nameserver is not resolving - hetzner root server

Question

I bought new root server on hetzner with 2 additional IPs.

CentOs 6.4 minimal version is installed.

Based on this tutorial i assigned 2 additional IPs. ie, duplicated ifcfg-eth0 file to ifcfg-eth0:1 and ifcfg-eth0:2, then changed IP. It works.

These additional IPs are used nameserver registration and registered ns1.thefaceofsouthindia.com and ns2.thefaceofsouthindia.com on namecheap.com.

After that i installed centminmod v1.2.3 then created vhost using centminmod option #2 and then done NSD setup using option #3.

centminmod is installed with NGINX, PHP, MariaDB, NSD and CSF Firewall.

Still, my nameserver is not resolving - I tested with intodns.com/thefaceofsouthindia.com.

Is there any other steps i have to do because it is root server.

I can able to access 144.76.90.206 IP using browser but not domains.

Answer 1

I am not sure why they call these servers "root servers". They look like ordinary colocated servers to me. It might be an incorrect translation.

Anyway, there is nothing magic about ns1 and ns2 subdomains. By convention these are nameservers for the domain, but this is neither necessary nor automatic. What you need is to establish glue records. Your DNS registrar should be able to do this for you.

Those records are stored in the TLD DNS servers (the nameservers for com. in this case), with A (and hopefully also AAAA) records for your nameservers. There should be a glue record for each of your nameservers which you provided for the NS records for your domain (if you didn't, you need to set these to your ns1 and ns2 subdomains to host your own DNS as well. This provides the "glue" that allows DNS resolvers to find your nameserver so they can query it for the rest of your domains.

Anyway, after looking at it a bit more, it looks like you've already done this - but for some reason, 144.76.90.206 (and not your nameservers 144.76.90.220 and 144.76.90.221) are replying to the DNS requests. Replies from a different IP address than the query was sent to are not accepted as responses to DNS queries.

This is especially strange. Firstly, you should look at your firewall configuration in case you have something strange happening (such as source NAT setting the source address oddly, or more likely your server is setting the source address of all outbound UDP traffic on your WAN interface to the primary IP of the interface).

Secondly, it is important that you not only provide two different IP addresses for your DNS resolution, but that it be two separate servers on two separate links, preferably in two separate locations. The point of the two-nameserver BCP is to increase reliability in case one site goes down. It looks like you have assigned all 3 IP addresses to the same server; this is not a good way to do it.

It's actually OK to host a nameserver on the same IP as the website, if you're using the server that hosts the website for DNS. This can free up one of your static IP assignments (so you can use it for something else or stop paying for it). For the other nameserver, you really need to move it to another server (unless your website has extremely high traffic, something cheap and tiny like an AWS micro instance is usually more than adequate for this). You could also consider paying someone else to host your DNS.