Tuesday, 09 October 2007 20:15

Master your domain with Linux

Every web site needs a domain name. Every domain name needs DNS. Yet, it’s often overlooked and misunderstood. If you own a domain you need to understand DNS. And here’s the low-down as well as some helpful Linux tools.
Here’s a common story: someone buys a domain name, sometimes through a domain registrar directly, often through an ISP or web host. The person puts up a web site, and calls upon the person who supplied the domain name to make the “www” address work. The person knows they have a couple of e-mail addresses included with their domain name. They can set these up; if they want more it costs extra.

If nothing ever changes, all is well. Yet, you might want to change web host for reasons of performance, or price or service or features or anything else. You might want to change domain registrar because another one offers a better price. You might want to hand over your domain name to someone else. Indeed, you might also want to cut your costs: you may well be needlessly paying monthly for someone to manage your domain name, even if nothing changes.

This is an issue I’ve been dealing with a lot; for several years I’ve been working with companies that have pursued an aggressive growth strategy via mergers and acquisitions. Invariably, they end up with loads of domains. Almost immediately, the parent company is keen to consolidate web sites for the purpose of re-branding. And almost without exception, my question “what’s your registry key” is met with bemused looks.

As I dig, I’m always disturbed by what I find. Here’s some real situations I’ve come across:

* The original registrar provided the DNS service. Yet, the domain’s registry key is unknown. All registrars provide an automated facility to recover this, but invariably the e-mail address used to purchase the domain in the first place is an old ISP account which no longer exists.

* Some companies are a bit more vigilant: one accidently let their domain name lapse and got such a shock that they hired a service provider to keep an eye on their domains expiry dates as well as host DNS for them. They paid $60/month for this, per domain.

* Some of the above companies actually had business grade DSL Internet services. In these cases, their ISP actually provide free, highly reliable, DNS hosting with a backup mail service – which they simply didn’t use because they didn’t know about it, instead paying another company for a lesser-quality facility.

* Another company had their own Windows Small Business Server (which comes with Microsoft Exchange) but used their ISP’s domain hosting service to manage their e-mail accounts. They got a few e-mail addresses provided and then paid an extra $1/month for each surplus address. Internally, they were all using POP to pull domain e-mail into their mail client. The ISP had a web site where e-mail addresses could be added and removed, but didn’t give any online means to add a new host (in particular, a “www” address, pointing to a web site). The company called their provider to request a www address record be created; the provider told them to e-mail. Yet, the specified e-mail address bounced back.

So, they’re the problems. In one sense, domain names should be as easy as “set and forget” but every domain owner really owes it to themself to understand just what’s going on and get greater control over this purpose. Before we talk about tools, let’s explain the process and terminology.

The dirt on domain names

There’s three parts to making a domain go live. First, a domain registrar provides the domain name. This is accompanied by a registry key which serves the exact same purpose as a password on a login. The registry key lets you come back and make changes to the domain name details – which include the name and address of authorised contacts as well as the DNS servers that provide detail on the domain. You can also check up on your domain’s expiry date here. But beyond these few details, that’s all the domain registrar actually stores.

If you don’t know your registry key, look for it. Make sure you know when your domain has to be renewed. And be sure to keep your on-file e-mail address up-to-date.

The third part is the physical, online, server or servers that provide your Internet presence. These may be on your premises or they may be hosted by someone else. Regardless, they will have an Internet-accessible IP address.
Many people recognise they need these first and third parts when they set up a domain. However, there’s a middle tier, and it’s the least understood.

The middle tier is the DNS servers. I’ve bandied about the term “DNS” repeatedly; it stands for “Domain Name System” and is the glue which actually ties your domain name to your mail and web services as well as any other facilities you may wish to provide (like remote access.) There are a variety of different records available, but three are particularly important.

The first is A records. An A record is an actual physical host. When you create an A record, you link both a name (e.g. “rtp-inbound-a.cisco.com”) and an IP address (e.g. “”).

Next comes CNAME records. CNAME lets you make an alias for an existing host. A common example might be that you have the one physical server providing both your mail and web facilities. You thus could make an A record for, say, server.domain.com with the actual IP address. You then make CNAME records to redirect both http://www.domain.com/ and mail.domain.com to server.domain.com. If you move your host, you can just edit the one record for server.domain.com and everything continues to work.

The third important record type is MX. This stands for “mail exchanger” and identifies the host that handles mail for your domain. You might have more than one MX server, providing redundancy in case your main server is down for maintenance or any other reason.

If you don’t know who’s handling your DNS, find out. Check what the fees are. And be sure to find out if this is the best option for you. Maybe you have an alternative at no extra cost, bundled with something else you’re already paying for.

Earlier, I referred to companies who had business-grade Internet but paid someone else to manage their DNS. In Australia, the largest telco is Telstra. Customers of their Internet Direct service get free DNS hosting which can be so easily maintained via an online facility called CustData. To use it, you simply log in and set up your records. Go back to your domain registrar and set your DNS servers to be ns0.telstra.net and ns1.telstra.net. All done. You can then freely update your DNS records whenever you wish. I’d expect most major telcos and ISPs to have similar offerings.

(Oddly enough, Telstra is actually the company who also provide the managed name service on their ordinary residential BigPond Internet accounts, where you can add e-mail addresses but can’t specify a web server.)

You might also choose to use a free DNS server like ZoneEdit. This is a terrific facility with a lot of options. It’s stable and reliable. However, if your Internet presence is critical then it’s well worth paying a bit extra for an additional nameserver or for backup mail service.

When you understand DNS and where it fits in to the equation you can begin doing clever things.

For instance, you may have your domain managed by a hosting service. They’ll look after your web site – which you want – and they say they give you a couple of e-mail addresses. However, just because that’s the offer doesn’t mean you’re stuck with it.

The hosting service will tell you the names of their DNS servers, and instruct you to point to them back at your domain registrar. You don’t have to do this; instead, point to your own DNS server. There, redirect the www address to the web host’s IP address and your web site will work as it should. When it comes to mail, however, you have richer options. Set up an MX record to direct mail to your own mail server should you be running one. Or, use the special type of configuration item called MailForward for as many e-mail addresses as you want without restriction.

In this case, the e-mail won’t be stored on your web host’s servers but need to redirect to existing mailboxes – which is fine; you can then use one mailbox to receive all your e-mail for all your e-mail addresses instead of having to POP them from all over the place, or manually check many diverse locations.

Another clever thing you can do – and pretty much the reverse of the above – is take control of the situation where the hosting provider lets you set up e-mail addresses but not any other host name like a web server. In that case, again, edit your details back at the domain registrar to point to the DNS server you want to use.

This time, set the MX record to point back to the hosting provider. Then, all mail for your domain will go to them just as before, and your e-mail addresses will continue to work. The big difference is now you can also make a www record to point to the web host you’re using, as well as define any other service you wish to expose.

If you understand the purpose of DNS and what it can do, then you are able to free yourself from any constraints or charges which service providers might otherwise impose upon you. You are generally not under any obligation to use the name servers that your provider tells you to use.

With this under our proverbial belts, let’s see what Linux can do for us to help.

Open-source Linux DNS tools

The most important such tool is one we won’t go into detail about; BIND – Berkeley Internet Name Domain – is the predominant DNS server application for Linux systems. Using BIND you can even host DNS yourself. However, I’d wager if you are up to the level of configuring BIND and running your own 24x7 connected system then nothing in this article is new to you anyway.


Query domain registrars right from your command line. Run whois cisco.com, for example, to get the goods on when that domain name was created, when it expires (and hence needs renewal), who the registrar is, and who handles its DNS. In this case, Cisco run their own name servers:

   Domain Name: CISCO.COM
   Name Server: NS1.CISCO.COM
   Name Server: NS2.CISCO.COM
   Creation Date: 14-may-1987
   Expiration Date: 15-may-2009

The information displayed will vary depending on what the domain registrar permits; whois itwire.com.au return some more company and contact information but omits the expiry date. Nevertheless, there’s more than enough data for the legitimate owner to determine their own registrar and DNS servers.


Pull information right out of DNS servers via nslookup, specifying a host name. For instance, nslookup http://www.cisco.com/ advises the physical IP address for that service is

Additionally, nslookup offers an interactive mode where you can batch series of queries. These may be for specific hostnames as above, or you can probe for different types of records from the DNS server. In this case, just run nslookup on the command line by itself. You’ll then have an angle prompt where you can keep entering commands until you type exit.

A useful interactive command is set type=xxx where xxx is a type of record; the default is A which means nslookup will return A records only, i.e. actual physical hostnames that map to IP addresses. You can specify types cname, mx and more to retrieve different information.


While nslookup is useful, it hasn’t evolved much over time. A more recent tool is dig (Domain Information Groper) which, like nslookup, interrogates DNS servers but has more flexibility and is simpler to use.

Like nslookup, dig expects a name to be supplied. Unlike nslookup, it will return all A records for the specified domain, not just the individual host. A second parameter can be used on the command line to identify the type of records to be returned. A particularly useful option here is ‘any’ – as in dig cisco.com any – which will dump the entire set of DNS information for a domain.

Another command you can explore for this same purpose is host.


So far, the commands listed return data about your domain. nsupdate is different; it will make DNS changes and actually modify your domain. Using nsupdate you can make DNS changes right from your own computer without having to use a web site tool on your DNS server’s site.

Not all DNS providers support nsupdate – it requires DNSSEC authentication (the Domain Name System Security Extensions) – but if your provider does, then nsupdate will let you make modifications with ease. An example of an nsupdate session is like this:

# nsupdate
> update delete oldhost.example.com A
> update add newhost.example.com 87400 A
> send

This removes any A records for oldhost.example.com, and then makes a new A record for newhost.example.com. The IP address is A time-to-live is also stipulated, namely 86,400 seconds or one day. Any computers which cache the address of this host will need to look it up again after this period of time lapses.

That’s DNS in a nutshell, as well as the most important Linux tools to help you get started right away. You can find loads more DNS tools for Linux online also.

Now go forth and master your domain!



Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.




Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.


Webinars & Events