0

The first dedicated server I setup two custom nameserver at registrar to server 1 ips and set the whole domain to those two namservers. (lets just say my domain is server.com)

ns1.server.com
ns2.server.com

I now want to add a second dedicated server ie:

ns3.server.com
ns4.server.com

But I don’t want to route DNS through server1, which I would have to do with the current setup.

How do the big hosting companies do this - where they have hundreds/thousands of nameservers on a single domain?

EDIT: Hosting companies can have hundreds/thousands of "pseudo" nameservers (example:ns124.server.com) which are basically A records. My original statement/question above was wrong, but was referencing what I was trying to achieve with my understanding at the time.

Any help would be appreciated.

Tim Ramsey
  • 111
  • 3
  • 4
    Something is definitely confused here: There are not hundreds or thousands of nameservers in any domain. It's rare for there to be more than four or five. Exactly what are you trying to accomplish? – Michael Hampton Mar 24 '17 at 00:38
  • I would like to add as many dedicated servers to the domain as I want and have custom nameservers for them all - ie. Server 1 ns1.server.com ns2.server.com Server 2 ns3.server.com ns4.server.com Server 3 ns5.server.com ns6.server.com Server 4 ns7.server.com ns8.server.com – Tim Ramsey Mar 24 '17 at 00:46
  • 1
    Eh? Why do you want different nameservers? What do you think this is going to do for you? – Michael Hampton Mar 24 '17 at 00:46
  • Allow me to easily add a server to the "mix" and not have to rely on other servers from the "mix" for DNS? – Tim Ramsey Mar 24 '17 at 00:50
  • 2
    OK, uh... you certainly can and should run DNS on multiple servers. It doesn't make sense why you want two names for each server, though. This doesn't give you anything but a false sense of security. – Michael Hampton Mar 24 '17 at 00:52
  • 1
    The "Big companes" have 5-8 dns records, that point to 5-8 anycasted IP addresses which route to many many many servers...you should just use their system don't fork your own. – Jacob Evans Mar 24 '17 at 00:56
  • @JacobEvans So are they using A records then? ns77.domaincontrol.com for example. I have seen ns52.domaincontrol.com, etc so assume there are hundreds of ns(*).domaincontrol.com addresses – Tim Ramsey Mar 24 '17 at 15:18
  • 1
    those are nameservers as a service, each pair hosts different customer zones to reduce their risk, and yes they are A records – Jacob Evans Mar 24 '17 at 15:22
  • @JacobEvans Can you point me to where I would find out more information on how setup nameservers as a service, as I think this is what I am trying to achieve? I am just trying to get each of my dedicated servers setup with different ns(*).server.com address that I would give as the nameserver addresses for other websites on the server without relying on any 1 single server for the DNS, but I am probably thinking about this all wrong. – Tim Ramsey Mar 24 '17 at 15:33
  • Unless you are hosting thousands and thousands of host files, I would suggest a single cluster for all you users, and I would suggest you run more than 3 servers, no more than 8. – Jacob Evans Mar 24 '17 at 15:37
  • If I were you, I would just use cloudflare and be done with it. – Jacob Evans Mar 24 '17 at 15:38

2 Answers2

1

The chapter on zone records in Zytrax's DNS for Rocket Scientists might help explain:

$ORIGIN example.com.
@             IN      SOA   ns1.example.com. hostmaster.example.com. (
                        2003080800 ; se = serial number
                        12h        ; ref = refresh
                        15m        ; ret = update retry
                        3w         ; ex = expiry
                        3h         ; min = minimum
                        )
              IN      NS      ns1.example.com.

Walking through this quickly:

  • The SOA is a Start Of Authority. The majority of what is says is not relevant right now, but the server part is (the part saying ns1.example.com.). In the server name, you put:

    Any name server that will respond authoritatively for the domain. So a valid value could (potentially) be ns.anyotherdomain.tld., or in effect, any server that has a NS entry within your domain.

  • the NS entries are the next part. Each NS entry is basically an

    authoritative records for the zone's name servers.

    In other words, the NS record is what tells the world at large who to ask for records within your domain. There is no need whatsoever for your NS servers to be entries within your domain, they can be ANY valid FQDN.

  • Finally, if you were nominating servers (via NS records) that are within your domain (as in the example above), then you would also need to create a valid A record (e.g. ns1 IN A 192.168.0.3).

Google handles any third-party for which it deals with the DNS via a very simpe setup, under googledomains.com.

Their googledomains.com. DNS infra for example handles krebsonsecurity.com, and no doubt thousands of other domains.

All that is required is:

  • a suitable SOA:

    ;; QUESTION SECTION: ;krebsonsecurity.com. IN SOA ;; ANSWER SECTION: krebsonsecurity.com. 21600 IN SOA ns-cloud-d1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300

  • a suitable set of NS records:

    ;; QUESTION SECTION: ;krebsonsecurity.com. IN NS ;; ANSWER SECTION: krebsonsecurity.com. 21600 IN NS ns-cloud-d2.googledomains.com. krebsonsecurity.com. 21600 IN NS ns-cloud-d3.googledomains.com. krebsonsecurity.com. 21600 IN NS ns-cloud-d1.googledomains.com. krebsonsecurity.com. 21600 IN NS ns-cloud-d4.googledomains.com.

  • those NS records point to A records under the same googledomains.com domain, e.g.:

    ;; QUESTION SECTION: ;ns6.googledomains.com. IN A ;; ANSWER SECTION: ns6.googledomains.com. 86400 IN A 216.239.34.10

So, basically: use the same approach as googledomains. SOA and NS records are all you need in most cases. Possibly spend some time reading Zytrax's guide - I've found it very useful to grasp the fuller picture of DNS. And don't let the title fool you - I'm closer to a potato gun engineer than a rocket scientist, and I eventually got it.

iwaseatenbyagrue
  • 3,588
  • 12
  • 22
0

This ended up not being that hard and this is what I did to achieve what I was trying to do. I didn't need email at server.com(If I did there would be additional steps)

Thank you @iwaseatenbyagrue for your help, as you basically laid it out for me.

  1. (optional)Purchased Premium DNS for server.com https://www.namecheap.com/security/premiumdns.aspx
  2. (optional)Pointed namservers of server.com to new anycasted DNS service from #1
  3. Added nameserver at registrar for all the ns(ns1,ns2,ns3,ns4,ns5,ns6)
  4. Created A records at domain DNS provider for all the ns* tying them to the IP addresses of the different servers. I also setup an A record for the sub-domain that the server would be named.
  5. Created Zone files on all the servers with: SOA as first ns* in the set, NS to the pair of respective ns*, and A records to the respective IPS

I just follow the same steps(3-5) to each new server I add to the mix and can use the newly created NS records for all the domains that are added to the server.

Tim Ramsey
  • 111
  • 3