DNS configurations in linux: right/wrong?

hi all experts,

I have a linux server running behind a router (port 53 enabled, public IP whose local ip is I'd like to have this server to be a dns server to response internet requests to other web/mail servers on a different network.

1. i register 2 nameservers point toward that IP
2. my /etc/resolv.conf consisted of
nameserver (these 2 are 2 dns resolvers from the ISP)

are those correct?

thanks so much
Who is Participating?
msklizmantasConnect With a Mentor Commented:

you need two named servers on different machine. and you need to setup your dns zone on both of them. of course, it is possible to run only one named server, just have two names for it (ie n1.domain.com, n2.domain.com).

more information could be found here:




mostly correct, but one nameserver should be separate machine, just in case your server dies.


valleytechAuthor Commented:
thanks! another part that i'm confusing is that...when i registered namservers, i have to set its IP to be correct? if so, then why the /etc/resolv.conf set nameserver to be
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

because internally (from inside network) you can connect to server using this ip: and it is no point of connecting to it via external (which sometimes even doesn't work, depending on the router).
valleytechAuthor Commented:
if so, then I only need to activate my named.conf and point other domains to the 2 nameservers  I set. they should work?
Do i have to assign any IPs or set up A records for 2 nameservers within my dns?

valleytechAuthor Commented:
thanks again!
do u mind for another dumb question?
can one public IP have 2 namservers registered on it?
Gabriel OrozcoConnect With a Mentor Solution ArchitectCommented:
Hi valleytech

I do not think you really understand how this works:

Lets say we are onon of those web/mail server machines and the domain you are authority for is a .com one:
for every dns query, it will ask its default dns (knows it because of its own /etc/resolv.conf)
if its dns does not have the domain in its cache, it will begin a thread:
1) ask to the root dns servers for the .com resolver
2) ask to one of the .com master servers it got from the previous step, WHO is the authority for this particular .com domain. it gets the ip address of your dns server
3) ask your dns server for the record being looked. if it is who is the mail server for this domain, it will ask for the MX record. if it wants the ip address of the web server, it will ask for the A record. etc.

* your dns server does not need to be referenced at all on these web/mail servers.
* usually you never allow externals to ask you for any other domain than the ones you are authority for, since everyone will then try to use your server as a public dns and will consume your bandwidth. you only allow requests for those domains you added on your dns server and nothing more
* on your own dns server you can still use your isp's dns resolvers or you can create a more complex setup to be your own dns server (resolving even external domain names, but only to a defined range of ip addresses: yours)

this said, what I recommend is this:
on that dns server your

/etc/named.conf  (let's say your default directory is /var/named as mine)
acl internals {;; };
acl externals { any; };

options {
        directory "/var/named";
        pid-file "named.pid";
        allow-recursion { internals; };
        version "trulinux.com dns Server"; // Hide bind version
zone "domain1.com" {
        type master;
        file "domain1.com";
zone "domain2.com" {
        type master;
        file "domain2.com";

and on /var/named directory, you need the two domain files:

/var/named/domain1.com: (assuming domain1 has web and mail servers on the same box, x.y.z.w, and pointing WWW to the sape IP as the one of the box):
$TTL 259200     ; 3 days
domain1.com       IN SOA  domain1.com. root.domain1.com. (
                                2009092901 ; serial
                                600        ; refresh (10 minutes)
                                7200       ; retry (2 hours)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
                        NS      ns.domain1.com.
                        MX      10 mail
                        A       x.y.z.w
$ORIGIN domain1.com.
ns                     A
www               CNAME @
mail                   A       x.y.z.w

the other (domain2) is similar.

once you have that, anyone on the internet will know where your servers are if they ask to your name server.

hope that helps
valleytechAuthor Commented:
thanks somuch for your clear explanation. I was able to understand more about DNS functionality
below is my zone file for domain.com with name nameservers at dns1.mynameserver.net ( and dns2.mynameserver.net (  
web/mail server is located at x.y.z.w

does it look allright? sofar it is working fine. just to make sure ;) .thanks.11

; Zone file for domain.com
$TTL 14400
@      86400    IN      SOA     dns1.mynameserver.net. email@yahoo.com. ( 2007071109      ; serial, todays date+todays
                86400           ; refresh, seconds
                7200            ; retry, seconds
                3600000         ; expire, seconds
                86400 )         ; minimum, seconds

domain.com. 86400 IN NS dns1.mynameserver.net.
domain.com. 86400 IN NS dns2.mynameserver.net.

domain.com.       IN A
domain.com.       IN MX 25 domain.com.

mail IN CNAME domain.com.
www IN CNAME domain.com.
ftp IN A x.y.z.w

yes it looks fine.

Gabriel OrozcoSolution ArchitectCommented:
just a note:

you are to replace the part "serial, todays date+todays" with the actual value
also when you write
domain.com.       IN MX 25 domain.com.

the 25 is the PRIORITY of the email server. that is usually 10, 20 , 30 etc. so when the first priority email server is down, email can go to the secondary priority server. in your case you have only one email server and is USUAL to have it with priority 10 (although not needed, and your setup is fine). when I saw "25" I wanted to make clear is not the PORT where you expect email, but the priority.

other than that... your setup looks good
valleytechAuthor Commented:
thanks !!!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.