How do you change name servers for your .is domain at ISNIC ?
In my case, the domain zipcode.is has the preconfigured DNS, pointing
to ISNIC domain-parking service nserver: parking00.isnic.is and it
seems pretty hard/confusing to change it. Apparently, no sign of how
to actually change the DNS in their documentation.
-
Step 1.
Register your Name Servers at ISNIC - Menu > Nameservers > Register
Hostname is your Nameserver e.g. NS1.YATKO.COM (in my case)
Zone Contact (NIC) is your username, find it in My Settings
*you may run into issues like Nameserver NS1.YATKO.COM does not appear to comply with ISNIC's technical requirements and you’ll need to add PTR records to your DNS zone
-
Step 2.
If you managed to get trough Step 1. then Check domain setup with ISNIC’s tool, where simply disregard ISP, enter your Domain name, Master nameserver (e.g. NS1. …) and Nameserver 2, 3, … .
-
Step 2.1
You will likely get an error like this:
Test results for “NS1.YATKO.COM”:
No NS records found for domain ZIPCODE.IS on nameserver …
Test results for “NS2.YATKO.COM”:
No NS records found for domain ZIPCODE.IS on nameserver …
Fix it by adding the DNS Zone to your server. On a cPanel server, this means creating a new account (where you’re using your own name servers as NS1 and NS2, …).
-
Step 3.
Go to Contacts > My Page and under My domains check the domain you wish to modify. The list to the right becomes active. Select Web forwarding and under Domain delegation select Custom. Change your Nameservers and Sumit.
… no comment. If you dare to defend ISNIC’s solution, please do so. I am really curious how they invented the solution, and if anyone else in the world agrees with them :-)
Related
Suppose that I own example.com that is served by my own DNS server and I can create every records that I want.
Now imagine that one of my friends get a new domain called new-domain.com and I want to help him manage his domain with his own DNS server.
So in my dns system for example.com, I create two A records as:
my.ns1.example.com -> some.ip.addr
and
my.ns2.example.com -> some.ip.addr
(some.ip.addr is the ip address of his DNS server)
and ask him to set my.ns1.example.com and my.ns2.example.com as name servers for his domain.
But he cannot set them because it gets invalid nameserver error!
Its my understanding that because example.com is working properly in DNS system and thus my.ns1.example.com and my.ns2.example.com are resolved to the IP address properly, so nothing can prevent them to be used as nameservers.
I searched around and found that some people say the nameservers should be registered. I understand registering when we have to ask for setting glue records, but for this case I have no idea why would we need to register those name.
To be more specific with real life example, why would jobs.ns.cloudflare.com is a valid nameserver but www.cloudflare.com is not?
I asked the same question on serverfault.com with this link
There, I quote important part of the answer here,
From a pure DNS perspective, an authoritative nameserver (such as those for com) should not perform any kind of recursion to learn the IP address of the nameservers that are defined in your example.com zone. Instead, the registry permits registrars to add glue records to the com domain, and those registrars can provide a user interface so that the owners of the domains that these custom nameservers live in can do so. (example: Namecheap - How do I register personal nameservers for my domain?)
(To address the elephant in the room...no, these glue records are not strictly required. But policies are policies, and if the registrar interface requires the registry level glue to be present, you have little choice in the matter.)
While the answer does not answer my updated part of the question, I picked it as the answer and decided to ask another question.
The problem does not lie in the names: my.ns1.example.com and my.ns2.example.com are fine.
The registry, and sometimes even the registrar, normally perform a few checks before approving a nameserver change. If your nameservers are rejected as invalid they are most likely not yet correctly configured for your friend's domain. I mean, the servers at my.ns1.example.com and my.ns2.example.com do not contain the minimum required records for new-domain.com.
That said, the registrar support team should be able to provide more details: if it's them who reject the change they should let you know what part of the automatic tests fails and even provide the test output so you can see by yourself. On the other hand, if they just pass the change to the registry (your friend should see a "operation pending at registry level" notice in his control panel for some time) they could do the extra effort of helping you out by providing hints based on their experience with that particular TLD. That is, if your friend didn't grab a promo offer in the 0.99$-5.99$ a year range for the domain: if he pays them something in the 20$-50$ a year range then he should expect and demand a proper, helpful support. I use one of the cheapest registrars and if my nameserver change gets rejected I still get a full report:
Dear customer,
The registry did not accept the nameservers you tried assigning to
new-domain.com because they did not pass the registry tests. Please
check the report we got from the registry below, fix the errors
and try assigning the nameservers again.
Nameservers Resolvable Test: ERROR
my.ns1.example.com. ERROR Unresolvable host my.ns1.example.com.
my.ns2.example.com. ERROR Unresolvable host my.ns2.example.com.
my.ns3.example.com. OK
my.ns4.example.com. OK
SOAQueryAnswerTest: ERROR
my.ns1.example.com. ERROR java.net.SocketTimeoutException
my.ns2.example.com. ERROR java.net.SocketTimeoutException
my.ns3.example.com. OK
my.ns4.example.com. OK
... ... ...
Update: The OP posted an update saying that as soon as the nameservers were registered with the registry, they were accepted in his friend's control panel. It appears that particular registrar checks for glue records and rejects the nameservers if they have none. This is an unnecessary check because glue records are only needed if the nameservers are within the same domain they serve, as explained in these questions. Registrars usually explain this very clearly or at least mention this above the nameserver change form:
Please note that in most cases the ip address is not required and will actually be ignored. It is only necessary if the nameservers you are entering are sub-domains of the selected domain (also called custom nameservers or vanity nameservers).
We can conclude that the friend's registrar performs an unnecessary blocking test and does not respond to user inquiries in a helpful matter. Since the OP has the following need (citation from his updated post on serverfault):
I need to be able to create dynamic nameservers programmatically and ask my users to enter their specific nameservers for their domains in their registrars.
I warmly recommend he does some research looking for a decent and reasonably priced registrar he can point his customers/friends to in case they have any issues with their current ones.
I'm trying to learn as much as possible about DNS, and so far I've read most of:
http://www.zytrax.com/books/dns/ch8/soa.html
and all of:
http://computer.howstuffworks.com/dns.htm
I understand that SOA and NS records contain info about the authoritative name server for a domain, but as these are just DNS records, how does the rest of the world even know where to get them?
I assume it starts at the top-level-domain (.COM .NET .ORG, etc) servers. So they must contain a SOA record for my domain? If so, how does that get there? I imagine only registrars like GoDaddy and Network Solutions are able to update those? If they contain a SOA record, why does my DNS server (that I host), need one also? I think there must be something, maybe in the domain registration records (outside of DNS?), that I'm missing.
I think I've got a pretty good understanding of most parts of the DNS system, after reading lots of articles.. but I haven't found any that answer this part, in a way that I understand it.
For example, GoDaddy and Network Solutions both let me change different options (in their web UI) to "host my own DNS server". If these options remove them from the process, so DNS servers never need to query them again, and instead query my server directly (this is what I want, no dependency on GoDaddy/NS)... when I make these changes, what (at the DNS level or otherwise) is GoDaddy/NS doing? Are they asking the top-level-domain servers to update some DNS records for my domain?
Short answer is yes. Godaddy will take care of updating your the TLDs for you. Your other assumptions are also correct except for one small detail...
DNS starts with the "root" domain and then goes to the TLDs (top level domains).
www.somedomain.com. actually brakes down like this:
. The root name servers
com - The TLD name servers
somedomain - Your NS servers
www - The host portion of the dns name.
Setting up your own DNS server is a great way to understand DNS better. Good luck!
So they must contain a SOA record for my domain?
Multiple answers possible, depending on the scenario:
delegated 2nd level:
No; the start of authority of your domain is usually at your level, so the SOA for you.cf is (only) in your nameservers. Same as the SOA for .cf is only in the nameservers of .cf, and not in the root-servers. In case your nameservers are within the same domain (i.e. ns1.you.cf in case of you.cf) then glue records are needed. This means that registry that's operating the TLD's nameservers will insert a A and/or AAAA record with the IP of ns1.you.cf in the TLD zone. Normally you (the registrant) set this in the interface of your registrar.
undelegated 3th level:
No; if your domain was sub.you.cf - but sub.you.cf wasn't delegated (no NS records exist for sub.you.cf) then the SOA is probably at you.cf. Unless...
undelegated 2nd level:
Yes; if you register a domain without having it delegated (no NS records exist for you.cf) then the SOA is at the .cf nameservers. Although most registries run delegation-only zones, some don't. Example: when you use url-fwd'ing in .cf. The SOA then is at the cf level.
Ok, in a nutshell, for my own reaons, I am trying to "build" a solution that extracts my DNS from the location / company where my webserver is located. I need to be able to make DNS changes on the fly for my domains. I have nameservers set-up for the webserver, on the webserver. I basically want to know if I can point my domain registration DNS details, to lets say, a DYN.com dynamic DNS address, and have that dynamic address setup to just forward all traffic onto my nameservers on the webserver.
This way, I can change the dyndns "pointer" if you will, to any other webserver/nameservers immedietly should the need arise.
P.S. I know a dynamic address probably won't work, and If I have to go for a paid up service with DYN, thats fine, but I don't want to create all the records on DYN. I just want it to forward any requests to the actual ip of the name server on the webserver.
I.E.
Domain NS1 -> Dyn.com Record 1 (no specific domain records) -> ns1.mywebserver.com
Domain NS2 -> Dyn.com Record 2 (no specific domain records) -> ns2.mywebserver.com
Can this be acieved, if not, do you get what I am trying to do, and are there other ways of doing this?
I ideally don't want to create a dedicated linux VM somewhere to manage the DNS.
Thanks in advance.
I think my other question, posted after this one, solves this question.
BIND . Registrar says it cant find the nameserver. nslookup shows the domain is being handled by bind
Cheers
How can you test CloudFlare without changing your domain's name server?
I would not want to change my domain's name server and wait hours for propagation only to find out there is a issue with the DNS settings.
Can you spoof a nameserver or something on a local hosts file?
Yes, you should be able to test before you change your name servers. Here's what to do:
Signup at https://www.cloudflare.com/sign-up and complete the signup through Step 4 when you're asked to update your name servers.
Note the two name servers you are provided which will be in the format [name].ns.cloudflare.com.
From a terminal, do a lookup to get the IP addresses your domain has been assigned. In Linux/Unix it'd be: dig #[name].ns.cloudflare.com yourdomain.example
Repeat step 3 with all the subdomains you want to check.
Update your localhost record to resolve the domain(s) to the IPs you found with the lookup.
Browse the site from the same machine where you did the localhost update and traffic should pass through CloudFlare.
While this will work for a while, after 24 hours CloudFlare's system may detect that your name servers haven't updated and, in some cases, may return an error. However, this technique should allow you basic testing before you update your name servers.
To save future users from some headache, the above answer doesn't work anymore: https://community.cloudflare.com/t/ip-on-cloudflare-nameserver-is-not-masked-despite-orange-cloud/76137
From my understanding, you now need to change your nameserver.
Let's say I have a server (DNS and other), myserver.com. Now I register a domain, mydomain.com, and set it's NS at the registrar to myserver.com - it is therefore the authoritative server, if there is any such thing.
In the authoritative records for mydomain.com, can I set the NS to ns.mydomain.com?
I have two domains set up like that, one works, the other one seems reluctant to propagate. So I'm wondering if there is something wrong with that - I mean how can you resolve the name of the NS when you need to resolve the name of the NS to resolve the name of the NS...
And, If yes, how come parallels plesk sets them automatically in this way?
Ps: there is an A record for ns.mydomain.com on that same server, pointing to the proper IP
There's a solution for this problem - it's called "glue records", i.e. A records hosted in the parent zone that contain the IP addresses of the name servers.
See http://en.wikipedia.org/wiki/Domain_Name_System#Circular_dependencies_and_glue_records
Why would you want to set the NS record for the "mydomain.com":
to "myserver.com" in the delegation record that goes into the parent zone (com.), but
to "ns.mydomain.com" at the zone apex (inside the mydomain.com. zone)
? This creates an inconsistency (two different DNS servers answer the same question with two different answers) without any apparent benefit. You should try to help the DNS system as a whole issue consistent answers.
Unless you have a good reason to make the DNS inconsistent, you should decide what the correct, canonical name for your nameserver is, and publish that name in the NS record both in the delegation and at the zone apex for "mydomain.com".
That being said, it will still work:
If a recursive resolver which does not yet know anything about "mydomain.com" asks about it, it will be told by the gTLD servers to go look at "myserver.com". The gTLD will also issue A and AAAA glue records to help find "myserver.com", but even if they don't, you have A and AAAA records for "myserver.com" in the "myserver.com" zone file (right?).
If a recursive resolver which wants to refresh its cache for the "mydomain.com" NS record, it may query the authoritative server it already knows about. This server will answer that the nameserver is "ns.mydomain.com", with a glue record. This is different from what it had in its cache before, but ultimately it will map to a server with the same IP address.
As for "parallels plesk", I know nothing about that.