so that I can have a primary domain on each one. That is simply not true.

 

[IT_Architect]

I don't have one. The admin user does not have a domain name. Not for me. What you are saying is that is I have 100 servers then I need to register 100 domains so that I can have a primary domain on each one. That is simply not true.

That's why I'm so interested in the conversation. I'm looking for a better way. Correct me if I'm wrong, but what you are suggesting is, instead of server.s1-SomeDCName.net, server.s2-SomeDCName.net, name the servers s1.SomeDCName.net, s2.SomeDCName.net, and use one domain name. The host name could still have a PTR record for the main IP address for use by the shared domains on the server. The admin(s) account would not need to have a domain at all. What I see missing is the name servers. E.G. where is the ns1.????.com for the shared domains? It seems like you would need to use custom name servers for everything that way and manually setup NS for every domain.

What am I missing?

 

[floyd]

I will use my own domain as an example. My domain is newwebsite.com. The actual server newwebsite.com is hosted on has the hostname server.newwebsite.com.

I can have other servers with the hostnames:

server2.newwebsite.com
server3.newwebsite.com
server4.newwebsite.com

I can have nameserver records set up for these as well:

ns1.server2.newwebsite.com
ns2.server2.newwebsite.com

ns1.server3.newwebsite.com
ns2.server3.newwebsite.com

ns1.server4.newwebsite.com
ns2.server4.newwebsite.com

I am not sure what you are missing. This is the way I have always done it long before directadmin.

 

[IT_Architect]

I will use my own domain as an example. My domain is newwebsite.com. The actual server newwebsite.com is hosted on has the hostname server.newwebsite.com.

I can have other servers with the hostnames:

server2.newwebsite.com
server3.newwebsite.com
server4.newwebsite.com

I can have nameserver records set up for these as well:

ns1.server2.newwebsite.com
ns2.server2.newwebsite.com

ns1.server3.newwebsite.com
ns2.server3.newwebsite.com

ns1.server4.newwebsite.com
ns2.server4.newwebsite.com

Hmmm. When i create a domain on a share IP in DA I would automatically get and NS record when I create the domain like this:
UserDomain.com NS ns1.PrimaryDomain.net.
The ns record is based on the primary domain name, which you don't have. ns1.server2.newwebsite.com must exist as an entry on the server.newwebsite.com server with the IP address of the server2.newwebsite.com host because the domain doesn't exist on the local server. Therefore, to get around needing a separate domain, you manually enter ns1.server2.newwebsite.com in the newwebsite.com zone for the server, and in each shared domain on server2.newwebsite.com, you create your own NS records. Is that correct?

Thanks!

 

[floyd]

Hmmm. When i create a domain on a share IP in DA I would automatically get and NS record when I create the domain like this:

But that is based on your administrator and reseller level settings. It has nothing to do with a "primary" domain. There is no "primary" domain. All domains on a shared server are treated equally.

you manually enter ns1.server2.newwebsite.com in the newwebsite.com zone for the server

Correct.

and in each shared domain on server2.newwebsite.com, you create your own NS records.

No. Each domain added gets the nameservers that are listed in the reseller level settings.

 

[IT_Architect]

But that is based on your administrator and reseller level settings. It has nothing to do with a "primary" domain. No. Each domain added gets the nameservers that are listed in the reseller level settings.

There we go. Now I need to rethink my strategy. I'm glad I asked the question.

Thanks!

 

[nobaloney]

I don't have one. The admin user does not have a domain name.

I think that IT_Architect is confusing a hostname with a primary domain name.

Not for me. What you are saying is that is I have 100 servers then I need to register 100 domains so that I can have a primary domain on each one. That is simply not true.

Of course not. You can do something like:

server1.example.com
server2.example.com
server3.example.com

and so forth.

But as you point out, you don't need a domain in the user area of the admin account.

Additionally, we use the nameservers on our hosting servers as hidden masters; we use Master2Slave DNS Replicator to replicate (slave) DNS on the nameservers whose names we publish.

Jeff

 

[IT_Architect]

The newwebsite.com zone would be like this?
server.newwebsite.com 70.70.70.10
ns1.server.newwebsite.com 70.70.70.10
ns2.server.newwebsite.com 70.70.70.11

server2.newwebsite.com 70.70.71.10
ns1.server2.newwebsite.com 70.70.71.10
ns2.server2.newwebsite.com 70.70.71.11

server3.newwebsite.com 70.70.72.10
ns1.server3.newwebsite.com 70.70.72.10
ns2.server3.newwebsite.com 70.70.72.11

Using server server3.newwebsite.com as an example,
1. You would use server3.newwebsite.com and use its base IP for the PTR record for reverse lookups.
2. The shared certificate would be for server3.newwebsite.com.
3. The name servers would be set up in the reseller area:
ns1.server3.newwebsite.com
ns2.server3.newwebsite.com
4. Register the new name servers at the registrar.
5. The default IP of the services for domains made on server server3.newwebsite.com would be the IP for server3.newwebsite.com.
6. Domains owners would enter ns1.server3.newwebsite.com and ns2.server3.newwebsite.com at their registrar.
7. Make sure you have redundancy because server.newwebsite.com is authoritative for all the NS servers. 3rd party DNS might be better.

Is this what you mean?

 

[nobaloney]

You managed to lose me. Why don't you explain exactly what you want to do (if you've already done that I must say I've gotten lost in the thread and don't see it ) and then add how you think you want to do it. Then it will be easier to give you feedback.

Of course 3rd party DNS is a solution. In fact, the reason I paid to have Master2Slave DNS Replicator written and given to the community was so that we could use it along with hidden masters to offer 3rd party DNS solutions.

Jeff

 

[IT_Architect]

What I do currently is have a dummy domain per server. s1-domainname.com, s2-domainname.com. The server is server.s1-domainname.com, etc. The name servers are ns1.s1-domain.com, ns2.s1-domain.com etc. Everything pertaining to the server and and the zone it is a member of resides on the same server.

Floyd puts all of his servers in a single domain. The zone they are a member of does not reside on the same server as the host itself. He apparently uses a 4th level for his name servers in the same zone. That's the confirmation I'm requesting in the preceding question. What is puzzling to me is what his zones look like.

In his scenario it would seem to make sense to use 3rd party dns hosting for that zone because it is authoritative for multiple hosts. Using the method I've been using, when the zone for the server is hosted on the same server, the only time the DNS is unavailable is when the sites and services are also unavailable.

 

[nobaloney]

If Floyd is doing what you write (I don't reread the entire thread before I post), then he's doing what I do.

I set up the server domain (which I use for all my servers) on one of my servers, the same way I'd set up any other domain I own, in my case under a single reseller I use for my own "maintenance" domains (you could also do it under a single user).

Then I manually add A records for each server, pointing to that server, in the single zone file, whenever I add a server.

I don't know about you, but we use a checklist to help us keep from making mistakes when we provision new servers. This is just one of the items on the checklist.

Jeff

 

[IT_Architect]

Your reply is most helpful.

I set up the server domain (which I use for all my servers) on one of my servers...Then I manually add A records for each server, pointing to that server, in the single zone file, whenever I add a server.

The servers' A records I understand. How do you handle the name server A records and NS records for the domains on those servers?

I don't know about you, but we use a checklist to help us keep from making mistakes when we provision new servers. This is just one of the items on the checklist.

We are at the point now where we are putting together a checklist. I wanted to get a handle on a few things while making a transition to a new provider so we set up right. Things such as this as a plan to make transitioning to fail-over and load balancing easy are also in the mix.

Thanks!