0

My vps has private nameservers I have a DNS zone defined on the vps.

On my godaddy domain, there is a dns zone file section under domain details (which still has some info)

I have used multiple tools to check my DNS records and all the information delivered is from the DNS zone defined on the vps. (which is what I expected, I don't know if this is good security wise)

Questions:

  1. Now I am wondering what happens to the info at godaddy's zone file?
  2. If it is being delegated to my vps DNS zone, what should remain in godaddy's zone file?
  3. Should it just contain an a host record pointing to the vps ip? (Delete everything else?, All the CNAMES and stuff)
Andrew B
  • 31,858
  • 12
  • 90
  • 128
PrivatMamtora
  • 111
  • 8
  • Answering DNS questions is difficult [without the actual domain name](http://meta.serverfault.com/questions/963/what-information-should-i-include-or-obfuscate-in-my-posts). – HBruijn Mar 10 '15 at 13:14
  • @HBruijn privatmamtora.com. Since I was asking 'how something works' and not 'is my stuff broken', I didn't think it was needed – PrivatMamtora Mar 10 '15 at 13:16

3 Answers3

3

ns1.privatmamtora.com and ns2.privatmamtora.com are the authoritative name servers for your domain. As such, nothing needs to remain at GoDaddy.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Nothing? So what points the domain to my vps? – PrivatMamtora Mar 10 '15 at 13:58
  • I don't understand the question? What points the domain to your VPS? What is your VPS? a website? A server? In any event, you create the DNS records in your DNS zone on the servers that are authoritative for your DNS zone, which are `ns1.privatmamtora.com` and `ns2.privatmamtora.com`. – joeqwerty Mar 10 '15 at 14:02
  • The Registrar (GoDaddy) is responsible for telling the gTLD servers about your name servers. Aside from that, GoDaddy has no responsibility for your DNS because you've delegated `ns1.privatmamtora.com` and `ns2.privatmamtora.com` as your domain's name servers. – joeqwerty Mar 10 '15 at 14:04
3

In general the registrar manages, on your behalf, which name servers are set for your doamin in the root servers of the Top Level Domain, in that regard they're always "in charge".

You can confirm they have indeed delegated your domain to your own name servers by either looking up the "whois" records for the domain, or query the root servers of the TLD directly. The latter is easily done with the dig command line tool:

dig +trace privatmamtora.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> +trace privatmamtora.com
;; global options: +cmd
.           318 IN  NS  [a-m].root-servers.net.

;; Received 228 bytes from 8.8.4.4#53(8.8.4.4) in 130 ms

com.            172800  IN  NS  [a-m].gtld-servers.net.
;; Received 507 bytes from 192.36.148.17#53(192.36.148.17) in 139 ms

privatmamtora.com.  172800  IN  NS  ns1.privatmamtora.com.
privatmamtora.com.  172800  IN  NS  ns2.privatmamtora.com.
;; Received 103 bytes from 192.42.93.30#53(192.42.93.30) in 358 ms

privatmamtora.com.  14400   IN  A   104.238.124.94
privatmamtora.com.  86400   IN  NS  ns2.privatmamtora.com.
privatmamtora.com.  86400   IN  NS  ns1.privatmamtora.com.
;; Received 119 bytes from 104.238.124.94#53(104.238.124.94) in 160 ms

So the domain is running from your own name-servers and the records at GoDaddy are redundant and can be removed.

(Often when you change from DNS managed by your registrar to your own nameservers, the registrar won't immediately remove the DNS zone/records for your domain from their name-servers. DNS updates take time so that allows for a painless transition.)

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • Ok, but what about the rDNS(ptr) record? For some reason it is still pointing to a *.secureserver.net (godaddy). Where is it? I cleared out everything, but it still comes up. – PrivatMamtora Mar 10 '15 at 14:05
  • 2
    Reverse DNS is typically only delegated to the owner of the block of ip-addresses, not to the end-user of an ip-address. Typically that means you'll need to use the management tooling of your hosting provider to set-up the reverse DNS for the servers you rent with them. – HBruijn Mar 10 '15 at 14:12
2

In your settings you should find a section where ns1 and ns2.privatmamtora.com have been specified as DNS servers, with IP addresses of 104.238.124.94 and 166.62.52.157. This is specifying where GoDaddy "steers" DNS clients on the internet. If these are the IP addresses of DNS servers that you manage, you can do whatever you like with the zones.

Be very, very careful however. When I do a reverse DNS lookup on those IP addresses, I'm getting suffixes of secureserver.net which are names that I associate with GoDaddy's DNS servers:

# dig +short -x 104.238.124.94 -x 166.62.52.157
ip-104-238-124-94.ip.secureserver.net.
ip-166-62-52-157.ip.secureserver.net.
Andrew B
  • 31,858
  • 12
  • 90
  • 128
  • Yes that is also something I am trying to fix. Any ideas? – PrivatMamtora Mar 10 '15 at 14:08
  • Are those IP addresses associated with your VPS? If so, you will need to talk to whoever gave you those IP addresses and ask if they will let you manage the reverse DNS for those IPs. If not, ask them to change the reverse DNS records for you. As I said however, I'm used to seeing `secureserver.net` when interacting with servers *owned and operated* by GoDaddy. If you get your VPS through GoDaddy, this is probably fine. If not...be very careful with these changes that you're making... – Andrew B Mar 10 '15 at 14:10
  • Godaddy has replied say that they do not allow self management of rDNS – PrivatMamtora Mar 12 '15 at 17:20