<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-CA" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hello Brian,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Thank you so much for all of that information. I think I understand a little bit more this DNS.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">If I may ask you something more:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">What I want to do is to build a website (https://www.mosaic.site) where people can open an account with us and create email and webhosting accounts. They will be able to create websites and in the
future I want to dd more features.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">For this, I bought the domain name “mosaic.site” on Namecheap.<o:p></o:p></span></p>
<p class="MsoPlainText">The setup that I'm trying to build is as follow:<o:p></o:p></p>
<p class="MsoPlainText">VM1 - CentOS - hostname: panel.mosaic.site - IP 45.62.203.200 - Software: DirectAdmin (Is a web hosting control panel)<o:p></o:p></p>
<p class="MsoPlainText">VM2 - CentOS - hostname: my.mosaic.site - IP 45.62.203.201 - Software: WHMCS (for Web Hosting control)<o:p></o:p></p>
<p class="MsoPlainText">VM3 - CentOS - hostname: ns1.mosaic.site - IP 45.62.203.202 - Software: PowerDNS (Authoritative – with Maria DB)<o:p></o:p></p>
<p class="MsoPlainText">VM4 - CentOS - hostname: ns2.mosaic.site - IP 45.62.203.203 - Software: PowerDNS (Authoritative – with Maria DB)<o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">On all 4 VMs I set:
<o:p></o:p></span></p>
<p class="MsoNormal">/etc/resolv.conf<span style="mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoPlainText"># Generated by NetworkManager<o:p></o:p></p>
<p class="MsoPlainText">nameserver 45.62.203.202<o:p></o:p></p>
<p class="MsoPlainText">nameserver 45.62.203.203<o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Based on what you said, I can either change VM3 and VM4 to be Recursive DNS servers and then add a VM5 as Authoritative or Just have VM3 and VM4 as Recursive without an Authoritative server?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">What would be your recommendation from the DNS perspective? What configuration should I use?
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">What I didn’t want to do is let Namecheap control my DNS settings.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Thank you again for all your assistance.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Fabio Perez <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Brian Candler <b.candler@pobox.com>
<br>
<b>Sent:</b> August 18, 2020 2:08 PM<br>
<b>To:</b> Fabio Perez <fperez1@corp.fibernetics.ca><br>
<b>Cc:</b> pdns-users Users <pdns-users@mailman.powerdns.com><br>
<b>Subject:</b> Re: [Pdns-users] Issues with PowerDNS Authoritative Server on CentOS7<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On 18/08/2020 16:05, Fabio Perez wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hello Brian,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Thanks for getting back to me, but now I’m even more confuse.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">I though that If I create an Authoritative DNS sever and add that IP on a different VM as a nameserver, the second VM will only receive answers from the DNS if the DNS has that record on it’s Database.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">And if I add a recursor DNS that means that if the DNS doesn’t have the record It will ask over the internet to a different DNS server for that.
</span><o:p></o:p></p>
</blockquote>
<p>The roles involved in DNS are:<o:p></o:p></p>
<p>stub resolver --------> recursor ---------> authoritative<o:p></o:p></p>
<p>The stub resolver is the client library at the client host. It's what you configure in /etc/resolv.conf [or via DHCP]. You configure the IP address of the recursor, or perhaps two or three recursors for redundancy.<o:p></o:p></p>
<p>The stub resolver sends its request to the recursor.<o:p></o:p></p>
<p>The recursor knows how to find authoritative nameservers on the Internet which hold the answers required. It does this by following NS records (delegations).<o:p></o:p></p>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">If this is not the case, then why do we need Authoritative DNS?
</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
<p>The authoritative server contains the data which is published by the domain owner.<o:p></o:p></p>
<p>For example, say you send a query for "<a href="https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.google.com%2F&data=01%7C01%7Cfperez1%40corp.fibernetics.ca%7C6c3f930f1a254bbf4f2408d843a1b457%7Cef011ae666f04660b7a4488d77a54e68%7C0&sdata=8BbTrE6DaobEdvX6nApXbacb8Mxga6HF6YaYFIxUCio%3D&reserved=0">www.google.com</a>".
The answer is held in the authoritative nameservers for google.com. The recursor sends the queries to them, on behalf of the client, and caches the result in case another client asks the same query soon afterwards. (Hence "recursor" is also known as "caching
nameserver")<o:p></o:p></p>
<p><o:p> </o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">What I’m trying to do is:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">VM1 running a WHMCS server</span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">VM2 running DirectAdmin
</span><o:p></o:p></p>
</blockquote>
<p>I've no idea what WHMCS or DirectAdmin are, but I'm presuming these are just applications which need to make DNS queries as part of their operation.<o:p></o:p></p>
<p><o:p> </o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">VM3 and VM4 running PowerDNS</span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">So, on the first 2 VMs I added both DNS servers as nameservers.</span><o:p></o:p></p>
</blockquote>
<p>In other words: you configured /etc/resolv.conf (or the RedHat equivalent in /etc/sysconfig), such that VM1 and VM2 send all their DNS queries to VM3 and VM4?<o:p></o:p></p>
<p>In that case, VM3 and VM4 should be running PowerDNS recursor.<o:p></o:p></p>
<p>You do not need to install PowerDNS Authoritative unless you own a domain, and you want to publish information about that domain to the Internet. And then you should run it in a *different* VM.<o:p></o:p></p>
<p>Although some DNS server software permits the bad practice of running both recursor and authoritative in the same server instance, PowerDNS does not let you do this.<o:p></o:p></p>
<p>Regards,<o:p></o:p></p>
<p>Brian.<o:p></o:p></p>
</div>
</div>
</body>
</html>