How to create a custom nameservers for my domain and my clients can use it to point their domain

Question

I know this is a general question but I tried a lot of solutions without any success.
What I want to do is to create a custom nameserver like ns1.example.com/ns2.example.com
I tried bind9 but I always get "Nameserver is not authoritative for example.com"
I did multiple configurations and the same error I even tried with CWP7.

zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
};

zone "159.223.120.in-addr.arpa" {
    type master;
    file "/etc/bind/db.159";
};

the db.example.com

$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                            300         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns1.example.com.
@       IN      NS      ns2.example.com.
@       IN      A       xxx.xxx.xxx.xxx
@       IN      AAAA    ::1
ns1     IN      A       xxx.xxx.xxx.xxx
ns2     IN      A       xxx.xxx.xxx.xxx

Is there a link or something that would be helpful?

And so what's inside `/etc/bind/db.example.com`? (By the way, the reverse zone is a different beast; most likely you *don't need one* because you won't have one to be delegated to your server.) — Nikita Kipriyanov, Sep 01 '22 at 06:18
Thanks for your replay i edited the question to include /etc/bind/db.example.com . — lhbib hbart, Sep 01 '22 at 16:38

Nikita Kipriyanov · Answer 1 · 2022-09-01T16:57:57.423

1

Your SOA record is wrong. This is why BIND refuses it.

Its data should be: SOA nameserver email serial refresh retry expire negative

nameserver must be one of authoritative nameservers for the zone, that is, ns1.example.com or ns2.example.com, the one which could accept the dynamic updates. If DNS AXFR/IXFR is used to distribute the zone data (e.g. BIND master/slave), master is specified in that field. If you configure update forwarding on the slave, it doesn't matter which one you speficy there. If the replication is carried out via some other mechanism (AD DS database replication in case Microsoft DNS server, backend replication in case PowerDNS native zones, and so on), or if the dynamic updates are not used for the zone, the choice could be completely arbitrary.

email is administrative contact email address where @ is replaced with ., e.g. dnsadmin@example.com becomes dnsadmin.example.com.

Others are numbers, yours are good enough. Parethesis are the way to split a single record into several lines, just a syntactical element; you could have written all record fields in one line without them.

The valid SOA record as it could appear in the zone file might look like this:

@       IN      SOA     ns1.example.com. dnsadmin.example.com. (
                            300         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
example.com. IN NS ns1.example.com.
ns1.example.com. IN A xxx.xxx.xxx.xxx

(I included also the in-zone nameserver definition, so the sample above is in fact a complete correct minimal zone file in case the nameserver name belongs to a zone itself.)

Also, I think you don't really want to have the record

example.com. IN AAAA ::1

This is "ipv6 localhost" address. Why would you want to specify a correct working public IPv4 address and localhost IPv6? The dual-stack users which have their systems to prefer IPv6 if it is available will not be able to use your web site. If you don't have IPv6, just remove this record. If you do have it, configure a correct IPv6 address instead of ::1.

edited Sep 01 '22 at 16:57

answered Sep 01 '22 at 16:44

Nikita Kipriyanov

8,033
1
21
39

Thank you i really appreciate your answer i will try to implement you suggestions . – lhbib hbart Sep 01 '22 at 18:37
Hi sorry about all this questions i think i finally understand that i need to create a db config for every domain pointing to my name servers is there a way that i don't need that to authoritative all domains with my nameservers ? – lhbib hbart Sep 01 '22 at 19:51
I don't understand your question. If you delegate some domains to the nameserver (e.g. "point to"), that nameserver *must be* authoritative for that domain; that's a definition of being authoritative. Your problem was basically in inconsistency of the zone file; you had `localhost` where some zone's authoritative nameserver (also declared in one of its NS records) should appear. It is not required, however, that nameserver name should belong to the zone. `domain.com` might be served by `ns.domain.net`; in that case you won't have that A record in the zone, but everything else remains. – Nikita Kipriyanov Sep 02 '22 at 01:59
i just want my clients to go to any domain registerer and buy a new domain put my dns in their domain and get linked to my server. is bind the right way – lhbib hbart Sep 02 '22 at 16:27
to get the full idea what i am doing now is just giving them the cname and they use the registrer dns but GoDaddy doesn't accept cname for root domain, i can give them the ip address to put in a record but what if I changed the ip or something like that. – lhbib hbart Sep 02 '22 at 16:35
1

It's not GoDaddy is bad guy who doesn't accept cname for a root domain, that's simply impossible. You'll not be able to do that too. – Nikita Kipriyanov Sep 02 '22 at 17:24
i can do it in namecheap, and is bind9 the right way do i need to create an authoritative file for every new domain in my server ? – lhbib hbart Sep 02 '22 at 17:44
1

[CNAME at the apex is impossible.](https://serverfault.com/questions/613829/why-cant-a-cname-record-be-used-at-the-apex-aka-root-of-a-domain) – Nikita Kipriyanov Sep 02 '22 at 17:46
Thanks for the link i'll read through it. but the bottom line is there is no way i can do this without creating a db config for every domain ? – lhbib hbart Sep 02 '22 at 20:24
It is possible to have the exactly same contents for several zones. The default BIND config as shipped in Debian uses that for RFC1918 reverse zones (see `db.empty` and `zones.rfc1918`; I guess you probably started yours with that empty zone and just forgot to update SOA). You also can leverage the fact `$ORIGIN` has the starting value of zone name from a config, therefore if you leave all names relative, your zone will fit any domain. But such zones will all have exactly same structure. – Nikita Kipriyanov Sep 03 '22 at 03:21
Thanks for your replies i solved my problem by adding this zone ``` zone "." { type master; file "/etc/bind/db.all"; }; ``` – lhbib hbart Sep 03 '22 at 23:22
"nameserver must be one of authoritative nameservers for the zone, " That is not true. Nothing says the `SOA` record nameserver part should reference any publicly available authoritative nameserver. See `SOA` record of `fr.` for example. – Patrick Mevzek Sep 14 '22 at 16:57

How to create a custom nameservers for my domain and my clients can use it to point their domain

1 Answers1