HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Confused abaut Primary and Secondary DNS Servers configuration. (http://www.howtoforge.com/forums/showthread.php?t=58602)

cautbur 8th September 2012 23:13

Confused abaut Primary and Secondary DNS Servers configuration.
 
I am confused abaut primary and secondary dns servers configuration. i have read a lot of manuals tutorials abaut how to do it, but i think they do not adapt to my needs.

I set up two servers (like a tell on previous post). I now have configured second server (slave secondary dns server) to run in multiserver mode.

I configure two server entries in my administration panel.

If i mark "Is mirror of Server" on second server configuration i lost the posibility of create new websites into it. If i unmark seems dns replication in secondary dns server dont work.

I want to have two servers, controlled by one control panel in multisite mode I can get it if i not mark "Is a mirror site" in server configuration, i think this is the corret way. Mirror is for redundant purposes (i think) not for two independent server alocating diferent websites. So i have to active other services also like mail, etc in the second server.

I want also have my own nameservers ns1.domain.com ns2.domain.com. So i have created a zone with A record "ns1" pointing to primary server ip, and NS record domain.com pointing to ns1.domain.com. I have the same records for the other server with secondary server ip (A ns1 second ip and domain.com to ns2.domain.com).

Is this correct?, i have to do anything in secondary dns?. What i have to do in order to get the ns1.domains.com zones transfered to ns2.domain.com? without mirror one server into other one (i dont want mirror sites, etc).

I could get zone transfer by hand one by one, but i dont want to do this because i think this is not the way, the way is tranfer all zones froms ns1.domain.com to ns2.domain.com automatically.

Thanks for your responses and your help. I really need help with this.

Wisdown 9th September 2012 01:11

For secondary DNS i`m using:

puck.nether.net.

If i learned right, the secondary server need be in another IP.

The secondary as mirror i think will work as load balance for your internal network, frst requisition will ask ns1.server.com, second will ask ns2.server.com, etc... Not sure if is it.

For the second DNS (puck.nether.net), i just set to allow zone transfer.
On the primary DNS you need add an A record point for your domain to your public IP ns1.yourdomain.com

till 10th September 2012 08:42

Quote:

Mirror is for redundant purposes (i think) not for two independent server alocating diferent websites.
Yes, thats correct.

You can create primary and secondary dns that gets synced automatically like this:

1) Create a new primary zone on the ns1 server, this zone has one ns recod for the ns1 server and a second ns record for the ns2 server plus a A-record for ns1 that points to the ip address of the first server and a A-record for ns2 which points to the IP address of the second server. In the field "Allow zone transfers to
these IPs (comma separated list)" of this zone, add the IP address of the secondary ns server. In the first step, we created the full primary dns record.

2) In this step, wer create the record for the ns2. Go to DNS > Secondary DNS > Secondary zones and click on the add button. Enter the zone name in the zone field (the zone is the same that we created in 1) and in the ns field you add the IP address of the primary dns server (your first server) and click on save. Bind will now transfer the zone data automatically between the servers and will get updates from the primary server automatically.

cautbur 10th September 2012 10:52

Thanks Till and Wisdown
 
Thanks Till and Wisdown.

Till your response is the solution. Thanks, i was trying for hours. Now works perfectly.

So my conclusion is that althought i installed first server as standar mode, setting up second as an expert mode connected to first work fine, and do not have to reinstall first server ispconfig in expert mode.

And second conclusion is your response, "how to setup two dns servers master and slave" could be a good title on how-to forge.

I think if i want, in the future, add a third dns slave server i will only have to do the same with the third server (add an entry to secondary dns of first server and add the zones needed in zones).

Thanks a lot. Best regards Till and Wisdown.

spazio 15th January 2013 23:07

Can't get the slave to sync
 
Hi all,
I followed this howto:
http://www.howtoforge.com/how-to-run...ian-squeeze-p2

And this section post:
2) In this step, wer create the record for the ns2. Go to DNS > Secondary DNS > Secondary zones and click on the add button. Enter the zone name in the zone field (the zone is the same that we created in 1) and in the ns field you add the IP address of the primary dns server (your first server) and click on save. Bind will now transfer the zone data automatically between the servers and will get updates from the primary server automatically.

In ispconfig >DNS>secondary DNS
I have Server: it's the primary or master ( I can't see the secondary)
Client : any
DNS zone: ns2.domain.com
NS : IP of primary server/DNS
Allow: IP of secondary DNS
Active : check

The two server just don't sync...

In the ns2 log I have
Jan 15 16:51:02 dns2 named[28492]: client xx.xx.xx.xx#12282: received notify for zone 'domain.com'

But there is no pri.file in the /etc/bind or /etc/bind/slave
If I query the ns2 IT doesn't answer for the domain.com

How can I know if they sync? Is it in the log somewhere?

I'm just lost here, please any solution idea or trail to look...

Thanks

till 16th January 2013 10:40

Any other lines in the log of the ns2 server? There should be either a success or a failure message after this line. You might also want to check if the bind server can write to /etc/bind/slave

spazio 16th January 2013 15:43

Here is the full log of ns2 from the notify line until the error:

I was able to sync the 2 ns at one time 4 month ago when I set everything up but the SOA mismatch since then so I deleted all the /etc/bind/pri.* file hoping that bind would resync them. AS you can see that came without succes.

As far as I can see there is probably a config error now...

Jan 15 16:51:02 Server named[28492]: client xx.xx.xx.xx#12282: received notify for zone 'domain3.com'
Jan 15 16:51:42 Server named[28492]: client 93.113.174.225#14424: query (cache) 'adobe.com/A/IN' denied
Jan 15 16:52:01 Server CRON[7674]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Jan 15 16:52:11 Server named[28492]: received control channel command 'stop -p'
Jan 15 16:52:11 Server named[28492]: shutting down: flushing changes
Jan 15 16:52:11 Server named[28492]: stopping command channel on 127.0.0.1#953
Jan 15 16:52:11 Server named[28492]: stopping command channel on ::1#953
Jan 15 16:52:11 Server named[28492]: no longer listening on ::#53
Jan 15 16:52:11 Server named[28492]: no longer listening on 127.0.0.1#53
Jan 15 16:52:11 Server named[28492]: no longer listening on 10.0.9.2#53
Jan 15 16:52:11 Server named[28492]: exiting
Jan 15 16:52:35 Server named[7724]: starting BIND 9.8.1-P1 -u bind
Jan 15 16:52:35 Server named[7724]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
Jan 15 16:52:35 Server named[7724]: adjusted limit on open files from 4096 to 1048576
Jan 15 16:52:35 Server named[7724]: found 2 CPUs, using 2 worker threads
Jan 15 16:52:35 Server named[7724]: using up to 4096 sockets
Jan 15 16:52:35 Server named[7724]: loading configuration from '/etc/bind/named.conf'
Jan 15 16:52:35 Server named[7724]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Jan 15 16:52:35 Server named[7724]: using default UDP/IPv4 port range: [1024, 65535]
Jan 15 16:52:35 Server named[7724]: using default UDP/IPv6 port range: [1024, 65535]
Jan 15 16:52:35 Server named[7724]: listening on IPv6 interfaces, port 53
Jan 15 16:52:35 Server named[7724]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 15 16:52:35 Server named[7724]: listening on IPv4 interface eth0, 10.0.9.2#53
Jan 15 16:52:35 Server named[7724]: generating session key for dynamic DNS
Jan 15 16:52:35 Server named[7724]: sizing zone task pool based on 183 zones
Jan 15 16:52:35 Server named[7724]: using built-in root key for view _default
Jan 15 16:52:35 Server named[7724]: set up managed keys zone for view _default, file 'managed-keys.bind'
Jan 15 16:52:35 Server named[7724]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 254.169.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: D.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 8.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 9.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: A.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: B.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: command channel listening on 127.0.0.1#953
Jan 15 16:52:35 Server named[7724]: command channel listening on ::1#953
Jan 15 16:52:35 Server named[7724]: zone 0.in-addr.arpa/IN: loaded serial 1
Jan 15 16:52:35 Server named[7724]: zone 127.in-addr.arpa/IN: loaded serial 1
Jan 15 16:52:35 Server named[7724]: zone 255.in-addr.arpa/IN: loaded serial 1
Jan 15 16:52:35 Server named[7724]: zone domain.com/IN: loading from master file /etc/bind/pri.domain.com failed: file not found
Jan 15 16:52:35 Server named[7724]: zone domain.com/IN: not loaded due to errors.
Jan 15 16:52:35 Server named[7724]: zone domain2.com/IN: loading from master file /etc/bind/pri.domain2.com failed: file not found
Jan 15 16:52:35 Server named[7724]: zone domain2.com/IN: not loaded due to errors.

As for the /etc/bind/slave folder
Here is the dir ls -al
drwxrws--- 2 root bind 4096 Sep 15 12:50 slave

So yes it should have the right to write.

Thanks Till

till 16th January 2013 16:01

How did you configure the sync? ISPConfig has 2 options, the server mirror mode or slave zones.

spazio 17th January 2013 14:54

At first I put miror mode like in the howto. And then after when I saw It didn't work I tried with secondary zone without more succes.

In any case, is there a question of user or password to create to grand acces. How the sync is supposed to occure. By witch mean the sync is done? By ssh,
ftp, port 52 by bind? I just don't understand this process...
There is no connection possible by ssh. I don't have any users created.

A sync log would be a nice to have! Or an option like sync now. I saw there is something in option but I don't know what that thing sync... Not the DNS...

till 17th January 2013 14:59

Quote:

At first I put miror mode like in the howto. And then after when I saw It didn't work I tried with secondary zone without more succes.
Ok. You can not use both together.

The problem is that you deleted the pri.* files manually,as tehy will not be generated again. Instead of deleting them, you could have used the resync tool to force a update. Please remove the secondary dns records that you added as they will cause a conflict in bind so that the dns server must fail.

Quote:

In any case, is there a question of user or password to create to grand acces. How the sync is supposed to occure. By witch mean the sync is done? By ssh,
ftp, port 52 by bind? I just don't understand this process...
There is no connection possible by ssh. I don't have any users created.
The slave server connects to the mysql database on the master server, fetcehs the changes that wer made trough the ispconfig interface and miirors them to the mysql database of the slave and then changes the config files. I described this in several posts here in the forum in the past.

There is a sticky post that describes what to do when your server is not writing changes to disk:

http://www.howtoforge.com/forums/showthread.php?t=58408

Quote:

A sync log would be a nice to have! Or an option like sync now. I saw there is something in option but I don't know what that thing sync... Not the DNS...
That log exists, all you have to do is enable debugging for the slave as explained in the sticky post.


All times are GMT +2. The time now is 00:45.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.