How do you configure authoritative DNS
If you have a domain registered via Cloudflare, and you want to make a DigitalOcean droplet be the authoritative name server for it, how do you do that? I've done a little searching and I'm unsure whether or not I understand what I have found, so I appreciate the help!
18 Replies
If you're using the registrar, you don't. Can't use anything but CF Nameservers. You could delegate a subdomain to ext. dns
Oh that's interesting, but I guess maybe that would be fine for what I'm trying to do (time will tell). If you don't mind, how would I delegate subdomains to something else?
setup ns records within dns -> records under your website in Cloudflare
So that would be an NS record for
*
that points to whatever the thing I want to be authoritative?If you wanted to do all subdomains? yea
Yeah, taking the lazy approach for now and will narrow down later 🤣
Thank you for the super quick responses, and for your help!
could do
A
ns1
ip
unproxied
NS
mysubdomaindelegated
ns1.mydomain.com
If you just want to run your own dns for fun it's a good way to learn, worth noting though there's a reason why people use big DNS Providers like Cloudflare/AWS/Google, etc, super critical infra and low latency really helpsMostly in it for the learning, definitely not planning on doing anything too wild
yea it's a lot of fun and good way to learn. There's a lot of cool auth. dns servers out there like powerdns and such, a semi-unpopular one wikipedia uses is called gdnsd which does great geodns and supports BIND format with really good performance. Worth looking into if you're still looking around, I use it on some of my stuff and it's been great
Ok so this is kinda weird. I tried what you suggested (
*
--> ns1
, ns1
--> IP
unproxied) and I wasn't seeing my queries on IP
. If I change *
to test
but keep the rest of the flow the same, I can see queries for test
. Any ideas?Upon further inspection, it seems like for some reason you can't have
*
go to ns1
but you can have *.sub
go to ns1
. So something doesn't let you do all subdomains, but you can do all subdomains of a subdomainAny record type existing on a label prevents wildcards from acting on it and any deeper recursion
so
*
would cover
nothinghere
but not
ns1
or
literally.anything.deeper.ns1
ohhhhh
same thing for
*.sub
ns1.sub
existing would prevent ns from being there, as well as anything deeperThat makes sense, thanks!
Being lazy strikes again