Install and Configure a Primary and Secondary Technitium Authoritative Name Server
Authoritative DNS
First, you'll want to have a domain name you've registered, and can change the DNS servers for through your registrar.
Install Technitium
I'm going to use two Digital Ocean servers for this. the first will be my primary DNS sever. The second will be the secondary DNS server, and will be synced to the first for the zone I create for my domain.
What You'll Need
- A Domain name you own and can change the name server (glue) records for.
- A list of any existing A, AAAA, CNAME records you have for this domain name (ones you created)
- Ideally two servers with two different public IPv4 and IPv6 Addresses (though IPv6 is optional but recommended)
- Abut 30 minutes of your time
- The understanding that changing Name Servers can take a little bit to propogate through the entire internet.
I'll be setting up Technitium on a domain I have today. I'll be doing the initial install on empty (new) Digital Ocean droplets (servers), and then I'll switch to my production Technitium servers in order to do the full setup in the Web UI, so I'm not having to change things later. It will be the same process regardless.
Create your server(s), if you don't already have one (and I suggest this be a dedicated server, VM, or container). Once created, the install is the same for both servers. I'll be using Ubuntu 24.04 server edition for this purpose.
First, let's update our new server with all the latest packages: On digital ocean you login initially as the root user, so we'll run our updates as that user, then we'll create a non-root user who has sudo
privileges afterward.
Update and Upgrade Packages
apt update && apt upgrade -y
If you're already logged in as a non-root user with sudo
privileges, you can run
sudo apt update && sudo apt upgrade -y
Once the updates complete, let's just reboot our servers real quick to make sure any updates have been completely enabled.
root user
reboot
Non Root User
sudo reboot
Now ssh back in (log back in) and we'll create our non-root user if you haven't already done this.:
adduser <username you want>
Enter the password you'll use for this user, then confirm it, and then enter any details you want into the prompts. Finally enter `Y` and press Enter.
You new user is created, but not yet part of the sudo group, so let's add them to that group.
usermod -aG sudo <the username you made>
Now you can log out as root, and log back in as your non-root user.
Once logged back in as the non-root user, run the command below to install Technitium:
curl -sSL https://download.technitium.com/dns/install.sh | sudo bash
Allow this script to finish. Once complete, we'll want to go to our server using it's public IP address, and port 5380.
You'll be greeted by a page with a pop-up (modal), and prompted to create a strong password for the admin user. Make sure to make this a very long, strong password.
After doing that you'll be presented with the dashboard for Technitium.
Settings we want to set immediately:
Set the Domain Name for the Server
Under the Settings tab, we want to set the DNS Server Domain. We wnt to enter the full primary domain name for this server. In our case on server 1, we'll set it as "ns1.yourdomain.com", of course replaceing 'yourdomain.com' with your actual domain.
Enter your Email as the Responsible Party
Scroll down and find the 'Responsible Party' entry, and make sure your email is entered there.
Set the Time To Live for new DNS Entries
Next we'll move down to a setting called 'Default Record TTL'. This is the default time you'd want a new DNS entry like 'mymusic.mydomain.com' to go live after you set it. Generally we'll want to set this to 600 seconds (ten minutes).
Now Save your changes at the bottom of the settings view.
Setting Up a New Zone
Under Zones, we want to add a new zone as our new authoritative DNS for a domain we control.
Let's call our domain myawesomedns.org. We will click 'Add a Zone' in the user interface.
We will give the Zone a name to help us identify our zone easily. This name needs to be your primary domain name (e.g. myawesomedns.org ).
For the Type, on our first server (the control server), we want to choose 'Primary Zone' and click 'Add'.
This will generate some NS records for us immediately. We'll get an NS record, and we'll get an SOA record as well. These are both important. Make sure they both show your nameserver domain (for our example: ns1.myawesomedns.org).
Before you continue, I highly recommend, if you haven't already done so, enable IPv6 for your servers. In digital ocean you have to shutdown your server, then in the control panel under Networking for the specific server, enable IPv6, and restart the server. You should now get a public IPv6 address. Make sure to enable IPv6 for all of your NS servers.
We need to make sure to get any A, AAAA, CNAME, etc Records moved over from the Registrar to our new Technitium server. If you have an A record for @ (the base domain) of myawesomedns.org and it points to 22.24.26.31 then you need to go into Technitium in the zone you just made and add that same record there.
Once you've copied all of the DNS records over, you'll need to setup Glue records. These are records in your registrar that identify your Technitium servers as authoritative DNS servers. This is important, and getting setup will take two steps (at least it does on Hover).
1. Setup the Glue Records
2. Reassign DNS for the domain to your ns1 and ns2 servers.
To setup a Glue record on each registrar is a different process, so you'll want to find out how to do it for your registrar.
On Hover, you go into your domain, then click on the 'Advanced' tab.
Go down to the Glue Records section and click on 'Add a Glue Record'.
Enter the domain name of our first server 'ns1.myawesomedns.org', then copy and paste in your IPv4 and IPv6 addresses. Click 'Add Record'. Be patient while this happens.
Repeat the above for each name server you are setting up. So we'll repeat it for ns2.myawesomedomain.org.
Once done, we need to change out the Name Server entries for the domain. In Hover you do this on the domain overview page. It, again, will be different from each registrar.
To do this, I want to remove my ns1 and ns2 entries that are done by the registrar (e.g. ns1.hover.com and ns2.hover.com), and instead add my new ns1.myawesomedomain.org and ns2.myawesomedomain.org.
When you save, you'll lose the ability to reach your domain (sites) until your Technitium servers are updated and propagated throughout the internet.
It only took a few minutes to about an hour for me, but could take a couple of hours.
Setup our DNS entries for our ns2 server on ns1.
Go to your Tehnitium control panel on your ns1 server. Under Zones, click on the zone you created (myawesomedomain).
Now click on Add Record, and in the form that comes up, enter 'ns2' in the Name field.
In the Type field select 'NS'.
In the Name Server field enter 'ns2.myawesomedns.org'.
In the Glue Records field, I suggest adding your ns2 server's IPv4 and IPv6 addresses. You should enter 1 per line, and not put any commas, spaces, or other characters in this field.
Click 'Save', to add your new NS record.
Next, we need to add the A record for ns2. So click 'Add Record', then enter 'ns2' in the Name field.
Add the IPv4 Address of the sever in the IP Address field, and click 'Save'.
Finally, let's add our AAAA record (IPv6 version of an A record), click on 'Add Record'.
Enter 'ns2' in the Name field.
Enter the IPv6 Address into the IPV6 Address field and click 'Save'.
At this point, you should have the following records in your NS1 server under the Zone we created:
- NS Record for your primary server ns1.myawesomedns.org
- SOA Record for your primary server.
- A record for your secondary server 'ns2.myawesomedns.org'
- AAAA record for your secondary server 'ns2.myawesomedns.org'
- NS record for your secondary server 'ns2.myawesomedns.org'
- Any other A, CNAME, TXT, DMARK, DKIM, or AAAA records you need for any sites you have running.
To make sure everything is working, you can just navigate to your sites, and make sure they resolve.
If you still aren't sure, you can use the dig
command in Linux.
We can do
dig +trace wiki.myawesomedns.org
This should give back a good bit of information, but one thing you should see your new technitium nameservers listed.
Moving to the NS2 Server Setup
We need to setup our Second Server the same way. The only difference on our second server is that we will create a secondary zone this time. You can do this for as many client (secondary) Name Server machines as you want.
- Again, in the Settings, we want to change the DNS Domain Name to be ns2.myawesomedns.org, and you would do the same for any other servers you setup. ns3, ns4 and so on.
- Set the Responsible Party email address.
- Set the TTL to 600, or whatever number you prefer, but I'd say anything 600 and up should be pretty safe.
- Save you changes.
Add our Zone
Now go to Zones on your secondary server, and click 'Add Zone'.
In the 'Zone' field, enter your base domain name (exactly the same as you did on NS1) (e.g. myawesomedns.org).
Next, enter the ns1 domain and IPv4 address, the IPv4 address alone on it's own line, and the IPv6 address alone on it's own line. It should look something like this:
ns1.myawesomedns.org (21.23.25.31)
21.23.25.31
2001:fe:020a:102f:edf1::edf1
Now click 'Add', and you'll see a new SOA record only. It should have the proper name-server domain name, and your email for the responsible party.
This should start trying to pull data from ns1 (all of your DNS records for the same zone).
In order to get this to successfully pull the data over, we need to go back to our primary name server (ns1) and go into the myawesomedns.org zone.
- Click on the 'Options' button
- Select Zone Options.
- Now change the selected option to 'Allow Only Specified Name Servers'.
- In the entry box below that selection, enter the IPv4 and IPv6 addresses for your secondary name server (ns2).
- Click 'Save'.
Go back to your secondary server, and in your myawesomedns zone, click the 'Resync' button, then click 'Ok'.
Give it about 30 seconds, then click the little 'refresh' icon next to your Zone name.
You should now see all the DNS records from your primary server.
You have now setup your Name Servers. You can add a new Zone and repeat the Zone setup steps on each server for each domain you own or manage. This way you can setup your clients domain names, and manage their DNS for them. This is a powerful tool that can help your clients keep their business running.
Reverse Proxy
Til now, we've been accessing our DNS through the IP and port, but it is of course better to use a Reverse Proxy to setup a subdomain on which to reach these management pages, and to get proper SSL setup for those management pages as well.
To do that, choose your favorite Reverse Proxy (NGinX Proxy Manager, Traefik, Caddy, Zoraxy, or just plain old NGinX), and make an entry for each server. In my case I called mine dns1.myawesomedns.com and dns2.myawesomedns.com. I entered the IP and Port appropriately for the Web Admin interface, and then requested the LetsEncrypt SSL certificates for each. Now when I connect through my domain names, I know I'm getting an encrypted connection where it's much safer to enter my login details, and create all of my zones and domains.
Support My Channel and Content
Support my Channel and ongoing efforts through Patreon:
https://www.patreon.com/awesomeopensource
Buy me a Beer / Coffee:
https://paypal.me/BrianMcGonagill