How To Run Your Own DNS Servers (Primary And Secondary) With ISPConfig 3 (Debian Squeeze)

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Tue, 2011-07-19 17:14. :: BIND | Debian | ISPConfig | Control Panels | DNS

How To Run Your Own DNS Servers (Primary And Secondary) With ISPConfig 3 (Debian Squeeze)

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 07/11/2011

This tutorial shows how you can run your own DNS servers (primary and secondary) with ISPConfig 3. To do this, you need two servers with two different public IP addresses and with ISPConfig 3 installed. I will use Debian Squeeze for both DNS servers here to demonstrate the base system setup process and ISPConfig 3 installation, but once you have ISPConfig 3 installed on your servers, the configuration inside ISPConfig 3 is identical, no matter what distribution you use.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

Our current situation is as follows: we have

  • ISPConfig server #1 (server1.example.com): IP address 1.2.3.4; this one will be our primary name server.
  • ISPConfig server #2 (server2.example.com): IP address 1.2.3.5; this one will be our secondary name server.

server1.example.com will be a full ISPConfig 3 installation. It will be the master ISPConfig 3 server (which runs the ISPConfig control panel interface) and act as an email, web, DNS, and MySQL server (this is the most common setup - one server that has all the services). server2.example.com will be a slave ISPConfig 3 server (no ISPConfig control panel interface) and will act only as the secondary DNS server. Of course, you can split up services between your servers as you like - the tutorial Installing A Multiserver Setup With Dedicated Web, Email, DNS And MySQL Database Servers On Debian 5.0 With ISPConfig 3 should give you the idea.

DNS A records for server1.example.com and server2.example.com must already exist (you can create them through your domain registrar's control panel). We will use server1.example.com and server2.example.com as the name servers for our zones later on; if you prefer something like ns1.example.com and ns2.example.com instead of server1.example.com and server2.example.com, you can use these, but make sure that there are DNS A records for ns1.example.com and ns2.example.com as well (that point to the same IPs as server1.example.com or server2.example.com).

I will show how to create a zone for the domain mydomain.com - this domain must already be registered through a domain registrar. After I have created the mydomain.com zone and verified that both server1.example.com and server2.example.com serve all mydomain.com records correctly, I will show how to make server1.example.com and server2.example.com the authoritative name servers for mydomain.com (see chapter 8).

More details about how to create DNS zones/records can be found in chapters 4.8 and 5.12 of the ISPConfig 3 Manual.

 

2 Setting Up server1.example.com (Primary DNS)

server1.example.com:

Please set up server1.example.com as shown in The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3], but stop before the ISPConfig 3 installation.

To allow the other MySQL instances to connect to the MySQL database on this node during ISPConfig 3 installation, we have to add MySQL root user records in the master database for every slave server hostname and IP address. Log into MySQL:

mysql -u root -p

On the MySQL shell, run the following queries:

CREATE USER 'root'@'1.2.3.5' IDENTIFIED BY 'yourrootsqlpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'1.2.3.5' IDENTIFIED BY 'yourrootsqlpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'server2.example.com' IDENTIFIED BY 'yourrootsqlpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'server2.example.com' IDENTIFIED BY 'yourrootsqlpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

FLUSH PRIVILEGES;

quit;

Make sure you replace 1.2.3.5 with the IP address and server2.example.com with the hostname of your secondary DNS server!

Now we can install ISPConfig 3 on server1.example.com as follows:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

php -q install.php

root@server1:/tmp/ispconfig3_install/install# php -q install.php


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Debian 6.0 (Squeeze/Sid) or compatible

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]:
 <-- ENTER

Installation mode (standard,expert) [standard]: <-- expert

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- ENTER

Adding ISPConfig server record to database.

Configure Mail (y,n) [y]:
 <-- ENTER

Configuring Postfix
Generating a 2048 bit RSA private key
............................................................................................+++
..........................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
 <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd Bytecode: Security mode set to "TrustSigned".
.
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
Stopping Courier IMAP server: imapd.
Starting Courier IMAP server: imapd.
Stopping Courier IMAP-SSL server: imapd-ssl.
Starting Courier IMAP-SSL server: imapd-ssl.
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
Stopping Courier POP3-SSL server: pop3d-ssl.
Starting Courier POP3-SSL server: pop3d-ssl.
Configure Jailkit (y,n) [y]:
 <-- ENTER

Configuring Jailkit
Configure FTP Server (y,n) [y]:
 <-- ENTER

Configuring Pureftpd
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -8 UTF-8 -H -D -b -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -A -B
Configure DNS Server (y,n) [y]:
 <-- ENTER

Configuring BIND

Hint: If this server shall run the ISPConfig interface, select 'y' in the 'Configure Apache Server' option.

Configure Apache Server (y,n) [y]:
 <-- ENTER

Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configure Firewall Server (y,n) [y]:
 <-- ENTER

Configuring Firewall
Install ISPConfig Web Interface (y,n) [y]:
 <-- ENTER

Installing ISPConfig
ISPConfig Port [8080]:
 <-- ENTER

Enable SSL for the ISPConfig web interface (y,n) [y]: <-- ENTER

Generating RSA private key, 4096 bit long modulus
.................................................................................................................++
..................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
 <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
 <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting web server: apache2 ... waiting .
Installation completed.
root@server1:/tmp/ispconfig3_install/install#

If you have chosen to enable SSL for the ISPConfig web interface, you can reach the ISPConfig web interface at https://server1.example.com:8080, otherwise at http://server1.example.com:8080.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Tloader11 (not registered) on Mon, 2012-05-28 09:59.

Hello there,

I followed this tutorial, and tried to set-up my nameservers (ns1.new-internet.org and ns2.new-internet.org) but after i created them and added a record for new-internet.org they didn't worked at all:

 

:~$ dig @ns1.new-internet.org any new-internet.org

; DiG 9.7.1-P2 @ns1.new-internet.org any new-internet.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45793
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;new-internet.org.              IN      ANY

;; Query time: 99 msec
 

 

please, i know, i must post this at the forum, but PLEASE help me out ! All my (20) domain's don't work right now, becouse of this

Submitted by eddie-prefere (registered user) on Wed, 2011-09-21 07:33.

Please tell us what you mean by 2 servers.

Does this work on 1 dedicated server that has no virtualization if you have 2 IP addresses, please?

 

Thanks

Submitted by sree (not registered) on Wed, 2011-07-27 10:41.
This is really informative....thank you...
Submitted by romans (not registered) on Wed, 2011-08-17 11:29.
Great post, thanks for sharing. i am wondering whether a hosting company allow its clients to do such a DNS setting.