Hey guys,
You really don’t want to run both nameservers on the same machine. The primary function of the secondary nameserver is to function when and if the primary goes down. If the box dies both nameservers die and all your hosting and mail is kaput. Best to spend the extra $$$ for a bit more piece of mind.
This is absolutely true…but if you’re running everything on a single server and it goes down, you’re hosed anyway, and having backup DNS won’t save you. If there’s nothing to point to, then no reason to raise a finger at all.
Anyway, our focus for redundancy has been on mail and DNS, so there is an easy to use mechanism for having a backup mail and DNS server. Most people will tolerate a temporary website outage, but nobody tolerates a mail outage (as I found out when yesterdays Dovecot update, despite quite a bit of testing, broke IMAP/POP service for folks).
There are a lot of great tools for testing DNS. The obvious ones are dig and host, both of which can be used to query specific servers (like querying your secondary server).
So, you’d use host like:
host domain.tld ns2.domain.tld
To look something up on ns2.domain.tld. If ns2 doesn’t actually resolve (and you’re trying to figure out why), you can use the IP of name servers:
host domain.tld 192.168.1.1
Then the nameserver itself:
host ns2.domain.tld 192.168.1.1
Then find out what the nameserver records point to:
host -t ns domain.tld 192.168.1.1
And, while we’re at it, the mail exchange records:
host -t mx domain.tld 192.168.1.1
dig will do a lot of this stuff for you without being asked, but it’s output is hard to read. But, for completeness:
dig domain.tld
This will spit out the ns records and the domain itself, along with the IP addresses. For example:
[[root@www i386]]# dig virtualmin.com
; <<>> DiG 9.2.4 <<>> virtualmin.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58989
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;virtualmin.com. IN A
;; ANSWER SECTION:
virtualmin.com. 38400 IN A 70.86.4.238
;; AUTHORITY SECTION:
virtualmin.com. 38400 IN NS ns0.virtualmin.com.
virtualmin.com. 38400 IN NS ns1.virtualmin.com.
;; ADDITIONAL SECTION:
ns0.virtualmin.com. 38400 IN A 70.86.4.226
ns1.virtualmin.com. 38400 IN A 69.93.73.170
;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Feb 24 13:53:44 2007
;; MSG SIZE rcvd: 116
Of course, there’s also some easier, and perhaps more comprehensive tests out their on the internet. DNSReport.com is the best known, and very cool:
http://www.dnsreport.com/