1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Question Correct configuration of own DNS servers

Discussion in 'Plesk Onyx for Linux' started by Dukemaster, May 14, 2017.

  1. Dukemaster

    Dukemaster Regular Pleskian

    18
     
    Joined:
    Nov 21, 2016
    Messages:
    252
    Likes Received:
    36
    Location:
    Rhein-Main - Berlin
    Hi @ all,
    since last week I use own DNS servers with PLESK as primary name server for each domain to use the DNSSEC extension (additional licence key, bundled).

    1. Is it necessary to create the name servers subdomains in my providers Control Panel, e.g. ns1.arox.eu, ns2.arox.eu?
    2. Is it necessary to also create the name servers as subdomains in PLESK Panel, e.g. ns1.arox.eu, ns2.arox.eu or (what I don't think) even as regular subscription?
    3. I have a second IPv4 which I formerly used as didicated for one other domain. Yesterday I changed this IP to shared. Perhaps to make the whole DNS configuration in a better way. But how to do this, I don't know.

    Lots of greets
     
    Last edited: May 14, 2017
  2. scsa20

    scsa20 Regular Pleskian Plesk Guru

    28
    23%
    Joined:
    Jul 17, 2009
    Messages:
    163
    Likes Received:
    38
    Location:
    Phoenix
    Best Answer
    Hello there @Dukemaster,

    You do not need to create the actual sub domains but it also doesn't hurt to create 2 A records for ns1 and ns2 so it can be routed properly.

    Here's what I did:

    Create an A record for ns1 pointing to the first IP address that you wanting to use (this IP address but be associated with your plesk or DNS server)
    Create an A record for ns2 pointing to the second IP address that you wanting to use (this IP address but be associated with your plesk or DNS server)
    Create an NS record pointing to ns1.arox.eu (this step is more likely not needed but I did it anyways)
    Create an NS record pointing to ns2.arox.eu (again, more likely not needed but did it anyways)

    Once this is set, log into your registrar and create 2 glue records, one for ns1.arox.eu pointing to the same IP address that you set for your first A record and do the same for ns2.arox.eu. Once the glue records has been created you can then update the name server on the registrar to ns1 and ns2.arox.eu respectfully.

    Like I said, that's basically how I did mine (using your domain as the example) and it worked, just told my clients to update their name servers to point to my ns and it routed just fine.
     
    Dukemaster likes this.
  3. Dukemaster

    Dukemaster Regular Pleskian

    18
     
    Joined:
    Nov 21, 2016
    Messages:
    252
    Likes Received:
    36
    Location:
    Rhein-Main - Berlin
    Hi @scsa20 first thank you very much for your detailed good advice and help.
    But the problem is, that exactly your configuration was already made automatically by PLESK.
    For .com and .eu domains I can change the nameservers in 1and1 provider panel to ns1.arox.eu and ns2.arox.eu. The A and AAAA records I've already set to standard IPv4 and IPv6. It works. One domain cosirex.com I gave my second IPv4. That's all.
    The DNS Configuration like seen in the screens and written in the bottom is working, but in DNSSEC I have the corresponding .eu to A/AAAA problem
    I can only guess that is has to do with the secondary nameserver. ns1 and ns2 have the same IP's (v4 and v6) perhaps this is the problem.
    In my opinion it's only a little mistake in configuration, would be great if You or someone else have a example or inspiration what is wrong.

    But the two .de domains. I always get the output "false DNS configuration" when I change the nameserver to for example to ns1.and ns2.bilder-designs.de. Domain panel switches back to 1and1 standard configuration.
    But when I use as secondary nameserver 1and1 then automatically a slave nameserver by 1and1 (slv1.bilder-designs.de) will be used/created.
    And I get the output on vid that there are glue records but "No DS records found for arox.eu in the eu zone" and
    arox.eu:
    --- A=IPv4 + AAAA=IPv6
    --- Nameserver: ns1.arox.eu (same IPv4 + IPv6) + ns2.arox.eu (same IPv4 and IPv6)
    --- Subdomains: (only in provider domain panel, not PLESK) ns1.arox.eu (same IPs like everywhere) - ns2.arox.eu (same IPs like everywhere)
     

    Attached Files:

    Last edited: May 15, 2017
  4. scsa20

    scsa20 Regular Pleskian Plesk Guru

    28
    23%
    Joined:
    Jul 17, 2009
    Messages:
    163
    Likes Received:
    38
    Location:
    Phoenix
    OK, you didn't mention anything about using DNSSEC, just how to setup DNS :p

    Anyways, since you're using the DNS server that's part of your own server, make sure you have the DNSSEC extension installed, go to your domain and go into DNSSEC (this needs to be done from your server not from your registrar if you were trying set up DNSSEC from the registrar) and click on "Sign the DNS Zone"

    Once you click that, just follow the instructions to sign the zone, it will then give you 4 DS records that you need to manually add, so open up the DNS section of the domain within plesk and add in the 4 DS entries that it gives you and you'll be all set.
     
    Dukemaster likes this.
  5. Dukemaster

    Dukemaster Regular Pleskian

    18
     
    Joined:
    Nov 21, 2016
    Messages:
    252
    Likes Received:
    36
    Location:
    Rhein-Main - Berlin
    Thanks for help @scsa20 .
    Here we are. Last week I did exactly this. First with providers nameservers, I had 3 issues (red points) on DNSSEC Analyzer
    But from the day I used own DNS servers two errors were elimated. Photo3 and Photo24
    Now I have only one error: No DS records found for arox.eu in the com zone.
    You can see it in the screens. On DNSViz | A DNS visualization tool it is decribed in a more detailed way.
    Which leads back to the beginning:
    Something seems to be wrong with nameserver configuration around none corresponding between parent and child zone.

    @UFHH01 gave a hint about creating ptr entries. I wish he would tell me how to do this. In present time there seems no need for these entries in standard DNS-config with providers nameservers. I didn't have PTR entries since a long time.
    If needed I would need someone who tells me exactly how to set them (also where: Plesk +- providers panel).

    Photo1 -DNSSEC-DS-Issue-1.jpg

    Photo 2 - https://talk.plesk.com/attachments/dnssec-issue-jpg.12782/

    Photo 3 - https://talk.plesk.com/attachments/dnssec-0-jpg.12756/

    Photo 4 - https://talk.plesk.com/attachments/dnssec-1-jpg.12757/
     
  6. scsa20

    scsa20 Regular Pleskian Plesk Guru

    28
    23%
    Joined:
    Jul 17, 2009
    Messages:
    163
    Likes Received:
    38
    Location:
    Phoenix
    OK, looking at the error more closely, it's talking about your Glue Record for ns2 not having an IPv4 Address and your glue record for ns1 doesn't have an IPv6 record even though ns1 has an IPv4 record and the ns2 has an IPv6 record. I need to see how your DNS itself is setup, but you basically need to match your glue records (what's configured on 1and1) with how you've got your DNS A and AAAA records configured. If the glue records isn't matching with what you've got configured for your A records for your ns1 and ns2 then you're going to get that warning.
     
    Dukemaster likes this.
  7. scsa20

    scsa20 Regular Pleskian Plesk Guru

    28
    23%
    Joined:
    Jul 17, 2009
    Messages:
    163
    Likes Received:
    38
    Location:
    Phoenix
    Oh and almost forgot. Make sure you add the DS record with your registrar too, so it makes the DNSSEC-Debugger happy that everything is signed (it should also make dnsviz showing everything else is secured).
     
    Dukemaster likes this.
Loading...