How to define a subdomain in nsd3 - dns

nsd3 is very little-known but super-lightweight and stable DNS server which makes it a great alternative to bind9 for low-end boxes. There is a very good tutorial here on how to set up nsd3 on debian server.
My problem is that I need to set up a subdomain subd1.mydomain.com that is going to be severed on another VPS. I tried to add
subdmn1.mydomain.com. IN 1.2.3.5
(assuming that my destination IP is 1.2.3.5 different from current machine's IP 1.2.3.4) Then after running
nsdc rebuild
service nsd3 restart
the subdmn1.mydomain.com fails to resolve to the IP. Any clues will be much appreciated.

nsd3 accepts BIND-style zone files, so in your zone file for mydomain.com, you can add a line that looks like this:
subdomain1 IN A 1.2.3.5
That makes subdomain1.mydomain.com resolve to 1.2.3.5, while your normal A record can point to the 1.2.3.4 IP.
You have to take care however that you defined the $ORIGIN domain correctly, otherwise it won't work. That means that your domain name must include a period at the end, like this: mydomain.com.
I personally always use sudo zonec -v for compiling the zone file database, because that gives a verbose output with all errors (if any) clearly displayed.
For a very thorough example of zone files and DNS configuration, you can also check out: http://www.zytrax.com/books/dns/ch6/mydomain.html

Did you forget to increment serial number? I on the other hand keep forgetting to run 'nsdc rebuild'.

Related

It is safe to use lvh.me instead of localhost for testing?

I wonder whether is safe to use lvh.me instead of localhost when developing locally, since lvh.me must be resolved and the IP may change over time.
The goal of using lvh.me is to be able to handle subdomains, since localhost does not have top level domain.
Unless you are the maintainer of lvh.me, you can not be sure it will not disappear or change its RRs for lvh.me.
You can use localhost.localdomain instead of localhost, by adding the following lines in your hosts file:
127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain
This is better than using lvh.me because:
you may not always have access to a DNS resolver, when developing
lvm.me does not answer with a local IPv6 address corresponding to your local host, only with the IPv4 address 127.0.0.1
some ISPs DNS resolvers block answers corresponding to private addresses space, for security purpose (to avoid leaking internal informations)
Since you said in a comment that you do not want to update the host file, you have no mean to be sure that lvh.me will always work for your developers. Therefore, to answer your question: it is not safe. You may register a domain for yourself, but as I said before, some resolvers will block answers corresponding to private addresses space.
lvh.me was not resolving to 127.0.0.1 on June 7, 2021. Depending on DNS names you don't control comes with this kind of risk. Although the domain name was reinstated by the end of the day, this answer offers some alternatives to depending on someone else's DNS configurations.
Both Firefox and Google Chrome now treat *.localhost names like localhost. They also do the right thing with port numbers.
To test it yourself, start a local http server listening to port 8000:
python -m http.server 8000
Then try these links
http://example.localhost:8000
http://other.localhost:8000
http://sub.subdomain.localhost:8000
This trick does not help for command line programs. For example, this command will fail to resolve the host:
curl http://example.localhost:8000
Curl itself offers a lot of other tricks that might work for you if you need custom subdomains on the command line. For example, this trick works:
curl --resolve example.localhost:127.0.0.1 \
http://example.localhost:8000
Also worth noting that a similar service is still available.
See https://readme.localtest.me.
One last alternative is to configure your own wildcard CNAME to resolve to 127.0.0.1. For example:
*.my.example.com. 1800 IN CNAME my.example.com.
my.example.com. 1800 IN A 127.0.0.1
No because as of right now http://lvh.me has an expired domain.😬
Services like lvh.me or localtest.me are just DNS services, so the only thing you're publishing to them is the names or the hosts you're using. They could resolve to any IP at any time, but providing you use use them only for local tests with fake data, you'll be safe.
But what if they shut down the service? Again, since you should only use them for local tests, you'll get immediate feedback and can easily go back to using localhost.
Quick fix if you don't want to rewrite your code is to open up hosts file
sudo nano /etc/hosts
paste in (replace yoursubdomain with what subdomain you're calling)
127.0.0.1 yoursubdomain.lvh.me
push ctrl-x
then y
then enter
Then you're good to go
It depends on what you're doing. If it's local development then most the time yes, you can always resolve it if you want to check:
For linux or osx you can run this in terminal:
dig X.nip.io
It should always return 127.0.0.1. So while it's not the "safest" way to do this (because you don't manage the DNS itself), I still use it frequently for some kind of resolving TLD when necessary. Here's some valid reputable sites that are still around:
https://nip.io/
https://sslip.io/
You can just point your browser at myproject.apps.localhost or www.example.net.localhost.

Is there any linux command to get host name from ip?

I want to get host name from ip. I know a few command who does the work like host, nslookup and dig but they are not completely reliable. In many of the cases they fail to give the host name. So, is there any command who can always give me the host name.
For ex: If I check "host stackoverflow.com" then it gives me a list of five different ip addresses. But when I check "host ip_address (each of the five different ip addresses)" than it's not able to find the host name.
DNS has a forward and reverse zones and what are you going to get by requesting a domain name for an IP-address depends on reverse DNS-zone configuration of that domain name, that's not an application malfunction or something - it's just asking DNS-servers. So no, there's no such command that you're looking for.
If you are not getting IP to hostname resolution, this means that the reverse lookup is either not allowed or not configured properly at the dns server (you are pointing to). In other words, PTR record does not exist, or you are not allowed access to it.
All the dns commands use the same or similar methods and underlying system calls to get the name; they search for the PTR record.
Without going into too much detail. If this is something you really want to do, you can look at other options like looking at the reconnaissance tools in Kali.

Trying to understand FQDN's

I am struggling to understand the FQDN for servers.
At the moment mine is just localhost if i type hostname in to my server terminal it just says localhost.
I understand you need a different one from this if you want to set up cpanel, or postfix or anything really.
As i know its comprised of two parts:
hostname.domainname
can domain name be made up, or does it have to be one of your domains that is set up for use on your server?
and host name can be anything, or it has to be the servername? and does it have to be set up as a sub domain of the domain?
I hope you understand my issues.
Thanks
Try typing
hostname --fqdn
FQDN means Fully Qualified Domain Name, composed mainly of two parts:
Your hostname
The domain name where your hostname is located.
It can be as easy as mycomputername.myfamilydomainname.tld, or as complex as cor-th3-1.par.fr.eu.mynetwork.net.
All of this can technically be made up, though, if you use for example, google.com as local domain, your local resolver may use this info and believe you're in the google.com DNS zone, you may then have problems resolving entries that are in the google.com DNS zone.
More info at: http://en.wikipedia.org/wiki/Hostname

dns to directadmin ip-address:port

Right now I have a VPS with DirectAdmin installed on it, on default DirectAdmin is reachted by going to 31.154.241.12:2222 (example ip).
I am trying to set up a dns server that will forward da.mysite.com to 31.154.241.12:2222.
Sitting this up at the hosting company didn't give any errors, but when I try add this line to my DirectAdmin DNS settings it gives the following error:
Cannot Add Record - The value must be an IP address
Doing this would give my customers a better quality of usage and they feel like I provide all the services.
Any ideas?
A DNS server just resolves your hostname (da.mysite.com) to an IP (31.154.241.12). It knows nothing about your port number.
To achieve what you describe, you have to set up some sort of a proxy... Read up on mod_proxy in Apache if you are using it and use a RewriteRule to achieve a redirection from hostname.com:5222 to da.hostname.com, for instance.

DNS: internal and external nameservers

So, I'm on day 3...
I am running an Ubuntu.64-based distribution on a VirtualBox. I have the need to access both external ISP DNS servers, as well as "internal" DNS servers through an OpenVPN connection. At times I need to query the external DNS(#host example.com) through the eth0 interface; sometimes I need to query the VPN "internal" DNS (#host internal.local) through the tap0 interface.
My question is: how do I configure my system to query the correct nameserver-- the ISP DNS or the VPN DNS (for attempting zone transfers, for example)?
I've tried editing resolv.conf to include both external and internal nameservers/domains, with no luck (obviously). I've also tried mitigating the situation with dnsmasq. That got me close (I think).
I realize I can use dig to set the [#server] based on individual queries, but I would appreciate a systemic resolution.
Any help would be appreciated.
I've used the PowerDNS recursor for exactly this situation before; it is in the package pdns-recursor, if you wish to try it. You'll want to set your /etc/resolv.conf to query only 127.0.0.1 should you choose to try this approach.
The forward-zones directive lets you specify which servers to contact for which zones:
forward-zones= ds9a.nl=213.244.168.210, powerdns.com=127.0.0.1
It does look a little strange, since it is one configuration setting that takes multiple values, but you do get to specify exactly which servers are going to provide answers for which domains.

Resources