Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 8th September 2012, 23:13
cautbur cautbur is offline
Junior Member
 
Join Date: May 2012
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Confused abaut Primary and Secondary DNS Servers configuration.

I am confused abaut primary and secondary dns servers configuration. i have read a lot of manuals tutorials abaut how to do it, but i think they do not adapt to my needs.

I set up two servers (like a tell on previous post). I now have configured second server (slave secondary dns server) to run in multiserver mode.

I configure two server entries in my administration panel.

If i mark "Is mirror of Server" on second server configuration i lost the posibility of create new websites into it. If i unmark seems dns replication in secondary dns server dont work.

I want to have two servers, controlled by one control panel in multisite mode I can get it if i not mark "Is a mirror site" in server configuration, i think this is the corret way. Mirror is for redundant purposes (i think) not for two independent server alocating diferent websites. So i have to active other services also like mail, etc in the second server.

I want also have my own nameservers ns1.domain.com ns2.domain.com. So i have created a zone with A record "ns1" pointing to primary server ip, and NS record domain.com pointing to ns1.domain.com. I have the same records for the other server with secondary server ip (A ns1 second ip and domain.com to ns2.domain.com).

Is this correct?, i have to do anything in secondary dns?. What i have to do in order to get the ns1.domains.com zones transfered to ns2.domain.com? without mirror one server into other one (i dont want mirror sites, etc).

I could get zone transfer by hand one by one, but i dont want to do this because i think this is not the way, the way is tranfer all zones froms ns1.domain.com to ns2.domain.com automatically.

Thanks for your responses and your help. I really need help with this.
Reply With Quote
Sponsored Links
  #2  
Old 9th September 2012, 01:11
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default

For secondary DNS i`m using:

puck.nether.net.

If i learned right, the secondary server need be in another IP.

The secondary as mirror i think will work as load balance for your internal network, frst requisition will ask ns1.server.com, second will ask ns2.server.com, etc... Not sure if is it.

For the second DNS (puck.nether.net), i just set to allow zone transfer.
On the primary DNS you need add an A record point for your domain to your public IP ns1.yourdomain.com

Last edited by Wisdown; 9th September 2012 at 02:15.
Reply With Quote
  #3  
Old 10th September 2012, 08:42
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,340
Thanks: 810
Thanked 5,171 Times in 4,055 Posts
Default

Quote:
Mirror is for redundant purposes (i think) not for two independent server alocating diferent websites.
Yes, thats correct.

You can create primary and secondary dns that gets synced automatically like this:

1) Create a new primary zone on the ns1 server, this zone has one ns recod for the ns1 server and a second ns record for the ns2 server plus a A-record for ns1 that points to the ip address of the first server and a A-record for ns2 which points to the IP address of the second server. In the field "Allow zone transfers to
these IPs (comma separated list)" of this zone, add the IP address of the secondary ns server. In the first step, we created the full primary dns record.

2) In this step, wer create the record for the ns2. Go to DNS > Secondary DNS > Secondary zones and click on the add button. Enter the zone name in the zone field (the zone is the same that we created in 1) and in the ns field you add the IP address of the primary dns server (your first server) and click on save. Bind will now transfer the zone data automatically between the servers and will get updates from the primary server automatically.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 10th September 2012, 10:52
cautbur cautbur is offline
Junior Member
 
Join Date: May 2012
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Thanks Till and Wisdown

Thanks Till and Wisdown.

Till your response is the solution. Thanks, i was trying for hours. Now works perfectly.

So my conclusion is that althought i installed first server as standar mode, setting up second as an expert mode connected to first work fine, and do not have to reinstall first server ispconfig in expert mode.

And second conclusion is your response, "how to setup two dns servers master and slave" could be a good title on how-to forge.

I think if i want, in the future, add a third dns slave server i will only have to do the same with the third server (add an entry to secondary dns of first server and add the zones needed in zones).

Thanks a lot. Best regards Till and Wisdown.

Last edited by cautbur; 10th September 2012 at 11:12.
Reply With Quote
  #5  
Old 15th January 2013, 23:07
spazio spazio is offline
Member
 
Join Date: Apr 2007
Posts: 37
Thanks: 1
Thanked 2 Times in 2 Posts
Default Can't get the slave to sync

Hi all,
I followed this howto:
http://www.howtoforge.com/how-to-run...ian-squeeze-p2

And this section post:
2) In this step, wer create the record for the ns2. Go to DNS > Secondary DNS > Secondary zones and click on the add button. Enter the zone name in the zone field (the zone is the same that we created in 1) and in the ns field you add the IP address of the primary dns server (your first server) and click on save. Bind will now transfer the zone data automatically between the servers and will get updates from the primary server automatically.

In ispconfig >DNS>secondary DNS
I have Server: it's the primary or master ( I can't see the secondary)
Client : any
DNS zone: ns2.domain.com
NS : IP of primary server/DNS
Allow: IP of secondary DNS
Active : check

The two server just don't sync...

In the ns2 log I have
Jan 15 16:51:02 dns2 named[28492]: client xx.xx.xx.xx#12282: received notify for zone 'domain.com'

But there is no pri.file in the /etc/bind or /etc/bind/slave
If I query the ns2 IT doesn't answer for the domain.com

How can I know if they sync? Is it in the log somewhere?

I'm just lost here, please any solution idea or trail to look...

Thanks
Reply With Quote
  #6  
Old 16th January 2013, 10:40
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,340
Thanks: 810
Thanked 5,171 Times in 4,055 Posts
Default

Any other lines in the log of the ns2 server? There should be either a success or a failure message after this line. You might also want to check if the bind server can write to /etc/bind/slave
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 16th January 2013, 15:43
spazio spazio is offline
Member
 
Join Date: Apr 2007
Posts: 37
Thanks: 1
Thanked 2 Times in 2 Posts
Default

Here is the full log of ns2 from the notify line until the error:

I was able to sync the 2 ns at one time 4 month ago when I set everything up but the SOA mismatch since then so I deleted all the /etc/bind/pri.* file hoping that bind would resync them. AS you can see that came without succes.

As far as I can see there is probably a config error now...

Jan 15 16:51:02 Server named[28492]: client xx.xx.xx.xx#12282: received notify for zone 'domain3.com'
Jan 15 16:51:42 Server named[28492]: client 93.113.174.225#14424: query (cache) 'adobe.com/A/IN' denied
Jan 15 16:52:01 Server CRON[7674]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Jan 15 16:52:11 Server named[28492]: received control channel command 'stop -p'
Jan 15 16:52:11 Server named[28492]: shutting down: flushing changes
Jan 15 16:52:11 Server named[28492]: stopping command channel on 127.0.0.1#953
Jan 15 16:52:11 Server named[28492]: stopping command channel on ::1#953
Jan 15 16:52:11 Server named[28492]: no longer listening on ::#53
Jan 15 16:52:11 Server named[28492]: no longer listening on 127.0.0.1#53
Jan 15 16:52:11 Server named[28492]: no longer listening on 10.0.9.2#53
Jan 15 16:52:11 Server named[28492]: exiting
Jan 15 16:52:35 Server named[7724]: starting BIND 9.8.1-P1 -u bind
Jan 15 16:52:35 Server named[7724]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
Jan 15 16:52:35 Server named[7724]: adjusted limit on open files from 4096 to 1048576
Jan 15 16:52:35 Server named[7724]: found 2 CPUs, using 2 worker threads
Jan 15 16:52:35 Server named[7724]: using up to 4096 sockets
Jan 15 16:52:35 Server named[7724]: loading configuration from '/etc/bind/named.conf'
Jan 15 16:52:35 Server named[7724]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Jan 15 16:52:35 Server named[7724]: using default UDP/IPv4 port range: [1024, 65535]
Jan 15 16:52:35 Server named[7724]: using default UDP/IPv6 port range: [1024, 65535]
Jan 15 16:52:35 Server named[7724]: listening on IPv6 interfaces, port 53
Jan 15 16:52:35 Server named[7724]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 15 16:52:35 Server named[7724]: listening on IPv4 interface eth0, 10.0.9.2#53
Jan 15 16:52:35 Server named[7724]: generating session key for dynamic DNS
Jan 15 16:52:35 Server named[7724]: sizing zone task pool based on 183 zones
Jan 15 16:52:35 Server named[7724]: using built-in root key for view _default
Jan 15 16:52:35 Server named[7724]: set up managed keys zone for view _default, file 'managed-keys.bind'
Jan 15 16:52:35 Server named[7724]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 254.169.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: D.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 8.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 9.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: A.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: B.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: command channel listening on 127.0.0.1#953
Jan 15 16:52:35 Server named[7724]: command channel listening on ::1#953
Jan 15 16:52:35 Server named[7724]: zone 0.in-addr.arpa/IN: loaded serial 1
Jan 15 16:52:35 Server named[7724]: zone 127.in-addr.arpa/IN: loaded serial 1
Jan 15 16:52:35 Server named[7724]: zone 255.in-addr.arpa/IN: loaded serial 1
Jan 15 16:52:35 Server named[7724]: zone domain.com/IN: loading from master file /etc/bind/pri.domain.com failed: file not found
Jan 15 16:52:35 Server named[7724]: zone domain.com/IN: not loaded due to errors.
Jan 15 16:52:35 Server named[7724]: zone domain2.com/IN: loading from master file /etc/bind/pri.domain2.com failed: file not found
Jan 15 16:52:35 Server named[7724]: zone domain2.com/IN: not loaded due to errors.

As for the /etc/bind/slave folder
Here is the dir ls -al
drwxrws--- 2 root bind 4096 Sep 15 12:50 slave

So yes it should have the right to write.

Thanks Till
Reply With Quote
  #8  
Old 16th January 2013, 16:01
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,340
Thanks: 810
Thanked 5,171 Times in 4,055 Posts
Default

How did you configure the sync? ISPConfig has 2 options, the server mirror mode or slave zones.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 17th January 2013, 14:54
spazio spazio is offline
Member
 
Join Date: Apr 2007
Posts: 37
Thanks: 1
Thanked 2 Times in 2 Posts
Default

At first I put miror mode like in the howto. And then after when I saw It didn't work I tried with secondary zone without more succes.

In any case, is there a question of user or password to create to grand acces. How the sync is supposed to occure. By witch mean the sync is done? By ssh,
ftp, port 52 by bind? I just don't understand this process...
There is no connection possible by ssh. I don't have any users created.

A sync log would be a nice to have! Or an option like sync now. I saw there is something in option but I don't know what that thing sync... Not the DNS...
Reply With Quote
  #10  
Old 17th January 2013, 14:59
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,340
Thanks: 810
Thanked 5,171 Times in 4,055 Posts
 
Default

Quote:
At first I put miror mode like in the howto. And then after when I saw It didn't work I tried with secondary zone without more succes.
Ok. You can not use both together.

The problem is that you deleted the pri.* files manually,as tehy will not be generated again. Instead of deleting them, you could have used the resync tool to force a update. Please remove the secondary dns records that you added as they will cause a conflict in bind so that the dns server must fail.

Quote:
In any case, is there a question of user or password to create to grand acces. How the sync is supposed to occure. By witch mean the sync is done? By ssh,
ftp, port 52 by bind? I just don't understand this process...
There is no connection possible by ssh. I don't have any users created.
The slave server connects to the mysql database on the master server, fetcehs the changes that wer made trough the ispconfig interface and miirors them to the mysql database of the slave and then changes the config files. I described this in several posts here in the forum in the past.

There is a sticky post that describes what to do when your server is not writing changes to disk:

http://www.howtoforge.com/forums/showthread.php?t=58408

Quote:
A sync log would be a nice to have! Or an option like sync now. I saw there is something in option but I don't know what that thing sync... Not the DNS...
That log exists, all you have to do is enable debugging for the slave as explained in the sticky post.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
AbannyvabVask (13th December 2013)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
System State - How To Run Your Own DNS Servers (Primary And Secondary) mattltm HOWTO-Related Questions 2 22nd July 2011 21:03
All my mail is going to /var/mail/vmail _sluimers_ Installation/Configuration 21 10th January 2011 13:21
Help:two isp3 servers primary and secondary dns u4david Installation/Configuration 6 17th June 2010 20:53
Unable send receive emails vassilis3 Installation/Configuration 15 19th May 2007 14:34
No SPF record. beryl Installation/Configuration 6 17th May 2007 19:52


All times are GMT +2. The time now is 05:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.