#1  
Old 13th July 2010, 12:49
dcy dcy is offline
Junior Member
 
Join Date: Jul 2010
Posts: 24
Thanks: 0
Thanked 2 Times in 2 Posts
Default Slave DNS functionality

- adds DNS slave functionality
- requires either Bind or PowerDNS as the name server

Code is now in the svn.

A new MySql table is created (dns_slave) and 2 tables (client, client_template) have one new column (limit_dns_slave_zone) each.

Bind needs a small change also - a new subdirectory named "slave" is created under $conf['bind']['bind_zonefiles_dir']. A chown to $conf['bind']['bind_user']:$conf['bind']['bind_group'] is done and a chmod to 770 on the same directory. The rationale for that is simply that the default permissions on /etc/bind prohibit the 'bind' user to write into it.

The PowerDNS plugin has also been changed to accomodate the secondary zone functionality. As with the bind plugin it also relies on the new table and the added columns. The PowerDNS database had it's MySQL engine changed from MyISAM to InnoDB (http://doc.powerdns.com/generic-mypgsql-backends.html - MyISAM with slave functionality can cause DB corruption). This change is also performed seamlessly when upgrading (and is created as InnoDB with new installations).

If MyDNS is installed no secondary zone functionality is available (although the UI displays the new items). All other functionality is retained and works properly.

Crosschecks have been added - you are unable to add a secondary zone if a primary zone with the same name already exists and vice versa - you can't add a primary zone if a secondary zone already exists with the same name. The crosschecks will allow you to add a secondary zone even if there's is a primary zone with the same name known to the server, as long as it's not hosted on the same server (and vice versa).

The code has been tested and I have found no bugs.

The installation routine has now been altered to allow for a seamless upgrade to slave dns functionality. The upgrade scenario has been tested and works correctly. A fresh install scenario has also been tested and works correctly.

Ideally, another change would need to be performed:
In /interface/web/dns/lib/module.conf.php it would be ideal to add a check whether the bind_dns or powerdns plugin is loaded and only display the following nav item in case they are.
Quote:
$items[] = array( 'title' => "Secondary Zones",
'target' => 'content',
'link' => 'dns/dns_slave_list.php',
'html_id' => 'dns_slave_list');

$module["nav"][] = array( 'title' => 'Secondary DNS',
'open' => 1,
'items' => $items);

unset($items);
I would appreciate a hint how to check for the presence of the loaded plugin in module.conf.php.

With PowerDNS there is also a small catch 22. Due to the fact that I'm unable to find out where PowerDNS is installed in the operating system (without running a resource intense search each time we're writing the configuration (specifically the allow-axfr-ips parameter is written into the file)), it is assumed that your local PowerDNS configuration is stored in /etc/powerdns/pdns.d/ - should this not be the case, a symlink would need to be placed so that /etc/powerdns/pdns.d/ points to the correct path on your system. Typically however, PowerDNS keeps it's configuration files in /etc/powerdns (and by default includes all files from /etc/powerdns/pdns.d/).

Sincerely,
Damir Cifer.

Last edited by dcy; 17th July 2010 at 16:48. Reason: Redundant information :)
Reply With Quote
The Following User Says Thank You to dcy For This Useful Post:
falko (14th July 2010)
Sponsored Links
  #2  
Old 13th July 2010, 16:02
dcy dcy is offline
Junior Member
 
Join Date: Jul 2010
Posts: 24
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Well replying to myself ...

Updated the code now so it also support DNS slave functionality if powerdns is used as the DNS server.

D.

Last edited by dcy; 17th July 2010 at 16:36.
Reply With Quote
  #3  
Old 17th July 2010, 16:37
dcy dcy is offline
Junior Member
 
Join Date: Jul 2010
Posts: 24
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Commited as svn rev. 1900

In case I've missed a bug - don't hesitate to PM me

D.
Reply With Quote
  #4  
Old 2nd September 2010, 15:20
Nicram Nicram is offline
Member
 
Join Date: Mar 2010
Location: PL
Posts: 59
Thanks: 21
Thanked 9 Times in 7 Posts
Send a message via ICQ to Nicram Send a message via AIM to Nicram Send a message via Yahoo to Nicram Send a message via Skype™ to Nicram
Default

It would be super to have some solution, that adds automatic slave support on the mashines wuthout IPSConfig.

I mean i got computers without ISPC running bind, and it would be greate to use them as secondary DNS, with automatically added zones from master DNS running under ISPC. But i;m not sure if it;s possible (ispc then had to somehow tell the secondary dns mashines, that they got new zones to add right after adding them on master server).
Reply With Quote
  #5  
Old 2nd September 2010, 16:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,488
Thanks: 813
Thanked 5,259 Times in 4,123 Posts
Default

Quote:
But i;m not sure if it;s possible (ispc then had to somehow tell the secondary dns mashines, that they got new zones to add right after adding them on master server).
How should that work if you do not install ispconfig on that server? If ispconfig sends a command and there is nothin on the other end to recive that command, how shall the secondary then do something. Or in otherw ords, just install ispconfig on the secondary server and the records will get mirrored automatically.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 2nd September 2010, 18:22
Nicram Nicram is offline
Member
 
Join Date: Mar 2010
Location: PL
Posts: 59
Thanks: 21
Thanked 9 Times in 7 Posts
Send a message via ICQ to Nicram Send a message via AIM to Nicram Send a message via Yahoo to Nicram Send a message via Skype™ to Nicram
Default

Quote:
Originally Posted by till View Post
How should that work if you do not install ispconfig on that server? If ispconfig sends a command and there is nothin on the other end to recive that command, how shall the secondary then do something. Or in otherw ords, just install ispconfig on the secondary server and the records will get mirrored automatically.
This is good question. Well some cron job, script, that is checking and connecting "from" the secondary server could be some way. But it had to somehow know how to ask the ispconfig for such info, get them, and save as slaves inside bind.

Another solution may be some script inside ispconfig, that for example, use ftp or ssh to connect and upload zone files on the secondary dns. Then cron job is checking, if the file is added, then use it as config to input data into slave zones.

Or maybe some simple daemon that listen on some port, but it;s more advanced thing that just a script.

You know, installing ispconfig isn't good solution for secondary dns server for many reasons:
- it need database, web server and php running (i got dns server that works only as dns servers and no other services i run there because of security and time to handle everything)
- it supports only some linux variants (not all of them, but it is not ispconfig fault, i think it;s linux fault - that it has no unified standards for accesing config files, using libs, and using same kenrel versions etc. etc.)
- it do not support many other OS's that sometimes used only for that (for example i use OpenBSD for routers and DNS servers, and i would have to learn and hack ispconfig to make it work well on that <where bind, apache, and maany other services there run in chroot enviroment, that works different than linux chroot of reebsd jail>, and my programming skills are close to null and ofcourse changing OS is not the way to go, Linux will be never as good and have same good quality like OpenBSD, and i think i don;t have to say about security )
- more services like www or database means more memory and cpu power needed, while some simple DNS server, working as secondary DNS for not too many domains may work n CF card as HDD with 32MB RAM

Too bad i'm not coder, but i will aks some riends, maybe they will help, because it is really needed i think, many ppl ask for such things here on forum.
Reply With Quote
  #7  
Old 3rd September 2010, 03:36
matty matty is offline
Member
 
Join Date: Apr 2010
Location: Australia
Posts: 85
Thanks: 2
Thanked 12 Times in 11 Posts
Default

Quote:
Originally Posted by Nicram View Post
This is good question. Well some cron job, script, that is checking and connecting "from" the secondary server could be some way. But it had to somehow know how to ask the ispconfig for such info, get them, and save as slaves inside bind.
The script is the easy bit. Here's one I posted the other day to add zones to a secondary BIND server.
http://www.howtoforge.com/forums/sho...15&postcount=4

What would be useful, instead of building functionality directly into ISPC3, how about a couple of places where we can call our own scripts so that we can use our own addon customisations? That would extend some functionality out into the community supported arena and let the devs get on with core functionality.
Reply With Quote
  #8  
Old 3rd September 2010, 09:40
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,488
Thanks: 813
Thanked 5,259 Times in 4,123 Posts
 
Default

Quote:
What would be useful, instead of building functionality directly into ISPC3, how about a couple of places where we can call our own scripts so that we can use our own addon customisations? That would extend some functionality out into the community supported arena and let the devs get on with core functionality.
You should never modify the ispconfig core!

ISPConfig is event based and uses plugins and loadable modules. So you can add all kinds of scripts easily in ISPConfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Proxy Caching on Linux obzerver Installation/Configuration 4 13th August 2008 19:51
Google Apps dayjahone General 19 29th March 2008 17:25
DNS Configuration Problems VMartins Installation/Configuration 10 24th July 2007 14:40
Unable send receive emails vassilis3 Installation/Configuration 15 19th May 2007 14:34
Pri & Slave DNS HOWTO (FC4) ppettigrew Suggest HOWTO 0 1st April 2006 15:35


All times are GMT +2. The time now is 00:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.