Saturday, 27 August 2016

Wrestling with DNS

Once you've got DNS set up, it kind of lasts forever. Kind of. Except when ...

As part of my comprehensive upgrade, I've moved a lot of the servers to Fedora 24, the latest version. And some of them go *way* back - version 9 was quite common in my farm, and that's about ten years old. I even have some servers running a Fedora from before it was called Fedora! So anyway, on to version 24. And, of course, between the versions ancient and modern, there's been big changes.

One change is DNS Sec, the "secure" version of DNS. I decided to skip that for now, it's a whole other can of worms, I'll do that later.

Another change is that the order in which you have sentences in the DNS data file is now a lot stricter. I had to go through all my data files, a couple of dozen of them, and move a line from line 2 to line 4.

Another change is that when a master sends data to slaves (I'm suprised that the SJWs haven't picked up on this terminology yet), the data that arrives is in compressed format, to save space and for faster loading. But since I only have a couple of dozen, space isn't as important to me as legibility, so I had to change that.

So I edited all my DNS data files, and created four new nameservers (called, imaginatively, ns3, ns4, ns5 and ns6, because I already have ns1 and ns2 running) which will sit on the new fast line (although at the moment, they're on the old slow line), and
then it was time to tell Network Solutions and Godaddy about the changes.

DNS is important. When you access a computer over the internet, the computer has a four-part number, that looks like this: So, for example, Google is
But you dn't want to try to remember the numbers, you want to remember names, like Your computer will translate the name to the number, and here's how.

First, it goes to one of the root nameservers. There's 12 companies run these, and I expect each company is using a whole bunch of computers to provide the service. When you want to go to, the root tells your computer "I don't know the answer, but if you ask Network Solutions, they'll know". So your computer asks Netsol. Netsol says "I don't know, but if you ask, you'll get the answer there". And will tell you, which is run by Google, who kindly host this blog at no cost. So now you can read my blog!

Network Solutions is a company that (among other things) acts as a registrar for domain names. So, for example, when I first registered ( was already taken by an antivirus company) I went to Netsol and did it there, paying a ridiculously large amount of dollars for a very tiny and totally automated service. Then I tell Netsol the IP addresses of my name servers, and my name servers redirect requests to, for example,, to the appropriate IP address. I'm mostly not with Netsol now, they're very expensive and not as user-friendly as GoDaddy. Although you really can't imagine how totally user-hostile it all was 20 years ago - you had to send a carefully crafted and formatted email to make any change, and I was always nervous about whther I'd got it right, and how to fix any errors. But it's all web-based now.

So I logged on to, clicked on "manage account", and instead of doing what I'd come for, I diverted to update my credit card details. Then "My Domain Names" ... "Manage name servers" and I created the new nameservers, giving the IP address that they'll have with the fast line. So now I have two nameservers using the old IPs, and four with the new. I've done that so that the information can spread through the internet over the next few days. Then I updated the list of nameservers for each of the domains I have with Netsol, so now it knows about six nameservers for each of my domains. Job done, logged off.

Then I logged on to Godaddy, who, by the way, are advertising that you can set up your own web site for £0.99 for the first year (if you sign up for two years), which might be interesting to someone who just wants a little web site for fun, although most likely your ISP already gives you web space for free. I went to "Domains" ... "Manage" which took me to a list of the couple of dozen domains I run. I clicked on the tick that checked the check boxes for all of them, so that I could update them all in one swoop, clicked on "nameservers" and "set nameservers", chose "custom" and added the two new nameservers ns5 and ns6 to the list. I clicked on "Save" and that should mean that all the domains now have the same six nameservers.

The nameservers run on my computers, and they're currently directing people to the old IP addresses, but once the news of these nameservers propagates around the internet, I'll be able to switch to the new IP addresses very easily, just editing stuff on my computers.

No comments:

Post a Comment