ns and ns2 on the same host

Hi,
I have two IP addresses and I'm trying to setup two name servers on the same host. Before you all start telling me I shouldn't do this, and it kills the point of a secondary name sever, please dont. The way I see it if the server is down people won't be able to see the site anyway, seconday dns or otherwise.

I've looked everywhere for a guide to this but I cannot find it. I've had a go at configuring bind but I can't seem to get it to work. Please help!

Here is what I have so far:-
Two Network intefaces setup
eth0 Ethernet 217.199.184.163
eth0:1 Ethernet (Virtual) 217.199.184.188

host.conf contains:-
order hosts,bind

hosts contains:-
127.0.0.1 localhost localhost.domain
217.199.184.163 ns.cosmicsitehosting.com ns
217.199.184.188 ns2.cosmicsitehosting.com ns2

named.217.199.184 contains:-
$TTL 14400
;
@ IN SOA ns.cosmicsitehosting.com. hostmaster.cosmicsitehosting.com. (
2004022306
10800
3600
604800
86400 )
@ IN SOA ns2.cosmicsitehosting.com. hostmaster.cosmicsitehosting.com (
2004022306
10800
3600
604800
86400 )
; name servers for domain
IN NS ns.cosmicsitehosting.com.
IN NS ns2.cosmicsitehosting.com.

163.184.199.217.in-addr.arpa. IN PTR ns.cosmicsitehosting.com.
188.184.199.217.in-addr.arpa. IN PTR ns2.cosmicsitehosting.com.

cosmicsitehosting.com.hosts contains:-
$ttl 38400
@ IN SOA ns.cosmicsitehosting.com. root.ns.cosmicsitehosting.com (
1077897308
10800
3600
604800
38400 )
@ IN SOA ns2.cosmicsitehosting.com. root.ns2.cosmicsitehosting.com (
1077897308
10800
3600
604800
38400 )
@ IN NS ns.cosmicsitehosting.com.
@ IN A 217.199.184.163
www IN A 217.199.184.163
ftp IN A 217.199.184.163
mail IN A 217.199.184.163
@ IN MX 5 mail
ns2.cosmicsitehosting.com. IN A 217.199.184.188


Is that everything? If someone could please help me with this. I've been trying for ages, and really don't know what to do next.

Have I missed something out? Or is what I've done wrong.

Don't worry, I don't waste time telling people it is better to do things this way or that way. You can host 15 services on that same computer all using the same IP on a dialup connection for all I care.

I also don't waste time going blind staring at people's config files. I'm only human and I could miss small syntax errors. I also save time by ignoring what people think is the problem, and investigate the domain myself pointing out the problems I see and offering solutions.

So anyway, I've taken a look at your domain's registration status. It looks fine.

Status: ACTIVE

I've also taken a look at your domain's host servers in the DNS:


ns.cosmicsitehosting.com (217.199.184.163)
ns.secondarynameserver.com (212.67.202.244)


This did not match the interface list you mentioned. The IP "212.67.202.244" is not the same as "217.199.184.188". But perhaps you know this. Now to test the 3 IPs for accessibility.

The 2 interfaces:

217.199.184.163 UDP port 53 is ok
217.199.184.163 TCP port 53 is ok

217.199.184.188 UDP port 53 is ok
217.199.184.188 TCP port 53 is ok

Your server appears to be working so far.

Now for this odd server:

212.67.202.244 UDP port 53 is ok
212.67.202.244 TCP port 53 is ok

It seems that you're missing an 'A' record for the root domain on the secondary server. Otherwise this server is fine too.

Now I'll read your post again to see what exactly is the problem.

"I have two IP addresses and I'm trying to setup two name servers on the same host"

I hope you don't mean setting up 2 literal servers on the same box. It's pointless to run 2 instances of BIND side-by-side. One instance is all you need.

So anyway, now to check the content of both the interface server and the secondary server:

cosmicsitehosting.com Zone Transfer @217.199.184.163
cosmicsitehosting.com Zone Transfer @212.67.202.244 (rejected, this is ok)

ignoring the secondary server, I note a few things.

This record exists:

ns2.cosmicsitehosting.com A 217.199.184.188

But this one doesn't?

cosmicsitehosting.com. NS ns2.cosmicsitehosting.com.

SOA mailbox is:

root@ns.cosmicsitehosting.com

But there's no MX record for "ns.cosmicsitehosting.com". I recommend changing it to "root@cosmicsitehosting.com".

I also recommend using the same IP for ns and ns1 and getting rid of the extra IP if it costs you extra.

I also recommend changing your name servers at your registrar to remove the secondary server and add your ns2 host.

For a squeaky clean configuration you can do this command after shutting down the server:

named -u named -g

And paste for me the results.

According to your post, you may have local resolution issues for your domain which we have no problem with. Is this the case?

Hi Silentrage,
Thanks for your reply. I forgot to mention that the problem I was having when I got stuck was that EasySpace.com wasn't letting me create the ns2.cosmicsitehosting.com to the ip 217.199.184.163. I kept giving me an invalid IP error. I just re-logged in and it appears to accept it now. So I've changed the secondary nameserver to ns2.cosmicsitehosting.com, and it appears to be working. Well I'm not getting any errors any more. So is this it? Have I done it? Is there a way that I can check the ns2 is actually working? I mean outputting DNS records. I really guessed the whole config not finding a guide anywhere and copying what was already there but changing ns to ns2.

I've changed to:-
@ IN SOA ns.cosmicsitehosting.com. root.cosmicsitehosting.com. (

Is that right?
I've also added the NS ns2 record, and removed the A ns2 record.

Are there any other problems you can see with the config?

Thanks very much for your help!

This is fair enough and if this is the case, you don't really need to set up a secondary nameserver at all anyway - just setup a single nameserver ns.cosmicsitehosting.com and be done with it.

When anyone performs a dns query on your domain and is told to talk to 'ns1.cosmichosting.com' (a server is picked at random), all that will happen is that the request will time out and the dns client will go on to query one of the other name servers - which in your case will be the only nameserver you have set up - ns.cosmichosting.com.

I have exactly this kind of setup for my personal domaiss and it's been working fine for years - you can see this if you look here:

http://dnsreport.com/tools/dnsreport.ch?domain=munk.nu

it takes a while for the page to load because it's trying to contact the second nameserver which has never been up and running (213.152.51.195) - however names resolve fine for what I need.

cosmicperl:

"I've also added the NS ns2 record, and removed the A ns2 record."

You need both. Put the 'A' record back in there.

munkfish:

Do not trust in resolvers skipping timed out servers. Never have a DNS server down if you can help it. Just create 2 domains with the same IP address. That is how I setup my own domain. I've seen domains that were inaccessible through my ISP's caching server but not all of their dns hosts were down. This is Rage's favorite common misconfiguration secret #2.

DollarDNS NS List

Thanks for your help, but I've hit a major problem that needs sorting asap. I tried to restart apache and I'm getting:-

Starting httpd: (98)Address already in use: make_sock: could not bind to address 217.199.184.163:80
no listening sockets available, shutting down

When i run a netstat I get:-
[root@ns root]# netstat -ldp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:20000 *:* LISTEN 819/perl
tcp 0 0 *op3s *:* LISTEN 671/xinetd
tcp 0 0 *:mysql *:* LISTEN 725/
tcp 0 0 *op3 *:* LISTEN 671/xinetd
tcp 0 0 ns.cosmicsitehost:10000 *:* LISTEN 826/perl
tcp 0 0 ns2.cosmicsiteho:domain *:* LISTEN 1230/
tcp 0 0 ns.cosmicsitehos:domain *:* LISTEN 1230/
tcp 0 0 localhost:domain *:* LISTEN 1230/
tcp 0 0 *:ftp *:* LISTEN 681/vsftpd
tcp 0 0 *:ssh *:* LISTEN 657/sshd
tcp 0 0 *:telnet *:* LISTEN 671/xinetd
tcp 0 0 localhost:rndc *:* LISTEN 1230/
tcp 0 0 *:smtp *:* LISTEN 738/
udp 0 0 *:32770 *:* 1230/
udp 0 0 *:10000 *:* 826/perl
udp 0 0 *:20000 *:* 819/perl
udp 0 0 ns2.cosmicsiteho:domain *:* 1230/
udp 0 0 ns.cosmicsitehos:domain *:* 1230/
udp 0 0 localhost:domain *:* 1230/
udp 0 0 *:847 *:* 671/xinetd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 1359 725/ /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 1488 784/ /tmp/.font-unix/fs7100

I've changed back to my original bind config, rebooted, and still apache will not start. Please help!!

I can't afford for the server to be down, please help...

I found an error in the apache conf file. I fixed it and now I get:-
Stopping httpd: [FAILED]
Starting httpd: [FAILED]

No error message or anything.

What can I try?

I got it. It didn't like the domain config I had for the new IP. All sorted now. Turns out my bind config was ok, it was just some apache stuff. At least I can rest for a bit (untill I get stuck putting a secure certificate on).

Thanks for all your help.

I'm not sure what you mean here but it sounds interesting, can you explain further? Especially the part 'Just create 2 domains with the same IP address.'.

I think this all comes down to the old chestnut of how most registrars require you to have two nameservers when it's not required (? I just went to check this in an RFC, but I'm not sure which RFC to check, any ideas?:P). If - as cosmicperl (me and many others) - only has a single server which hosts all the services related to that domain's operation, there really is no point in having a second nameserver configured at the registrar - let alone having a second nameserver up and running. As cosmicperl says, if your main server goes down, not having a secondary dns server running is the least of your worries!

Ok I'm not sure where I got this idea from now... according to the RFC I'm looking at now it certainly appears that every zone is REQUIRED to have at least two nameservers - http://www.faqs.org/rfcs/rfc2181.html - whilst it's only a Best Current Practises RFC, it does refer to other RFCs that indicate two nameservers must be used. More investigation required... and another nameserver to be found it looks like :P

Sometimes even an RFC can be given the bird. Take a look at this link:

InterNIC Status Codes

The very top status says that the registry will place your domain into the registry if you have at least 1 name server. So therefor, I say only 1 is required. But many registrars require 2 and that's ok. Just register 2 name servers with the same IP. The above definitions was taken from an RFC. My friend daniel is an example of somebody who had only one name server, so it's just registrars that are so tyrannous to demand 2.

whois dollardns.net

Click on the 2 name servers I have for my domain. You'll notice they're both registered with the same IP.

Ah I see what you mean now ta.