How do you configure authoritative DNS
If you have a domain registered via Cloudflare, and you want to make a DigitalOcean droplet be the authoritative name server for it, how do you do that? I've done a little searching and I'm unsure whether or not I understand what I have found, so I appreciate the help!
18 Replies
If you're using the registrar, you don't. Can't use anything but CF Nameservers. You could delegate a subdomain to ext. dns
Oh that's interesting, but I guess maybe that would be fine for what I'm trying to do (time will tell). If you don't mind, how would I delegate subdomains to something else?
setup ns records within dns -> records under your website in Cloudflare
So that would be an NS record for
* that points to whatever the thing I want to be authoritative?If you wanted to do all subdomains? yea
Yeah, taking the lazy approach for now and will narrow down later 🤣
Thank you for the super quick responses, and for your help!
could do
A ns1 ip unproxied
NS mysubdomaindelegated ns1.mydomain.com
If you just want to run your own dns for fun it's a good way to learn, worth noting though there's a reason why people use big DNS Providers like Cloudflare/AWS/Google, etc, super critical infra and low latency really helpsMostly in it for the learning, definitely not planning on doing anything too wild
yea it's a lot of fun and good way to learn. There's a lot of cool auth. dns servers out there like powerdns and such, a semi-unpopular one wikipedia uses is called gdnsd which does great geodns and supports BIND format with really good performance. Worth looking into if you're still looking around, I use it on some of my stuff and it's been great
Ok so this is kinda weird. I tried what you suggested (
* --> ns1, ns1 --> IP unproxied) and I wasn't seeing my queries on IP. If I change * to test but keep the rest of the flow the same, I can see queries for test. Any ideas?
Upon further inspection, it seems like for some reason you can't have
* go to ns1 but you can have *.sub go to ns1. So something doesn't let you do all subdomains, but you can do all subdomains of a subdomainAny record type existing on a label prevents wildcards from acting on it and any deeper recursion
so
* would cover
nothinghere
but not
ns1
or
literally.anything.deeper.ns1ohhhhh
same thing for
*.sub
ns1.sub existing would prevent ns from being there, as well as anything deeperThat makes sense, thanks!
Being lazy strikes again
You can in some cases re-add the record, ex: specifically make
ns record on ns1 but in here it makes no sense as if you had an NS record on ns1, to resolve the IP of your DNS Server ns1.example.com it'd need to resolve ns1.example.com which is delegated to ns1.example.com which would need to resolve ns1.example.com... I think you get the ideaYeahhh, in hindsight that makes total sense
If you were setting up your own dns servers on the entire domain, and used nameservers on the same domain, you'd have to use something called glue records which you set at your registrar, and effectively the TLD serves those records to allow for dns resolution and prevent that infinite loop issue, ex: