allu62 Posted July 22, 2021 Posted July 22, 2021 My brandnew VPS is running, with Hestia installed. Next step: moving my website (hosted on Tommy) to the VPS. I suppose that this is essentially 3 steps: Create a new domain record, create a new web record and upload the files. Two major questions: 1. I suppose that HelioHost has to delete my actual DNS records (on Tommy), before I can create new ones? 2. Must I change server names at my DNS provider's? What are the DNS servers responsible for myvps.heliohost.us? My VPS itself, perhaps? Another question concerns security. What should I absolutely do to avoid hacking and other problems? Thanks for answer. And thanks for having the possibility to have this amazing experience, that's mostly complete newland for me.
badrihippo Posted July 22, 2021 Posted July 22, 2021 What domain are you using: is it a HelioHost-provided domain or your own one? If it's your own then you don't have to wait for HelioHost to delete the Tommy DNS records: you can just change the settings at your DNS provider's dashboard. For example, I got my domain "sssnet.tk" on Freenom so I can log in to Freenom's control panel and change the domain settings there. Just create an A record pointing sssnet.tk (for example) to your VPS's IP address (which you should have got in an email from Krydos once it was created). If the DNS record is pointing directly to your server, then any obsolete HelioHost records will be bypassed because requests will go directly from your new record to your VPS. The basic DNS record types, which are available at most providers, should work for you. But if at some point you want more advanced DNS records (say, for an XMPP server) then you could sign up for a dedicated DNS host such as the freemium ClouDNS. Security is a much more complicated business: I use YunoHost instead of a control panel, which automatically installs firewalls and monitors like fail2ban. I'm not sure if Hestia has its own security in place, but one thing you could do is change your SSH port to a non-standard one. I used to get a lot of random people trying to log on to my VPS on port 22, and now that I've changed the SSH port it doesn't happen any more. But I'd suggest you play around with the server a bit and become more familiar with it before you try this 🙂
allu62 Posted July 22, 2021 Author Posted July 22, 2021 Thanks for answer. It's my own .lu domain, registered at a provider's in Luxembourg. If I understand you well, bind on my VPS is a "real DNS server", all of my DNS-related records may be registered on the VPS and all DNS requests for my domain will directly be passed from my DNS registerer to my bind server (if I set the A record there)? Hestia has installed iptables and I think fail2ban, too. Perhaps I should shutdown the SSH server (if this works from Hestia) as I'll only exceptionally need direct access to the system (as, for example, to install Perl, I suppose). I choose the VPS for the transition time, where Tommy is rebuild, because I want to keep my site online. Playing around would be a good occasion to learn new things, but my site is priority and having no Internet access of my own, I'm doing all this, sitting on the sidewalk, so to say. Perhaps a good idea for later, on a local virtual machine...
badrihippo Posted July 22, 2021 Posted July 22, 2021 That isn't what I had in mind, but I went through the Hestia docs just now and realised what you're proposing is a better solution. Sorry about that. Some explanation is probably necessary here. Explanation of how the DNS system works I should probably start by saying I'm not completely sure of the nuances of the system either, but I have messed around with DNSes quite a bit. What follows is my understanding plus a few educated guesses and some StackOverflow searches. If everything goes smoothly, you may not need to know all this, but when I got stuck (which was not uncommon) it helped me to know all this and have some idea of what was going on! There are three components to this: Your registrar, which points the domain to a nameserver. For example, I have snipettemag.com pointing to the nsone.com nameserver, which is what I use. So if anyone wants to load snipettemag.com or its subdomains, they're told to look it up at the nsone nameserver. Your nameserver, which actually manages the domains, subdomains, etc. and redirects them to the respective machines. For example, snipettemag.com points to a Netlify server but stats.snipettemag.com points to my VPS and media.snipettemag.com was until recently pointing to Tommy, where I was storing images and other static files. The actual server (VPS, Tommy, etc) which receives the requests and responds appropriately. For example, my VPS is set up so that stats.snipettemag.com serves a local GoatCounter installation I have, whereas bag.snipettemag.com redirects to my Wallabag. Both requests come to my VPS, but the VPS responds differently based on whether the request is to the "stats" or "bag" subdomain. You wouldn't have seen these moving parts on Tommy, because HelioHost runs the nameserver as well as Tommy, so the two are well integrated. When you add a domain (or subdomain) to Tommy, it automatically creates the corresponding DNS record as well. On other setups (such as mine) it's more common to run the server by oneself but delegate the nameserver to some other provider. The reason is that if your VPS crashes, the nameserver will go down as well, which means any other domains it serves (eg. email or an external subdomain) will go down as well. The downside is of course that you have to register domains twice: once on the nameserver end, and once again on the server (think one to send and one to receive). This setup is what I was trying to suggest for you as well. My recommendation for you But now I realise that Hestia has a DNS management facility. If you're just going to be hosting one domain, and Hestia handles it without much advanced setup, then maybe that's a better option for you. In which case the answer to the first part of your question is yes: your VPS is the "real nameserver". The problem is, you'll have to point to it using an NS record, which StackOverflow tells me needs a domain name (not an IP address). I think you can solve this problem by registering two records at your provider's end: an NS record pointing [yourdomain.lu] to [ns.yourdomain.lu] an A record pointing [ns.yourdomain.lu] to [your VPS IP address] That way you theoretically have two servers—the nameserver ns.yourdomain.lu and the actual yourdomain.lu—which makes the DNS system happy even though they're physically on the same machine. This is assuming your provider allows you to add both NS and A records. (If not, you'd have to go for a separate nameserver like ClouDNS, and update the records there as well as in Hestia every time you want to change something—which is hopefully not often). I'd like to signoff by saying that I've never used this kind of setup, although it's what I think would work best for you. I'd suggest you give it a try. If it works, then great; if not, I can't help you, but I'd be happy to help out with setting up an external nameserver like I mentioned in the last line or perhaps someone who's more knowledgeable than me could step in 🙂
allu62 Posted July 22, 2021 Author Posted July 22, 2021 Thanks a lot for your concern and efforts. Hestia created the new zone with ns1/2.heliohost.us as DNS servers, but these do not exist. My DNS provider asks for 2 DNS servers, that must be given by name. I hope that Krydos sees the posts; he probably would have a suggestion. Thanks anyway and have a nice day. 1
badrihippo Posted July 22, 2021 Posted July 22, 2021 No problem! If your provider asked for two DNS servers I suspect you'll have to go for my backup option: managing DNS externally using a service like ClouDNS to register A records, then adding the domains to Hestia to use them. (Even before Hestia is set up, you'll know the DNS is working because you'll be able to SSH in using ...@yourdomain.lu instead of ...@some-ip-address). You're right, though, Krydos might have some better ideas...
infantex Posted July 22, 2021 Posted July 22, 2021 What I did, as per @wolstech suggestion, was to add, at my registrar, my own site as DNS. As you mention, my registrar required that the DNS be a domain, so I entered: "ns1.infantex.com.mx" (infantex.com.mx is my domain). I guess the registrar detected I was using my own domain as DNS and enabled a field where I could enter the VPS's IP (@wolstech referred to this as "glue"). Try it, it should work. EDIT: I forgot, you need two DNSs. I don't know if you could enter ns1. and ns2.yourdomain.com, both with the same IP. 🙂 Or use some third-party DNS as the second one (Cloudfare, ClouDNS, ...). I haven't used them. 1
wolstech Posted July 22, 2021 Posted July 22, 2021 What @infantex said is exactly how its done by pretty much all. For example, even heliohost.org itself works like that (where the name server ns1.heliohost.org is a subdomain of the domain being configured). The IP address of a valid name server for the domain is needed at the registrar ]when the NS points to a subdomain, just so DNS has an idea where to start looking. These records are known as a "glue record", and internally are just a plain A record. If you're curious about the logic behind it and why you need to set up your DNS this way when you host your own name server on your VPS: https://ns1.com/blog/glue-records-and-dedicated-dns 1
allu62 Posted July 22, 2021 Author Posted July 22, 2021 Lots to tired to be curious... Tried the whole afternoon to solve the problem. 1. I created an account on ClouDNS and added 4 NS and an A and AAAA record for my domain there. They tell it's ok. 2. I changed the name servers at my DNS provider's to the new NS records. DNS servers were accepted and the update was done. 3. I changed the NS records on my VPS. Here, too, all seems ok. However, if I point my browser to my domain name, I still come to my old site on Tommy. Doing a DNS audit on dns.computer, they tell me that's all ok, but with ns1.heliohost.org and ns2.heliohost.org as nameservers. Is this simply, because it takes time, until the changes take effect? Or, will it only work when my DNS records are deleted at HelioHost?
wolstech Posted July 22, 2021 Posted July 22, 2021 It takes up to 48 hours for DNS changes to take effect across the whole internet. Most people see it within a few hours though.
allu62 Posted July 23, 2021 Author Posted July 23, 2021 On 7/22/2021 at 4:09 PM, badrihippo said: I suspect you'll have to go for my backup option: managing DNS externally using a service like ClouDNS to register A records Big thanks for this suggestion: The static pages of my site are actually running on my VPS! To add, that ClouDNS seems globally to be a real good solution: Creation of a zone and addition of A and other records is entirely free and their service is simple and implicit to use. Thus, if you need a free DNS server to host the records for your website, you should have a look at https://www.cloudns.net/ ...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now