Managing DNS for your LoCo

If you’re looking for managing LoCo DNS with nsset script, You may have a look at LoCoTeamsDNSAdmin - Ubuntu Wiki instead.

LoCos with their domain names registered on Canonical’s nameservers, may refer to this document for managing DNS. If you’re a LoCo DNS Administrator or a contact of your LoCo, You suppose to have access to domain’s DNS key for accessing the system that uses TSIG for DNS changes.

Check your LoCo’s domain name is on Canonical’s nameservers

Use whois to check if it’s on Canonical’s nameservers.

whois ubuntu-**.org | grep Server

Running this command should display someting like this below. If not, this document does not applies for managing your domain.

Registrar WHOIS Server: http://whois.markmonitor.com
Name Server: ns1.canonical.com
Name Server: ns2.canonical.com
Name Server: ns3.canonical.com

Requesting for DNS Key or DNS Update

If you are a LoCo contact and would like to request followings, Please email GnuPG-signed message to rt@ubuntu.com with the request. In the case of an update please specify which IP address the new domain should have.

  • Would like to have the DNS of your domain or subdomain updated.
  • Don’t have the key for your domain and wish to have it.
  • Would like to have both of the above done.

Managing your LoCo’s DNS records

Once you have your LoCo’s DNS Key, You can then update DNS records to setup domain for websites or other servers.

Backing up DNS record data

For just in case if you got something wrong happen and would like to revert it back soon, Let’s back up current data of the DNS record you want to update. Which is usually IP address or another long domain that the domain is pointing at.

Use dig which is included in dnsutils package. (Make sure to replace ubuntu-**.org with the domain name you would like to check)

dig @ns1.canonical.com www.ubuntu-**.org

Then it should display something like this below.

; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> @ns1.canonical.com www.ubuntu-kr.org
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46670
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: <REDACTED> (good)
;; QUESTION SECTION:
;www.ubuntu-**.org.             IN      A

;; ANSWER SECTION:
www.ubuntu-**.org.      86400   IN      A       123.123.123.123

;; Query time: 229 msec
;; SERVER: <REDACTED>#53(ns1.canonical.com) (UDP)
;; WHEN: Thu Mar 21 21:46:45 KST 2024
;; MSG SIZE  rcvd: 90

And look for the ANSWER SECTION that shows IP address or other domain that your domain points.

;; ANSWER SECTION:
www.ubuntu-**.org.      86400   IN      A       123.123.123.123

Using nsupdate to update DNS record

With your DNS Key file with its contents looks like this, Let’s use nsupdate to update DNS record. This command is also included in dnsutils package.

key ubuntu-**.org. {
    algorithm hmac-md5;
    secret "your_dns_key_secret_value_here";
};

Use the following command to open prompt of nsupdate

nsupdate -v -k <path_to_your_dns_key_file>
# Example: nsupdate -v -k ./ubuntu-se-org.key

Once you entered the prompt, specify server and zone first.

server loco-dns.ubuntu.com
zone ubuntu-**.org

Too delete an existing record, Use update delete with following format.

update delete [domain-name] [ttl] [class] [type] [data]

For example, To delete TXT record of ubuntu-se.org domain with data EXAMPLE_TXT_VALUE

update delete ubuntu-se.org TXT EXAMPLE_TXT_VALUE

Too add an record, Use update add with following format.

update add [domain-name] [ttl] [class] [type] [data]

For example, To add and A record of ubuntu-se.org domain with data 123.123.123.123 and TTL 21600

update add ubuntu-se.org 21600 A 123.123.123.123

If you’re done with managing DNS records, now it’s time to apply changes. Use show to check changes to be applied, Then if all looks good, enter send and press Enter key to apply changes.

Once you’re done with applying changes, You may now enter quit to exit the prompt.

Checking if changes were applied

Check that the change was applied to the DNS server. This can be done by running this command once more:

dig @ns1.canonical.com <domain_name_you_want_to_check>

And look for the changes you made in the Answer section. Do note that the change can take up to 48 hours to spread through all the DNS servers on the Internet. If you run multiple changes in a short time, the servers at canonical.com may also reply with old data for a while.

Need help?

In case you need more help or information, these are what you can do.