Secondary DNS at Online.net

Requirements:

Before you begin, we assume that:

  • You want to manage your domains completely with BIND.
  • You are aware that there is a delay of 24 hours before this procedure can be finalized.
  • Your Dedibox is configured as primary DNS and nssec.online.net as secondary DNS.

Configuration of BIND

It is required that the ports 53/TCP & 53/UDP are open on your server to be able to respond to DNS requests.

General configuration

If you use a management panel for your server, start by adding the domain in your panel.
To configure BIND, you have to log on your server as root using SSH and to edit 2 files.

Edit the general configuration file of BIND, located at /etc/bind/named.conf.
Edit the file (or on the configuration made by the panel) so that the configuration of your domain looks like this (replace domaine.fr with your domain) :

zone "domaine.fr" { 
       type master; 
       notify yes; 
       allow-transfer { 62.210.16.8; }; 
       file "/etc/bind/domaine.fr.db"; 
}; 

In this example the content of the zone is located in the file /etc/bind/domaine.fr.db

The zonefile

Now we have to edit the file pointed in the configuration. In this example it is /etc/bin/domaine.fr.db
Edit the file, so that it looks like this:

$TTL 86400
@       IN      SOA     sd-xxxx.dedibox.fr. root.domaine.fr. (
                        2006081720
                        8H
                        2H
                        4W
                        1D )
        IN      NS      sd-xxxx.dedibox.fr.
        IN      NS      nssec.online.net.
        IN      MX      10 mail.domaine.fr.

domaine.fr.    A       195.154.xx.xx
ns             IN      A       62.210.xx.xx
mail           IN      A       62.210.xx.xx
www            CNAME   domaine.fr.
ftp            CNAME   domaine.fr.

Replace domaine.fr with your own domain name.
Replace sd-xxxx.dedibox.fr with the name of your Dedibox.
Replace 62.210.xx.xx with the IP of your Dedibox.
Pay special attention to keep the “.” as they are indicated.
Update the serial number (here “2006081720”). “YearMonthDateNumber”

Now you have to restart your BIND, to take the changes in effect.

/etc/init.d/bind9 reload

Declaration of the domain name on nssec.online.net

It is required that the domain is already configured on your server with a valid SOA

Click on “Server > Server list > Manage > Secondary DNS (on the left)”

  • Enter your domain name
  • Select the server which is your primary DNS
  • Click on “Create”
The initial installation of a new domain name takes about 24 hours (restart of the server each night at 2:45 CET), then updates are made accourding the “refresh” indicated in the SOA of the primary DNS of your domain.

AFNIC verification

Before you go to the AFNIC site to test your domain, remember to create a postmaster mailbox (i.e. postmaster@domain.fr) for your domain.

After waiting the obligatory 24 hours to finish the setup of your configuration, you can test it using the zonecheck of AFNIC, available here: http://www.afnic.fr/outils/zonecheck/form

  • In « zone » enter you domain without www or http
  • In « primaire » enter the reverse (sd-xxxx.dedibox.fr) of your server and its IP.
  • In « secondaire » enter nssec.online.net and 62.210.16.8 as IP.

If there test generates errors, read the error messages generated by the zonecheck and correct the problems.

If the test result is “SUCCÈS” everyting is working, you can update the DNS servers of your domain at your registrar.

If the transfer fails

If the transfer of your zone does not work, it should be :

  • Your DNS server does not accept requests of the type AXFR
  • You forgot to update the serial of your zone (YearMonthDayNumber)

To test the transfer of your zone, authorise the transfer to your personal IP (allow-transfer) and test the transfer from your personal IP, using the command:

dig @ip_of_my_dedibox mydomain.tld axfr

The serial of your zone has to be up to date (2010112402 for example for the 2nd modification on 24/11/2010).