DNS config for a single vhost

DNS and records always confuses the beans out of me

  • i have nothing running yet
  • i have a domain which i’ll refer to as example.com
  • example.com will be the only domain and website on the server
  • VPS will have 1 IPv4 address (+IPv6)

it looks like DNS records can be set on the server, or at the register - given that i prefer having control over as much of my stuff as possible, i’d like to set the records on the server… i think

  1. so is this correct…
  • server name FQDN: host.example.com
  • nameserver: ns1.example.com
  • port 53 UDP & TCP have to be opened
  • public website: example.com
  1. given that i’ll have only a single IP, is there any reason to create more than one nameserver?

  2. for the web server part, i’ll need to add a DNS ‘A’ record somewhere in virtualmin (i’ll figure out where), correct? is there any other records i need to add?

  3. i want virtual admin to send me status/update emails - do i need the mail server installed, or is there a simpler way, such as PHP’s sendmail i guess???

@vmin,

To make use of your own “custom nameservers”, you’ll first need to setup a few “glue” records at your registrar (where you manage your domain).

You’ll need to register “ns1.yourdomain.com” and “ns2.yourdomain.com” and associate them with your IP address (IPv4)

Once you’ve done this, you can create the domain “yourdomain.com” and add “ns1.yourdomain.com” with an “A Record” along with “ns2.yourdomain.com” with an “A Record” pointing to your IP (IPv4).

At you registrar, you’ll also delegate “ns1.yourdomain.com” and “ns2.yourdomain.com” to “yourdomain.com” so that it resolves as well.

*** I’ve intentionally left out “IPv6” ***

If you require assistance getting this setup, along with a Q&A session to get you going in the area of DNS and/or Virtualmin as a whole, drop me a line. My intro rates are very affordable for most.

*** Affordable, Professional, Trusted Technical Assistance – tpnAssist.com ***

thanks for your reply @tpnsolutions

i have old DNS nameserver records already set up - i just need to change the IP’s once i spin up the server - i’m not going to bother with IPv6 at this point

i’m still wondering about my no. 4 question; whether or not i need a mail server running on the server to be notified of server happenings, or whether i can send mail another way, such as to my everyday email address

@vmin,

No, you don’t need a mail server running. A lot of people for instance delegate Gmail or Office365 for this role, and simply add the appropriate records for their service.

If you only have one server, I’d recommend you let your registrar host your DNS, or use a cloud-based DNS service like Route 53.

thank you for your replies guys

@Joe - i’m guessing you’re making that suggestion with redundancy in mind, is that correct?

Sure. It’s considered good practice, and most registrars will require you to provide at least two name servers if you’ll be delegating elsewhere.

One could argue that if you’re hosting it all on one server (i.e. web and DNS) having two is unimportant…if the one server goes down, you lose web anyway, but when there is an outage I like being able to change DNS to send mail to a hold-and-forward backup, and maybe a placeholder website if the outage will be longer than a few minutes. If everything is on one, you lose the ability to even migrate off the one server in a reasonable way. You just have more steps to recover in such a case, since you have to spin up new DNS servers plus whatever other stuff was going on, and also wait for the new delegation to propagate.

understood - i’m not running a critical site so i’m not so worried about something exploding along the network, plus a i already have a tamp backup landing page

on to mail… another nightmare that haunts me :slight_smile:

  1. given i’ll be using a 3rd party mail provider, can i dump dovecot, postifx and bind?

  2. how do i configure the server so that it sends mail to my provider (i didn’t find anything in the docs)? i assume an MX record is involved, but i know little about this

  3. on my old server i had DKIM, DMARC and SPF implemented in an effort to keep a the IP clean and add some security/trust - all this is moot when using an external mail server, correct?

related:

@vmin,

No, you don’t dump Postfix (SMTP) or Dovecot (POP/IMAP) or BIND (DNS), but you can if desired “disable” them.

This approach allows at a future date should you change how things run the ability to “enable” them. Further these services take up very little space anyways.

*** Postfix while it may not be getting used for everyday mailboxes, does come in handy when the system wants to contact you about critical events and such. So while I’d recommend based on your needs to “disable” inbound connections to port 25 (SMTP) I would never recommend completely disabling Postfix (SMTP) ***

unless someone thinks this is a bad idea, it looks like i’ll be adding my domain to my current mail server which has instructions for handling this - basically…

  • Set the MX part of your DNS record to point to "mx.runbox.com" in your domain hosting service. Runbox will automatically check your DNS record at short intervals (10 min), and change the status of the domain entry to “Active” once your record has been verified.
  • Set a TXT record in your DNS zone to specify that Runbox is a valid email sender for your domain. It should look like "v=spf1 redirect=spf.runbox.com".

and then for SPF they say…

  • The way to do this is to modify your DNS records to include the text below in a TXT record of your zone file.

"v=spf1 redirect=spf.runbox.com"