Frequently Asked Questions

This page answers common questions about nx9-dns-server installation, configuration, and operation.

General Questions

What is nx9-dns-server?

nx9-dns-server is a high-performance, RFC-compliant authoritative DNS server implemented in Rust. It is designed to serve DNS records for your domains with support for various record types, DNSSEC, and management interfaces.

What makes nx9-dns-server different from other DNS servers?

  • Performance: Built in Rust with asynchronous I/O for high throughput
  • Modern Design: Clean architecture with a focus on security and reliability
  • Ease of Use: Upcoming web UI and API for simple management
  • Focused Purpose: Specifically designed as an authoritative DNS server
  • Lightweight: Small memory and CPU footprint compared to full-featured DNS servers
  • SQLite Backend: Simple database storage for easy backup and migration

What can I use nx9-dns-server for?

  • Hosting DNS for your own domains
  • Internal DNS for corporate networks
  • DNS service for hosting providers
  • Development and testing environments
  • Educational purposes to learn about DNS

Is nx9-dns-server production-ready?

The core DNS server functionality is stable and suitable for production use. The web UI and API features are still under development. Many organizations are successfully using nx9-dns-server in production for authoritative DNS services.

Technical Questions

Which DNS record types are supported?

nx9-dns-server supports the following record types: - A (IPv4 address) - AAAA (IPv6 address) - MX (Mail exchange) - NS (Name server) - SOA (Start of authority) - PTR (Pointer) - TXT (Text) - CNAME (Canonical name) - SRV (Service) - CAA (Certificate Authority Authorization) - DNSKEY, RRSIG, DS (DNSSEC records)

Does nx9-dns-server support DNSSEC?

Yes, nx9-dns-server includes comprehensive DNSSEC support. It can load existing DNSSEC keys, sign zone records, and serve DNSSEC-related records (DNSKEY, RRSIG, DS). Instructions for creating DNSSEC keys are provided in the README.

Can nx9-dns-server function as a recursive resolver?

No, nx9-dns-server is designed specifically as an authoritative DNS server. It does not perform recursive resolution. For a recursive resolver, consider using software like Unbound or PowerDNS Recursor.

What are the system requirements?

Minimal requirements: - Linux (Debian, Ubuntu, CentOS, Alpine) or macOS - 1 CPU core - 256MB RAM - 10MB disk space - Rust 1.60+ (for building)

Recommended: - 2+ CPU cores - 1GB RAM - SSD storage - Rust 1.72+

How many queries per second can nx9-dns-server handle?

Performance varies based on hardware, but typical benchmarks show: - 5,000-10,000 QPS on modest hardware (2 cores, 1GB RAM) - 20,000-40,000 QPS on better hardware (4+ cores, 2GB RAM) - DNSSEC-signed responses perform at about 60-70% of unsigned responses

Does nx9-dns-server support high availability/clustering?

Clustering support is on the roadmap but not yet implemented. Currently, you can achieve high availability using multiple independent instances behind a load balancer.

Installation & Deployment

How do I install nx9-dns-server?

There are several installation methods:

  1. Build from source: bash git clone https://github.com/thakares/nx9-dns-server.git cd nx9-dns-server cargo build --release

  2. Docker: bash docker run -d --name nx9-dns \ -p 53:53/udp -p 53:53/tcp \ -v /path/to/dns.db:/var/nx9-dns-server/dns.db \ -v /path/to/keys:/etc/nx9-dns-server/keys \ nx9-dns-server:latest

  3. Pre-built binaries: Download from the GitHub releases page.

Can I run nx9-dns-server on Windows?

While the core code should compile on Windows, we officially support and test on Linux and macOS. Windows users should use Docker or WSL (Windows Subsystem for Linux).

How do I deploy nx9-dns-server in production?

For production deployments, we recommend: 1. Setting up a systemd service (see deployment section in README) 2. Using proper firewall rules 3. Configuring DNSSEC 4. Setting up monitoring 5. Implementing regular backups of the SQLite database

What ports need to be open in my firewall?

  • UDP port 53 (standard DNS)
  • TCP port 53 (DNS over TCP, zone transfers)
  • TCP port 8080 (Web UI - if enabled)
  • TCP port 8081 (API - if enabled)
  • TCP port 9100 (Metrics - if enabled)

Configuration

How do I configure nx9-dns-server?

Configuration is primarily done through environment variables. See the Configuration Reference wiki page for a complete list of options.

Key environment variables: bash export DNS_BIND="0.0.0.0:53" export DNS_DB_PATH="/var/nx9-dns-server/dns.db" export DNSSEC_KEY_FILE="/var/nx9-dns-server/Kexample.com.+008+24550.key"

How do I manage DNS records?

Currently, DNS records are managed through the SQLite database. You can: 1. Use SQL commands directly 2. Use the upcoming web UI (in development) 3. Use the upcoming API (in development)

Example SQL to add a record: sql INSERT OR REPLACE INTO dns_records VALUES ('example.com', 'A', '203.0.113.10', 3600);

How do I back up my DNS configuration?

Since records are stored in a SQLite database, you can simply back up the database file: bash cp /var/nx9-dns-server/dns.db /path/to/backup/dns.db.bak

For added safety, you should also back up: - DNSSEC key files - Configuration files and environment variables - Customized scripts or templates

How do I set up DNSSEC?

  1. Generate a DNSSEC key pair: bash dnssec-keygen -a RSASHA256 -b 2048 -n ZONE example.com

  2. Set the DNSSEC_KEY_FILE environment variable: bash export DNSSEC_KEY_FILE="/path/to/Kexample.com.+008+24550.key"

  3. Submit DS records to your parent zone (usually through your domain registrar).

For detailed instructions, see the "How to Create DNSSEC_KEY_FILE" section in the README.

Troubleshooting

DNS server returns "SERVFAIL" errors

Common causes: 1. Database permissions: Ensure the database file is readable by the server 2. DNSSEC key issues: Check that the key file exists and is valid 3. Record format errors: Verify your DNS records follow the correct format 4. Resource constraints: Check system resources (CPU, memory)

Check server logs for specific error messages: ```bash sudo journalctl -u dns-server.service

or

sudo cat /var/log/nx9-dns-server/server.log ```

How do I verify my DNS server is working?

Use the provided diagnostic tools: ```bash

Check all record types

./tools/dnscheck.sh

Test specific domain

dig @localhost example.com A ```

The server starts but doesn't respond to queries

Check: 1. Firewall rules: Ensure UDP and TCP port 53 are open 2. Binding address: Make sure the server is binding to the correct interface 3. Database content: Verify your database has records for the queried domain 4. Network constraints: Check if your ISP blocks DNS traffic

DNSSEC validation fails

Common issues: 1. Key file format: Ensure the key file is properly formatted 2. Key permissions: Check file permissions on the key file 3. Missing DS records: Ensure DS records are published in parent zone 4. TTL issues: Check if old records are cached

Web UI or API not accessible

Check: 1. Service binding: Verify binding address is correct (0.0.0.0 vs 127.0.0.1) 2. Firewall rules: Ensure ports 8080/8081 are open 3. Service status: Confirm the services are enabled in configuration 4. Authentication: Check credentials if authentication is enabled

Development & Contributing

How can I contribute to nx9-dns-server?

We welcome contributions! See our Contributing Guidelines for details.

Priority areas for contribution: 1. Web UI development 2. API service implementation 3. Documentation improvements 4. Testing and quality assurance

Where can I report bugs or request features?

Please use GitHub issues: - Bug reports: https://github.com/thakares/nx9-dns-server/issues/new?template=bug_report.md - Feature requests: https://github.com/thakares/nx9-dns-server/issues/new?template=feature_request.md

Is there a development roadmap?

Yes, see our Roadmap for planned features and development priorities.

How can I support the project?

  • Contribute code or documentation
  • Report bugs and test releases
  • Share your experience using nx9-dns-server
  • Consider sponsoring the project on GitHub
  • Help improve these wiki pages

Community & Support

Is commercial support available?

Currently, there is no official commercial support. Support is provided through: - GitHub issues - Community forums - Email support (for critical issues)

Where can I discuss nx9-dns-server with other users?

  • GitHub Discussions: https://github.com/thakares/nx9-dns-server/discussions
  • Community chat: [Link to chat platform]
  • Monthly community calls (see project website for schedule)

How can I stay updated on new releases?

  • Watch the GitHub repository
  • Follow the project on social media
  • Subscribe to release announcements (link in project README)
  • Check the releases page periodically

Who maintains nx9-dns-server?

The project is maintained by a small team of core contributors led by Sunil P. Thakare sunil@thakares.com, with support from an active community of contributors.