1

Background

I have a small virtual server hosted by my provider and there I have configured a relatively simple combination of postfix, dovecot and roundcubemail (backed by nginx) that works OK. I wanted to add support for SPF and DKIM. To do that I have to add a few TXT fields to the domain configuration (I've configured it successfully on another root server hosted elsewhere, so I know how it goes).

Problem

The problem is, this hosting provider does not have a decent domain control - all I can do is add and remove subdomains, there is no possibility to add custom DNS records. So, the solution is to configure my own instance of bind and add those records locally. I have some experience with bind in a LAN, but I have never configured an additional NS for a domain already described by other public name servers and therein lies my question:

Questions

  1. Do I have to define only additional records as slave zone and use provider's NS servers as forwarders, or do I have to "repeat" all MX and A records already defined for existing subdomains at provider's NS?
  2. Since this is going to work in synchronization with provider's NS, is there anything I should watch for, like refresh, expiry or even iptables configuration?
030
  • 5,901
  • 13
  • 68
  • 110
flashheart
  • 11
  • 2

1 Answers1

0

In order for you to be able to use your own BIND server you would need to setup your bind server and then change the nameserver in the domain to your bind server. This way all lookups for your domain will be obtained (by a client, or dns server) from your BIND server. In this case your best option is to redefine all dns entries in your bind configuration.

Do I have to define only additional records as slave zone and use provider's NS servers as forwarders, or do I have to "repeat" all MX and A records already defined for existing subdomains at provider's NS?

A slave server is supposed to request the information from a master server. Unless you expect a lot of traffic to the nameserver or want extra redundancy you should not need to configure a slave server. It is possible to make a copy of the current zone from the current server, but only if the server allows that request and it is highly unlikely that your provider has this enabled for anything but their own secondary dns servers.

Since this is going to work in synchronization with provider's NS, is there anything I should watch for, like refresh, expiry or even iptables configuration?

The entire idea of a slave is that it contains the same information. It fetches information from the master server and cache's this. A slave should not add additional records, hence you should make your bind server standalone.

user254948
  • 469
  • 3
  • 10