Adding DNS service to existing multi-server setup

Discussion in 'Installation/Configuration' started by NdK, Nov 15, 2021.

  1. NdK

    NdK Member


    I'm trying to add bind9 to our two-node ISPConfig3 install.

    Originally, I installed the system without bind9 (just skipped its install from "the perfect server" guide, just like webmail).
    Now, I tried installing it on both nodes, but seems something is still not good.
    On the first node, I had to delete /etc/bind/named.conf.local or ISPC wouldn't overwrite it. But I find no way to have the second server host the same zone as slave.
    I already tried re-running " --force" (already at the latest release on updated Debian10 system), creating /etc/bind/slave/ on the second server (the slave one) and remove named.conf.local on the second server too.
    I also tried deleting and recreating the slave zone but nothing changed.

    Surely I'm missing something. What should I do to make it work as expected?
  2. NdK

    NdK Member

    Uhm... Seems the coffee pause (or just writing the message... Murphy rulez!) helped the server resync.
    Now it seems the slave zone got propagated. Anything else I should check?
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    My signature has link to tutorial for setting up bind9 on ISPconfig. It has instructions for checking it works.
    NdK likes this.
  4. NdK

    NdK Member

    Yup, tks.
    I already found it and it's quite useful, but for installing a new server. For example, doesn't cite you have to delete package-supplied named.conf.local, since IIUC it's the ISPConfig installer that takes care of that step, but I have ISPConfig already installed on those servers and I'm not going to add a dedicated pair for DNS...
    Since I've had to do an undocumented step, I just needed to be sure it's not going to break randomly :)

    Now I "just" have to see if/how split-horizon can be managed from ISPC.
  5. NdK

    NdK Member

    @till seems the template for slave zones should be updated.
    Currently, it contains a line like
    file "/etc/bind/slave/sec.${DOMAIN}"
    but (at least in Debian 11) it should be
    file "/var/cache/bind/sec.${DOMAIN}"
    The problem is that apparmor denies bind user the permission to write to /etc/bind/slave by default, regardless of permissions in the fs.
    Currently I added two lines in /etc/apparmor.d/local/usr.sbin.named :
    /etc/bind/slave/** lrw,
    /etc/bind/slave/ rw,
    But it's just a workaround.
    till likes this.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page