Infrastructure #1: Moving DNS servers

by Michael Tremer, December 30, 2013

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

During the cold winter days, it is always time to hack on the IPFire infrastructure. So, here is the first part of a small series about what we did.


We moved our DNS servers from our domain registrar to our own ones based on the Open Source DNS server PowerDNS.

Reasons for that is mainly the problems we have with the interface of our DNS provider (which are basically the same with other ones). The infrastructure of the project is growing and growing and DNS is a very important service that should always be working and it should be possible to update it very easily and quickly. So waiting hours for updates and being not able to support certain features is a huge limitation, we didn’t want to deal with any longer.

The new DNS servers, that we set up, are able to support DNSSEC, but unfortunately, I could not find a proper registrar who offers DNSSEC as well, so we cannot use this feature. I am looking forward, that in the near future, this will be possible and that we just need to press the button and enable it, because all the requirements are already there.


While rebuilding our DNS zone, we removed the wildcard record, which always pointed at the IP address of our main gateway at the NOC. So, if you tried to resolve some record like invalid.ipfire.org, you were always pointed to that gateway – even if there is no service on this domain. Now, invalid.ipfire.org returns a DNS error immediately.

If we missed to add any valid host, you might get a DNS error for a domain that actually exists. If you find one or any other issue with the migration process, please leave me a note.