{"id":18654111,"url":"https://github.com/piyushxcoder/vps_from_scratch","last_synced_at":"2026-02-14T06:31:56.068Z","repository":{"id":240181043,"uuid":"606369356","full_name":"PiyushXCoder/vps_from_scratch","owner":"PiyushXCoder","description":null,"archived":false,"fork":false,"pushed_at":"2023-03-19T05:32:05.000Z","size":4,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-25T18:26:58.465Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://blog.piyushxcoder.in/vps_from_scratch","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PiyushXCoder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-25T09:25:18.000Z","updated_at":"2024-08-04T03:14:42.000Z","dependencies_parsed_at":"2024-05-17T06:50:19.986Z","dependency_job_id":"cc2e2ff0-e6c1-4500-95c6-be8f607f0bf3","html_url":"https://github.com/PiyushXCoder/vps_from_scratch","commit_stats":null,"previous_names":["piyushxcoder/vps_from_scratch"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/PiyushXCoder/vps_from_scratch","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PiyushXCoder%2Fvps_from_scratch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PiyushXCoder%2Fvps_from_scratch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PiyushXCoder%2Fvps_from_scratch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PiyushXCoder%2Fvps_from_scratch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PiyushXCoder","download_url":"https://codeload.github.com/PiyushXCoder/vps_from_scratch/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PiyushXCoder%2Fvps_from_scratch/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29438766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T05:24:35.651Z","status":"ssl_error","status_checked_at":"2026-02-14T05:24:34.830Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T07:14:02.056Z","updated_at":"2026-02-14T06:31:56.048Z","avatar_url":"https://github.com/PiyushXCoder.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# VPS from Scratch\n\n## Introduction\n\nThis manual describes way to setup bind as DNS with godaddy, SSL certificate from certbot.\nThe manual is written for `Ubuntu 20.4`. You will have to replace your server info in configs below.\n\nReplace `\u003cYour server ip address\u003e` with ip address(eg. 10.4.60.1) of your VPS server and `\u003cYour domain name\u003e` with your domain name(eg. piyushxcoder.in).\n\n### Setting up Bind DNS with godaddy\n\n#### Install bind\n\n```\nsudo apt install bind9 bind9utils bind9-doc\n```\n\n#### Modify `/etc/default/named`\n\n```\nOPTIONS=\"-u bind -4\"\n```\n\n#### Configure `/etc/bind/named.conf.options`\n\n```\noptions {\n        version \"Secured DNS server\";\n\n        directory \"/var/cache/bind\";\n\n        // If there is a firewall between you and nameservers you want\n        // to talk to, you may need to fix the firewall to allow multiple\n        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113\n\n        // If your ISP provided one or more IP addresses for stable\n        // nameservers, you probably want to use them as forwarders.\n        // Uncomment the following block, and insert the addresses replacing\n        // the all-0's placeholder.\n\n        forwarders {\n                8.8.8.8;\n                8.8.4.4;\n        };\n\n        //========================================================================\n        // If BIND logs error messages about the root key being expired,\n        // you will need to update your keys.  See https://www.isc.org/bind-keys\n        //========================================================================\n        dnssec-validation auto;\n\n        //listen-on-v6 { any; };\n\n        allow-query {\n                localhost;\n                any;\n        };\n\n        listen-on port 53 {\n                \u003cYour server ip address\u003e;\n                localhost;\n        };  // listen on private network only\n\n        server-id none;\n        allow-transfer { none; };      # disable zone transfers by default\n};\n```\n\n#### Configure `/etc/bind/named.conf.local`\n\nAdd Zone for every domain you are going to use.\n\n```\n// Do any local configuration here\n//\n\n// Consider adding the 1918 zones here, if they are not used in your\n// organization\n//include \"/etc/bind/zones.rfc1918\";\n\ninclude \"/etc/bind/named.conf.certbot\";\n\nzone \"\u003cYour domain name\u003e\" {\n        type master;\n        file \"/etc/bind/db.\u003cYour domain name\u003e\";\n        allow-transfer { \u003cYour server ip address\u003e; };\n        also-notify { \u003cYour server ip address\u003e; };\n};\n```\n\n#### Create zone file as mentioned in `named.conf.local`\n\nExample Zone file `db.\u003cYour domain name\u003e`\n\n```\n; BIND data file for local loopback interface\n;\n$TTL    604800\n@       IN      SOA     ns1.\u003cYour domain name\u003e. admin.\u003cYour domain name\u003e. (\n                              2         ; Serial\n                         604800         ; Refresh\n                          86400         ; Retry\n                        2419200         ; Expire\n                         604800 )       ; Negative Cache TTL\n\n@       IN      NS      \u003cYour domain name\u003e.\n@       IN      A       \u003cYour server ip address\u003e\n\n        IN      NS      ns1.\u003cYour domain name\u003e.\n        IN      NS      ns2.\u003cYour domain name\u003e.\nns1     IN      A       \u003cYour server ip address\u003e\nns2     IN      A       \u003cYour server ip address\u003e\n\n# To redirect www handle it with ngnix\n# www\tIN\tCNAME\t\u003cYour server ip address\u003e.\n\n# For Certbot\n# _acme-challenge IN NS \u003cYour server ip address\u003e.\n```\n\n#### Check Zone files and configuration \n```\nsudo named-checkconf\n```\n\n#### Restart bind server \n```\nsudo service bind9 restart\n```\n\n#### Add custom host names with ns1 ns2 subdomain and pointing to your ip addresses as specified in [\"Add my custom host names\"](https://in.godaddy.com/help/dd-my-custom-host-names-12320).\n\nThere after change nameservers for domain with `ns1.\u003cYour domain name\u003e` and `ns2.\u003cYour domain name\u003e`\n\nDo it for every domain you want to point to your DNS\n\n__Note:__ To check if dns is working properly or not you may use `dig @ns1.\u003cYour domain name\u003e \u003cYour domain name\u003e`. It might be also helpful to trace route of dns from root server to yours.\n\n#### References\n#### [An Introduction to DNS Terminology, Components, and Concepts](https://www.digitalocean.com/community/tutorials/an-introduction-to-dns-terminology-components-and-concepts)\n#### [How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04](https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04)\n\n### Setting up Certbot with Bind\n#### Install certbot\n\n```\nsudo apt install certbot python3-certbot-dns-rfc2136\n```\n\n#### Generate a key to secure the update process\n\n```\nsudo sh -c \"tsig-keygen -a HMAC-SHA512 tsig-key \u003e /etc/bind/tsig.key\"\n```\n\n#### Create ```/etc/bind/named.conf.certbot```\n\n```\nkey \"tsig-key\" {\n        algorithm  \"hmac-sha512\";\n        secret \"private key\";\n};\n\nzone \"_acme-challenge.\u003cYour domain name\u003e\" {\n        type master;\n        file \"/var/lib/bind/db._acme-challenge.\u003cYour domain name\u003e\";\n        check-names warn;\n        update-policy {\n                grant tsig-key name _acme-challenge.\u003cYour domain name\u003e. txt;\n        };\n};\n```\n\nAdd private key and _achme-challenge zone for each domain and Change permission and ownership\n\n```\n$ sudo chown root:bind /etc/bind/named.conf.certbot\n$ sudo chmod 640 /etc/bind/named.conf.certbot\n```\n\n#### Create zone file for each domain in `/var/lib/bind`\n\nExample of ```/var/lib/bind/db._acme-challenge.\u003cYour domain name\u003e```\n```\n$ORIGIN .\n$TTL 43200\t; 12 hours\n_acme-challenge.\u003cYour domain name\u003e\tIN SOA \u003cYour domain name\u003e. admin.\u003cYour domain name\u003e. (\n\t\t\t\t2021010211 ; serial\n\t\t\t\t28800      ; refresh (8 hours)\n\t\t\t\t7200       ; retry (2 hours)\n\t\t\t\t604800     ; expire (1 week)\n\t\t\t\t86400      ; minimum (1 day)\n\t\t\t\t)\n\t\t\tNS\t\u003cYour domain name\u003e.\n$TTL 120\t; 2 minutes\n\t\t\tTXT\t\"\u003cYour server ip address\u003e\"\n```\n\nChange premission and ownership\n\n```\n$ sudo chown root:bind /var/lib/bind/db._acme-challenge.\u003cYour domain name\u003e\n$ sudo chmod 664 /var/lib/bind/db._acme-challenge.\u003cYour domain name\u003e\n```\n\n#### Uncomment `_acme-challenge IN NS \u003cYour domain name\u003e.` in each Zone file `db.\u003cYour domain name\u003e` in `/etc/bind`\n\n#### Add `include \"/etc/bind/named.conf.certbot\";` in `/etc/bind/named.local`\n\n#### Restart bind server \n```\nsudo systemctl restart bind9\n```\n\n#### Testing Dynamic Update\nCheck configs\n```\nsudo named-checkconf\n```\n\nTo add the Entry\n\n```\n$ sudo nsupdate -k /etc/bind/tsig.key\n\u003e server \u003cYour domain name\u003e\n\u003e update add _acme-challenge.\u003cYour domain name\u003e 86400 TXT 192.168.1.1\n\u003e send\n```\n\nTo list the Entry\n\n```\ndig @\u003cYour domain name\u003e _acme-challenge.\u003cYour domain name\u003e txt\n```\nYou will see 192.168.1.1 in entries. If not then that is a problem!\n\nTo delete the Entry\n```\n$ sudo nsupdate -k /etc/bind/Kcertbot.+165+?????\n\u003e server \u003cYour domain name\u003e\n\u003e update delete _acme-challenge.\u003cYour domain name\u003e 86400 TXT 192.168.1.1\n\u003e send\n```\n\n#### Create ```/etc/letsencrypt/dns_rfc2136_credentials.txt```\n\n```\n# Target DNS server\ndns_rfc2136_server = \u003cYour server ip address\u003e\n# Target DNS port\ndns_rfc2136_port = 53\n# TSIG key name\ndns_rfc2136_name = tsig-key\n# TSIG key secret\ndns_rfc2136_secret =\n# TSIG key algorithm\ndns_rfc2136_algorithm = HMAC-SHA512\n```\nAdd private key in secret\n\n#### Generate Certificate\n\n```\nsudo /usr/bin/certbot certonly --dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/dns_rfc2136_credentials.txt -d '\u003cYour domain name\u003e'  -d '*.\u003cYour domain name\u003e'\n```\n\n#### References\n#### [Let's Encrypt Wildcard Certificates with certbot, BIND, apache and exim](https://john.daltons.info/home_server_documentation/lets_encrypt.html#:~:text=When%20asking%20for%20a%20wildcard,accept%20dynamic%20updates%20from%20certbot.\u0026text=%24%20sudo%20dnssec%2Dkeygen%20%2Da,b%20512%20%2Dn%20HOST%20certbot.)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpiyushxcoder%2Fvps_from_scratch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpiyushxcoder%2Fvps_from_scratch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpiyushxcoder%2Fvps_from_scratch/lists"}