# Custom DNS Server Setup

If you prefer to run your own DNS infrastructure, you can use custom DNS servers with indevs Domains. This guide covers the requirements and setup process.

Your custom DNS servers must meet these requirements:

• Publicly Accessible: Nameservers must be reachable from the internet
• Authoritative: Must be configured as authoritative nameservers for your subdomain
• Reliable: Should have good uptime (99%+ recommended)
• Standard Compliant: Must follow DNS RFC standards
• Multiple Servers: At least 2 nameservers recommended for redundancy

Platform: Linux, BSD, Windows
Difficulty: Advanced
Best For: Enterprise setups, experienced administrators

BIND Documentation

Platform: Linux, BSD
Difficulty: Intermediate to Advanced
Best For: Modern setups, API-driven management

PowerDNS Documentation

Platform: Linux, BSD
Difficulty: Intermediate
Best For: Authoritative-only DNS, security-focused setups

NSD Documentation

Platform: Linux, BSD
Difficulty: Intermediate
Best For: High-performance setups, DNSSEC

Knot DNS Documentation

Choose and install your preferred DNS server software on your server(s).

Create a zone file for your indevs subdomain:

$TTL 3600
@       IN      SOA     ns1.yourdomain.com. admin.yourdomain.com. (
                        2024010101 ; Serial
                        3600       ; Refresh
                        1800       ; Retry
                        604800     ; Expire
                        86400 )    ; Minimum TTL

; Nameservers
@       IN      NS      ns1.yourdomain.com.
@       IN      NS      ns2.yourdomain.com.

; A Records
@       IN      A       192.0.2.1
www     IN      A       192.0.2.1

; AAAA Records (IPv6)
@       IN      AAAA    2001:db8::1

; CNAME Records
blog    IN      CNAME   yourusername.github.io.

Before registering with indevs, test your DNS servers:

# Test nameserver response

> [!WARNING]
> These docs are in **Beta** and actively updated daily. Please report if you find any issues.
dig @ns1.yourdomain.com yourname.indevs.in

# Test from external resolver

> [!WARNING]
> These docs are in **Beta** and actively updated daily. Please report if you find any issues.
dig yourname.indevs.in @8.8.8.8

Create your registration file:

{
  "owner": {
    "username": "yourgithubusername",
    "email": "[email protected]"
  },
  "record": {
    "NS": [
      "ns1.yourdomain.com",
      "ns2.yourdomain.com"
    ]
  }
}

Always configure at least 2 nameservers for redundancy:

• Primary: ns1.yourdomain.com
• Secondary: ns2.yourdomain.com

Place nameservers in different geographic locations for better reliability and performance.

Use monitoring tools to ensure your nameservers are always available:

• UptimeRobot
• Pingdom
• StatusCake

Regularly update your DNS server software to patch security vulnerabilities.

For enhanced security, consider enabling DNSSEC on your nameservers.

Solution:

• Check firewall rules (allow UDP/TCP port 53)
• Verify DNS service is running
• Test with dig @your-nameserver-ip yourdomain.com

Solution:

• Check zone file syntax
• Review DNS server logs
• Verify zone is properly loaded in configuration

Solution:

• Optimize TTL values
• Enable DNS caching
• Check server resources (CPU, memory)

Only allow zone transfers to authorized secondary nameservers:

allow-transfer { 192.0.2.2; };

Implement rate limiting to prevent DNS amplification attacks.

Restrict who can update DNS records using:

• TSIG keys
• IP-based ACLs
• API authentication

Regularly review DNS logs for:

• Unusual query patterns
• Failed queries
• Security events

Monitor:

• Query response time
• Query volume
• Server resource usage

Regularly backup:

• Zone files
• Configuration files
• DNSSEC keys (if applicable)

• DNS RFC Standards
• BIND Administrator Reference Manual
• PowerDNS Documentation

Need help? Join our Discord for live help or contact us at [email protected]