If you’re looking for managing LoCo DNS with
nsset
script, You may have a look at LoCoTeamsDNSAdmin - Ubuntu Wiki instead.
LoCos with their domain names registered on Canonical’s nameservers, may refer to this document for managing DNS. If you’re a LoCo DNS Administrator or a contact of your LoCo, You suppose to have access to domain’s DNS key for accessing the system that uses TSIG for DNS changes.
Check your LoCo’s domain name is on Canonical’s nameservers
Use whois
to check if it’s on Canonical’s nameservers.
whois ubuntu-**.org | grep Server
Running this command should display someting like this below. If not, this document does not applies for managing your domain.
Registrar WHOIS Server: http://whois.markmonitor.com
Name Server: ns1.canonical.com
Name Server: ns2.canonical.com
Name Server: ns3.canonical.com
Requesting for DNS Key or DNS Update
If you are a LoCo contact and would like to request followings, Please email GnuPG-signed message to rt@ubuntu.com with the request. In the case of an update please specify which IP address the new domain should have.
- Would like to have the DNS of your domain or subdomain updated.
- Don’t have the key for your domain and wish to have it.
- Would like to have both of the above done.
Managing your LoCo’s DNS records
Once you have your LoCo’s DNS Key, You can then update DNS records to setup domain for websites or other servers.
Backing up DNS record data
For just in case if you got something wrong happen and would like to revert it back soon, Let’s back up current data of the DNS record you want to update. Which is usually IP address or another long domain that the domain is pointing at.
Use dig
which is included in dnsutils
package. (Make sure to replace ubuntu-**.org
with the domain name you would like to check)
dig @ns1.canonical.com www.ubuntu-**.org
Then it should display something like this below.
; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> @ns1.canonical.com www.ubuntu-kr.org
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46670
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: <REDACTED> (good)
;; QUESTION SECTION:
;www.ubuntu-**.org. IN A
;; ANSWER SECTION:
www.ubuntu-**.org. 86400 IN A 123.123.123.123
;; Query time: 229 msec
;; SERVER: <REDACTED>#53(ns1.canonical.com) (UDP)
;; WHEN: Thu Mar 21 21:46:45 KST 2024
;; MSG SIZE rcvd: 90
And look for the ANSWER SECTION
that shows IP address or other domain that your domain points.
;; ANSWER SECTION:
www.ubuntu-**.org. 86400 IN A 123.123.123.123
Using nsupdate
to update DNS record
With your DNS Key file with its contents looks like this, Let’s use nsupdate
to update DNS record. This command is also included in dnsutils
package.
key ubuntu-**.org. {
algorithm hmac-md5;
secret "your_dns_key_secret_value_here";
};
Use the following command to open prompt of nsupdate
nsupdate -v -k <path_to_your_dns_key_file>
# Example: nsupdate -v -k ./ubuntu-se-org.key
Once you entered the prompt, specify server
and zone
first.
server loco-dns.ubuntu.com
zone ubuntu-**.org
Too delete an existing record, Use update delete
with following format.
update delete [domain-name] [ttl] [class] [type] [data]
For example, To delete TXT
record of ubuntu-se.org
domain with data EXAMPLE_TXT_VALUE
update delete ubuntu-se.org TXT EXAMPLE_TXT_VALUE
Too add an record, Use update add
with following format.
update add [domain-name] [ttl] [class] [type] [data]
For example, To add and A
record of ubuntu-se.org
domain with data 123.123.123.123
and TTL 21600
update add ubuntu-se.org 21600 A 123.123.123.123
If you’re done with managing DNS records, now it’s time to apply changes. Use show
to check changes to be applied, Then if all looks good, enter send
and press Enter
key to apply changes.
Once you’re done with applying changes, You may now enter quit
to exit the prompt.
Checking if changes were applied
Check that the change was applied to the DNS server. This can be done by running this command once more:
dig @ns1.canonical.com <domain_name_you_want_to_check>
And look for the changes you made in the Answer section. Do note that the change can take up to 48 hours to spread through all the DNS servers on the Internet. If you run multiple changes in a short time, the servers at canonical.com may also reply with old data for a while.
Need help?
In case you need more help or information, these are what you can do.
- Send an email to rt@ubuntu.com or submit a ticket at http://rt.ubuntu.com/ explaining what you are trying to do and the details of the problem you are having.
- You might want to read manual for
whois
,dig
andnsupdate
for detailed usage.