• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Plesk vs. Nameservers - Advanced Configuration

J

john39390000

Guest
I'm confused about how Plesk interacts with a nameserver hosted on the same dedicated server as your Web sites.

1. Where in Plesk do you access the BIND nameserver itself? For example, to assign what IP it uses, and edit global nameserver settings?

2. In the Plesk server-wide DNS template, it indicates the template will create records for new domains with "ns.domain". But nameservers are typically named "ns1." and "ns2." -- and they might be named anything else as well. So is Plesk actually setting up "mydomain.com" to use a nameserver of literally "ns.mydomain.com" when that specific "ns." nameserver doesn't exist?

3A. How do you switch the local nameserver to be a slave for all hosted domains at once?

3B. If you switch the nameserver to be a slave per-domain, where do you enter the IP of the master server for that domain?

4. Two obscure things I think (?) you're supposed to do are: assign the nameservers themselves a nameserver; and setup a "reverse lookup" nameserver. How are these things done in Plesk (if these points are accurate)?

5. If you want to be unwise and direct both of your registered nameservers to your one dedicated server, what exactly should you do? Do you set up two "instances" of BIND, and assign each a separate IP? Or do you assign two IPs to the one "instance" of BIND? Or do you have to register both of your nameservers at your domain registrar with the same IP (which I think some registrars won't let you do)?


Thanks
 
named listens on all IP addresses that are active on the server by default so there's no configuration to worry about.

/etc/named.conf is the configuration file for named (on RH-type OSes). You would modify it using a text editor if you needed to.

The Plesk DNS template is just that -- a template. You are expected to modify it to fit your needs. Remove the ns.<domain> and so on and add ns1.yournameserver.com and ns2.yournameserver.com or whatever instead.

You do not set up reverse DNS yourself - your ISP does that. Your ISP being the company responsible for the IPs that your server is allocated.

rDNS translates IP addresses to real names. It is what the PTR record you'll find that Plesk adds by default to your DNS is for. Except nothing external will ever use the rDNS records because as I mentioned this is handled at the ISP level.

I don't understand what you mean about assigning nameservers to nameservers.

I'm not sure about the rest but there's nothing wrong with having two IP addresses on your server, and creating nameserver host records at your registrar where ns1 is one IP and ns2 is the other one (remember, named is listening on all active IPs so it will answer requests sent to either of them). After all if your nameserver goes down it probably means everything else is down so there's no need to have a separate machine that's still capable of answering DNS requests since websites/email still won't work.
 
>named listens on all IP addresses that are active on the server

Thank you Faris that clears up a lot.

I worry though, is there no impact for sure on Web server performance if tons of DNS inquiries are coming in on the same IP that you have assigned for exclusive use by a Web server you are hosting on your machine? And no security issues if that site is using an SSL certificate?

Is it best-practices to leave your (one or) two nameserver IP's with no Web sites assigned to them? Plesk doesn't seem to encourage this -- there's no way to identify an IP in the account as being used by/reserved for the nameserver(s).



> I don't understand what you mean about assigning
> nameservers to nameservers.

Something obscure about someone doing a DNS lookup of your nameserver itself (as a server) or a figment of my imagination... Something about a "glue" record maybe?



> nothing wrong with having two IP addresses on your server,
> and creating nameserver host records at your registrar where
> ns1 is one IP and ns2 is the other

There are some issues -- most noticeably if both nameservers are down at the same time, incoming email bounces as undeliverable rather than queuing for later delivery...
 
On Global Editing

Is there really no way to do global edits -- master/slave nameserver settings, TTL, etc -- for all hosted sites? I only have 18 sites to trudge through manually -- what about someone with 300?
 
You can do global edits with a SQL quiery.

Talking of which, even if you do so and set a TTL of 5 minutes (which is what we have on all domains), you won't notice named taking much CPU and certainly no significant bandwidth. It really isn't a problem.

I can't see any advantage whatsoever of dedicating IPs to DNS (i.e. have no websites associated with it). DNS requests and HTTP (etc) requests all use a different ports.

Obviously if a vulnerability exists in Bind that allows a remote attacker to do something bad then you are stuffed if it is running on the same system as the one doing your web hosting. But the last version it has been out for yonks and is used in millions of places with no problem for many years now.


Glue helps with the chicken and egg situation where Server A wants to know the IP address of mydomain.com. The first step is to find out what nameservers are associated with mydomain.com. But how does it do a DNS request for the nameservers of mydomain.com if it doesn't know mydomain.com's IP address? The glue is provided in the form of the namserver hosts records that you'll have created at your registrar. This says ns1.mydomain.com is at IP address a.b.c.d where it can then look to do a DNS lookup.

On your system, you will have ns records of ns1.yourdomain.com and ns2.yourdomain.com for each domain you host. In addition, you'll have A records in the DNS for mydomain.com pointing ns1.yourdomain.com (etc) to the correct IPs.

Any lookups done on your server on domains hosted on that server will look at an external DNS server or at your local DNS records depending on how resolv.conf/hosts.conf (I think - can't remember off-hand) has been configured. Either way the request eventually comes back to whatever ns1 and ns2 point to for the domain being asked about.

That is unless there has been a previous lookup and the TTL has not expired, in which case there may be a cache of the record in various DNS servers that might be used instead of any up to date info.

Good point about email and DNS. I didn't think of that!

Faris.
 
Back
Top