Quoting Brian May (brian@linuxpenguins.xyz):
1. Hosting the DNS domain. This is easy.
Yes, indeed it is. I found that the problem decomposes into two subparts, which we'll call (a) and (b): (a) Operate authoritative nameserver software (I recommend NSD) on a fixed IP address. (b) Have a couple of friends who do likewise. You do authoritative slave nameservice for their domains. They do authoritative slave nameservice for yours. :r! whois linuxmafia.com | grep "Name Server" Name Server: NS.PRIMATE.NET Name Server: NS.TX.PRIMATE.NET Name Server: NS1.LINUXMAFIA.COM Name Server: NS3.LINUXMAFIA.COM Name Server: NS6.LINUXMAFIA.COM RFC2182 section 5 recommends minimum 3, maximum 7 authoritative nameservers for a domain, so five is pretty good. I note that a depressingly large number of allegedly professional outsourced DNS providers violate the RFCs with dangerously thin nameservice, e.g.: :r! whois baycon.org | grep "Name Server" Name Server: NS1.BLUEHOST.COM Name Server: NS2.BLUEHOST.COM There, friends, I present: Bluehost, Inc., a supposedly professional hosting company. And that is the sort of incompetence you all too frequently get when you outsource.
There are providers that will do this for free
And worth every penny? ;-> As insurance concerning step (b), I also have in recent years added (c): (c) Check up on your friends, lest they disappoint. E.g., 'Oh, did I neglect to tell you I moved my nameserver to a new IP address two years ago? Dreadfully sorry.' Here is /etc/cron.weekly/mydomains, a barely good enough solution to that verification problem that could be improved with modest effort: #!/bin/sh # mydomains Cron script to sanity-check my domains' SOA records at # all of their authoritative nameservers, as a quick and # dirty way of making sure (1) they're all online and # (2) they're all serving up the same data (or at least # data with the same zonefile serial number). # # The script queries all nameservers for their current # SOA value, and then uses awk to parse out of that # verbose record just the S/N field, which is field #3. # The point is that you can visually spot offline or # aberrant nameservers by their S/Ns being (respectively) # missing or an out-of-step value. # # Written by Rick Moen (rick@linuxmafia.com) # $Id: cron.weekly,v 1.03 2011/05/21 00:35:00 rick # Copyright (C) Rick Moen, 2011. Do anything you want with this work. set -o errexit #aka "set -e": exit if any line returns non-true value set -o nounset #aka "set -u": exit upon finding an uninitialised variable test -x /usr/bin/mail || exit 0 test -x /usr/bin/whois || exit 0 test -x /usr/bin/awk || exit 0 test -x /bin/grep || exit 0 test -x /usr/bin/dig || exit 0 { echo "As of 2011-05-21, linuxmafia.com should show five authoritative nameservers:" echo "" echo "ns.primate.net. 198.144.194.12, (Aaron T. Porter)" echo "ns.tx.primate.net. 72.249.38.88 (Aaron T. Porter)" echo "ns3.linuxmafia.com. 63.193.123.122, aka ns.catwhisker.org (David Wolfskill)" echo "ns1.thecoop.net. 66.220.20.163, (Drew Bertola)" echo "ns1.linuxmafia.com. 198.144.195.186 (Rick Moen)" echo "" echo "As of 2011-05-21, unixmercenary.net should show five authoritative nameservers:" echo "" echo "ns.primate.net. 198.144.194.12, (Aaron T. Porter)" echo "ns.tx.primate.net. 72.249.38.88 (Aaron T. Porter)" echo "ns3.linuxmafia.com. 63.193.123.122, aka ns.catwhisker.org (David Wolfskill)" echo "ns1.thecoop.net. 66.220.20.163, (Drew Bertola)" echo "ns1.linuxmafia.com. 198.144.195.186 (Rick Moen)" echo "" echo "If any is missing from reports below, or produces odd data, something is wrong." echo "" echo "Zonefile S/Ns, linuxmafia.com:" echo "" dig -t soa linuxmafia.com. @ns.primate.net. +short | awk '{ print $3 " on ns.primate.net." }' dig -t soa linuxmafia.com. @ns.tx.primate.net. +short | awk '{ print $3 " on ns.tx.primate.net." }' dig -t soa linuxmafia.com. @ns3.linuxmafia.com. +short | awk '{ print $3 " on ns3.linuxmafia.com." }' dig -t soa linuxmafia.com. @ns1.thecoop.net. +short | awk '{ print $3 " on ns1.thecoop.net."}' dig -t soa linuxmafia.com. @ns1.linuxmafia.com. +short | awk '{ print $3 " on ns1.linuxmafia.com."}' echo "" echo "Zonefile S/Ns, unixmercenary.net:" echo "" dig -t soa unixmercenary.net. @ns.primate.net. +short | awk '{ print $3 " on ns.primate.net." }' dig -t soa unixmercenary.net. @ns.tx.primate.net. +short | awk '{ print $3 " on ns.tx.primate.net." }' dig -t soa unixmercenary.net. @ns3.linuxmafia.com. +short | awk '{ print $3 " on ns3.linuxmafia.com." }' dig -t soa unixmercenary.net. @ns1.thecoop.net. +short | awk '{ print $3 " on ns1.thecoop.net."}' dig -t soa unixmercenary.net. @ns1.linuxmafia.com. +short | awk '{ print $3 " on ns1.linuxmafia.com."}' echo "" echo "Authoritative nameservers from whois, linuxmafia.com:" echo "" whois linuxmafia.com | grep 'Name Server' | awk -F: '{ print $2 }' | head -n 7 echo "" echo "Authoritative nameservers from whois, unixmercenary.net:" echo "" whois unixmercenary.net | grep 'Name Server' | awk -F: '{ print $2 }' | head -n 7 echo "" echo "Parent-zone NS records and matching A records (glue), linuxmafia.com:" echo "" dig -t ns linuxmafia.com. @$(dig -t ns com. +short | head -n 1) +nocmd +noquestion +nostats +nocomments echo "" echo "Parent-zone NS records and matching A records (glue), unixmercenary.net:" echo "" dig -t ns unixmercenary.net. @$(dig -t ns net. +short | head -n 1) +nocmd +noquestion +nostats +nocomments echo "" echo "In-domain NS records and matching A records, linuxmafia.com:" echo "" dig -t ns linuxmafia.com. @$(dig -t ns linuxmafia.com. +short | head -n 1) +nocmd +noquestion +nostats +nocomments echo "" echo "In-domain NS records and matching A records, unixmercenary.net:" echo "" dig -t ns unixmercenary.net. @$(dig -t ns unixmercenary.net. +short | head -n 1) +nocmd +noquestion +nostats +nocomments } | mail -s "Domains linuxmafia.com and unixmercenary.net SOA check" rick@linuxmafia.com