Issue DNS Master does not propagate information

[CobraArbok]

We have a VPS with a provider.
The DNS in Plesk is configured as Master.
When we create a domain in Plesk we leave the default settings.
We therefore expect to see the DNS settings in Plesk online.
Instead we continue to see the ISP's DNS settings.

plesk repair dns does not report any issues.
At this point we can't understand what blocks us.

Thanks in advance for any advice.

 

[Monty]

New domains to not magically register themselves in the DNS After you create a domain in Plesk and on the Plesk DNS server, you'll need to register your nameserver(s) at the registrar of your domain.

So, check the records at your registrar: Which nameservers are registered at your registrar? Those nameservers should be your Plesk server.

 

[CobraArbok]

Obviously the domain is already registered on the same provider that sells me the VPS.
To be able to see the website installed in Plesk I have to modify the A record on the DNS of the provider making it point to the static IP address of the VPS.
At this point the website is viewed.
However, if all the changes I have to do on the DNS of the provider, then it is useless that it goes to replicate them on the DNS in Plesk.
I prefer to have them in Plesk because, in addition to having more control over the settings, I can make copies of them and migrate them to a new server if it is necessary to change ISPs.

 

[Monty]

Well that's probably because your domain is NOT pointing to your own nameserver at the registrar.
That's why I asked: Which nameservers are registered at your registrar?

A simple WHOIS query will give you the answer. If you see the nameservers of your provider in there, then your own nameserver will not be taken into account.
The solution in that case is: Register your own nameserver at your registrar and delegate your domain to that nameserver instead of your ISP's nameserver.

If unsure, please post the domain name.

 

[CobraArbok]

I'm sorry, but never thought of having to register the nameserver.
The domain I'm doing a test on is labidee.net and the ISP is 1and1 / Ionos.

 

[Monty]

Your domain is registered to the following 4 nameservers at your registrar:

# dig +short labidee.net NS
ns1087.ui-dns.de.
ns1019.ui-dns.biz.
ns1106.ui-dns.com.
ns1043.ui-dns.org.

So, the DNS settings of that domain on your own server have no effect.

Solution:
1) Make sure you have 2 DNS records on your Plesk server like ns1.labidee.net and ns2.labidee.net that point both to the IP of your server
2) Register ns1.labidee.net and ns2.labidee.net at your registrar
3) Point your domain labidee.net at the registrar to ns1.labidee.net and ns2.labidee.net instead of the ns*.ui-dns.* nameservers. This will make your own DNS server the authoritative nameserver of your domain.

You can use the same 2 nameservers for future domains, so you'll only have to perform this registration process of your nameservers once.

 

[CobraArbok]

Many thanks.

I am sincere, never registered a nameserver and neither did I know it could be done.
So you don't know where to register a nameserver, what the practice is and how much it costs.
Certainly my ISP does not register them. It allows me to use others, but not to record one.

Alternatively, what do I do?
Do I configure DNS as a Slave or disable it?
Being a VPS it only manages websites in Plesk, there is no LAN or even a virtual network.

And if in the DNS in Plesk I put the reference to the ISP nameserver in the NS record, what happens?

 

[Monty]

Many thanks.

I am sincere, never registered a nameserver and neither did I know it could be done.
So you don't know where to register a nameserver, what the practice is and how much it costs.
Certainly my ISP does not register them. It allows me to use others, but not to record one.

Check with the company where your registered your domain name. Those companies usually offer you to use their own DNS servers or external (eg. your own) DNS servers. Can't tell you about pricing, you'll have to check that with them.

Alternatively, what do I do?
Do I configure DNS as a Slave or disable it?
Being a VPS it only manages websites in Plesk, there is no LAN or even a virtual network.

And if in the DNS in Plesk I put the reference to the ISP nameserver in the NS record, what happens?

If you can't change the nameservers of your domain at your registrar then you can disable the DNS service for this domain on your Plesk server, as those entries will not have any effect. In that case, all DNS entries must be managed on the DNS servers of your registrar.

 

[peterbo]

This will make your own DNS server the authoritative nameserver of your domain.

This is a good advice, but not a great one. You do not want to stress your own server with potentially thousands of DNS queries. Apart from that, "real" nameservers are placed near backbones and answer extremely fast. That is nothing which can be / should be done by your own server.

The "more" correct solution is to set your Plesk DNS as a "hidden primary" at your Domain registrar's DNS. Their nameservers will then get all values from the Plesk DNS in a single query and be autoritative for your domain.

 

[Ales]

Well, using a hidden master configuration is a solid advice. We us such a configuration where three dedicated DNS instances on separate geographical locations serve as secondaries for a number of hidden masters.

But that being said, I honestly doubt that running primary DNS would cause any noticeable change in CobraArbok's server's load, let alone any stress on the server. DNS as such is extremely lightweight and we're talking about an authoritative DNS for a very limited number of domains, not about a recursive public DNS. I would always insist on arranging a proper secondary DNS though, preferrably on a separate location.

To take this a step further, I should also mention that while I know Cloudflare and such services are all the rage now, I also honestly think this kind of approach is detrimental to the freedom and stability of the internet as a whole. Sure, there are situations where you want to optimize your DNS presence world wide, but in other cases (namely, a majority of the internet content) running your own DNS can and should be completely fine.

 

[peterbo]

running your own DNS can and should be completely fine.

I agree, as long as you're running a personal blog about cats. As soon as you have visitors from outside of your server's direct peerings, or performance of your site is important (and I can't think of a single case, where this is not important), it's not. There is a reason for technologies like anycast. Apart from that, DNS infrastructure is complex and redundant, and there are many reasons for that. Following the recommendation a few posts above, the thread creator should create 2 ns subdomains and point it to the same IP of his server. If this isn't detrimental to the stability of the internet, I don't know what is.

this kind of approach is detrimental to the freedom and stability of the internet as a whole

Why is that?

 

[Monty]

This is a good advice, but not a great one. You do not want to stress your own server with potentially thousands of DNS queries. Apart from that, "real" nameservers are placed near backbones and answer extremely fast. That is nothing which can be / should be done by your own server.

The "more" correct solution is to set your Plesk DNS as a "hidden primary" at your Domain registrar's DNS. Their nameservers will then get all values from the Plesk DNS in a single query and be autoritative for your domain.

I agree that this makes sense for larger enterprises, but I consider this approach "too overkill" for a simple Plesk server with a couple of domains. That's why I didn't even suggest this solution. Also, I don't think that the current DNS provider of the original poster would support this setup.

 

[peterbo]

Also, I don't think that the current DNS provider of the original poster would support this setup.

You "made it work" for the OP, so everything is good. I just wanted to chime in and tell about the risks - reflection attacks and bad recursion settings are only two examples. People tend to leave their aging servers (old OS and Plesk versions) open in the internet, which are being used as spammers and DNS reflectors. As far as I know, there is no DNS rate limiting in Plesk.
So it is also no bad advice to just organize the DNS settings at 1&1 and deactiving Plesk's own DNS capabilities. There is also no problem with that.

 

[learning_curve]

...you can disable the DNS service for this domain on your Plesk server, as those entries will not have any effect. In that case, all DNS entries must be managed on the DNS servers of your registrar.

In support of this item, we're using cloud servers not VPS, but we do exactly this ^^ and we do use 1and1 IONOS. The 1and1 IONOS dns setup is now (finally...) flexible, adpatable and quite useful e.g. domain / sub domain / mail. domain / www. domain / etc etc all with A / AAAA / MX / SPF(TXT), CAA, TXT (for _acme-challenge use), TXT (for default._domainkey use) CNAME records etc etc. All of them work perfectly for us.

...So it is also no bad advice to just organize the DNS settings at 1&1 and deactiving Plesk's own DNS capabilities. There is also no problem with that.

Again in suport of this item, there's definitely no problem with this in our opinion too. The item relevant to both posts is to turn off (disable) DNS within Plesk if you proceed and use 1and1 IONOS for all your DNS requirements, because, it no longer serve any purpose.

 

[CobraArbok]

First of all thanks to all of you for your contribution.

In my work I try to be very pragmatic.
The last time I struggled so much for a DNS was 15 years ago, or maybe more.
I don't even remember if it was an MS NT server or a Novell Border Manager, in Netware.

Most of us who work with an ISP use DNS managed in Plesk or cPanel mainly to create subdomains or refer to another mail server.
Few of us, I believe, need to register a dedicated nameserver.

Working with Plesk I did not reflect on the fact that it is a tool that also providers use and therefore that many features are useless or redundant for a "normal" use.
Certainly the fact that different NS records are created for each domain is already, IMHO, an error because there should be a general option to define a nameserver that is then replicated on all the domains created.

Going back to my problem.
Yes, it's true. Today the Ionos DNS is much more flexible than 1and1.
I preferred to work on Plesk's because for every change I have to: open a new browser window, call up the Ionos page, log in access the contract list, select the contract, select the DNS management service, select the domain, select the subdomain and finally make a change and then wait for it to be made available.
Also, if tomorrow I wanted to transfer my server to another server or another ISP, I also have to replicate all the changes made. If they were in Plesk, I'd move them along with the server.

To ask for a Hidden Primary Master is not practicable. Registering a name server, as I said in a previous post, I confess that I don't even know where to do it.

On this VPS at the moment there are about 25 domains and another 20/30 subdomains. The workload at the moment is low and therefore can very well be on just one VPS. In a different situation I will move the domains to other servers and in that moment I will already have to change the settings in the Ionos DNS.

Surely there is one thing; what you are telling me now, even the help desk of Ionos could tell me instead of making us lose a week of work to understand what was happening and read tons of documents already read, just to look for the comma that we had missed in previously.

To the solution, summarizing:
1) Where can I register the nameservers?
2) I wonder if with a Cloud Server or dedicated the situation would be different.
3) Working with Ionos DNS, is better to disable DNS in Plesk or configure it as a Slave?

 

[learning_curve]

1) Where can I register the nameservers?
2) I wonder if with a Cloud Server or dedicated the situation would be different.
3) Working with Ionos DNS, is better to disable DNS in Plesk or configure it as a Slave?

Assuming that you're asking these 3 questions in relation to 1and1 IONOS...

1) Go to Domain / NameServer / Use Custom NameServers and you'll be prompted for of all the initial required details / changes in order to do this.

2) As mentioned, we use 1and1 IONOS Cloud Servers not 1and1 IONOS VPS and yes, it might be different, but 1and1 IONOS Cloud Server and VPS Support Teams are different anyway, so we can't check for you, sorry.

3) As we posted previously, we simply disable DNS in Plesk and in our opinion (for our setup) we'd say that's enough. Why would we actually need Slave DNS? Not having this Slave DNS setup means less work / less config checks etc Other's may post valid reason for the exact opposite, but in our case, we don't see the requirement.

Only other thought is, if you do opt for custom nameservers, we think you may need to create glue records as well, to ensure everything work properly. This is not required when using the 1and1 IONOS Cloud Server DNS setup.

Finally, one minor point on 1and1 IONOS. We've ensured all our different domains are all under the same contract. So we simply need to login, select the domain (or the subdomain) and then make a change. With a cloud server these happpen very quickly so there's no waiting for availabliilty but again 1and1 IONOS VPS may well be different

 

[DieterWerner]

@learning_curve
All of this is also valid for a V-Server.
The plesk DNS Server is nearly useless.

 

[CobraArbok]

OK, I agree too.
So, I fix the problem and disable DNS in Plesk.

Before considering the thread closed, I bring to your attention a reflection of my colleague that I consider right.

Someone could have a VPS to manage a couple of corporate Internet websites for presentation.
But then it could also have a cloud server to manage an eCommerce and one or more physical servers located in the company offices.
In this case it would not make sense to manage the DNS on the provider panel, but directly on the server, with Plesk or simply with Bind.

To look at things in this way there is not much difference with the current situation that could be imagined as the first step of a larger project.

 

[learning_curve]

....Someone could have a VPS to manage a couple of corporate Internet websites for presentation. But then it could also have a cloud server to manage an eCommerce and one or more physical servers located in the company offices.In this case it would not make sense to manage the DNS on the provider panel, but directly on the server, with Plesk or simply with Bind....

That's true but, there are always other hosting options too For example: The 1and1 IONOS Cloud Server could easily run both of those "VPS corporate Internet websites for presentation" but setup as subscription domains, at the same time as the eCommerce site(s) domains but, they would all be setup on individual, specific IP addresses (which is no problem on both the 1and1 IONOS Cloud Server and Plesk). That would result in just one 1and1 IONOS contract & a more sharply focused server / DNS management too. That's just one example, there are lots of other options when using 1and1 IONOS. If it's a different hosting company, then no doubt, there's even more options available. The opening post was related to an issue with DNS / Plesk / 1and1 IONOS, but thanks to a few different posters on this thread, it has hopefully been answered now?

 

[peterbo]

Registering a name server, as I said in a previous post, I confess that I don't even know where to do it.

Just for the completeness of the post - IMHO one of the best nameserver providers is DNS Made Easy (DNS Made Easy | Fastest and Most Reliable Enterprise DNS Provider). It is not only speed that matters, but it helps and there are tons of other features (including hidden primary / secondary setting: Secondary DNS Services | DNS Made Easy) - see April 2019 DNS Speed Comparison Report for reference.