Backup (DNS and Mail)

Discussion in 'Installation/Configuration' started by PDJ, Sep 16, 2020.

  1. PDJ

    PDJ Member

    Hello,
    I have a question.
    I have 2 ISPConfig3 installs running, both are standalone (and I want to keep that) but I want to use both servers (where ISPConfig is running on) as eachother's backup DNS and mail.
    Is this possible? (I use BIND as DNS server)
    And if so, how should I do this.
    Both servers are installed as standard, not expert.

    Thank you in advance.
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Backup DNS is doable, depends on how you want to set it up. Straight forward but laborius way is to enter same DNS info on both and set them both as name servers for your DNS zones.
    Backup e-mail server is quite complicated, and if you have two separate ISPConfig servers I'm not sure it is reasonable to make them each others backup e-mail. Old discussions about two e-mail server setups are in this forum.
     
  3. PDJ

    PDJ Member

    Thank you very much.
    By hand, yes that's doable, but I was hopeing this could be done automaticly (it's easy to forget to update you "secondary" DNS and proablly you will never notice untill... )
    Actually I think I can make someting for the mail, I'm thinking to "sync" both mysql servers and make a relay domain map in postfix (that doesn't seem to be very dificult)
    However Bind is a litle bit more complecated I think.
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You can create secondary zones, e.g.:
    domain-on-srv1.com with zone one srv1 and secundary zone on srv2
    domain-ons-srv2.com with zone one srv2 and secundary zone on srv1

    For email, I agree with @Taleman. Don't overcomplicate it because that can lead to (more) downtime.
     
  5. PDJ

    PDJ Member

    I made a cronscript that does the job.
    Get the origin's from the SOA list, put it in a different database (so that the other server can be restricted to that database)
    Other server will get it from the different database and put the domain (origin) in the dns_slave database
    The script can be ran on any (ispconfig3) machine.
    One question, how can I command ISPConfig3 to update the DNS/Bind?

    BTW, if anybody is intersted doing the same, I'm happy to share the script
     
    Last edited: Sep 27, 2020
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I do not understand what you mean by that question.
    If you have setup the DNS in ISPConfig Panel, the changes you enter in ISPConfig panel are written to bind settings on that server.
    Do you mean updating bind on the other server? In ISPConfig panel you can enter IP address of secondary name servers, they can then update their data with the usual way with zone transfers. Configure the other server to be secondary server for the zones where you need two name servers.
     
    ahrasis likes this.
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I think it would be better to write a API script in that case, so it is added through a ISPConfig remote user.

    I am not interested in doing the same, but if you want to share, I'm curious what you wrote ;)
     
  8. PDJ

    PDJ Member

    Thank you for the answers.
    I'm not familiar with ISPConfig's API's, so I wrote a script run by cron, it just adds the dns_soa's records from one server to the other's dns_slave records (and visa versa if you run the scripts on both servers)
    The only thing I have to do is after writing in the database (dns_slave table) have ISPConfig to update the DNS server.
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  10. ahrasis

    ahrasis Well-Known Member

    I don't see how two standalone ISPConfig servers may help you to achieve what you want on mail server backup easily.

    But with cluster setup, I think you may, so try reading this tutorial.
    https://www.howtoforge.com/tutorial...e-cluster-on-debian-8.4-with-ispconfig-3/amp/

    Edited: About dns backup as secondary server, what @Taleman said is clear enough, I think. The mirroring of master and slave in the above cluster setup (which is also part of a multi server setup) should take care of primary and secondary dns server as well.
     
    Last edited: Sep 27, 2020
  11. PDJ

    PDJ Member

    I don't want to sync users with both servers, no websites, they must not be connected, the only thing they should do is being each others backup.
    For DNS I can use the scripts I made, for mail, I can easily do the same and make relay maps, with postfix I can get this information out of each others database, same as I did with DNS.
    What do a cluster share with each other? Can I do the same with a cluster, or are all the user info etc. also be shared over 2 servers?
     
  12. PDJ

    PDJ Member

    PHP:
    <?php
    /*
    Copyright (c) 2020 B. Wubben

    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:

    The above copyright notice and this permission notice shall be included in all
    copies or substantial portions of the Software.

    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
    SOFTWARE.

    Script for updating the Slave DNS zone records (create and remove)
    requirments: other sever mysql is accessable



    */
    // Config the Secondary DNS servers here where
    // array (ServerID (does not have to be the ispconfig ID, but must be unique),IP,Database,MysqlUser,MysqlPass)
    $secondaryservers=array(array(1,'IP','DNS','User','Password'));

    include (
    "/usr/local/ispconfig/server/lib/mysql_clientdb.conf");
    $SecDNSIP=array();
    $errorServer=array();
    $dnslist=array();
    $cnt=0;

    foreach (
    $secondaryservers as $secondaryserver) {
      
    // Connect to the database
      
    try {
        
    $db = new \PDO('mysql:dbname='.$secondaryserver[2].';host='.$secondaryserver[1], $secondaryserver[3], $secondaryserver[4],array(
            
    PDO::ATTR_TIMEOUT => 5// in seconds
            
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
        
    ));
      } catch (
    PDOException $e) {
        echo (
    'MYSQL connect error on '.$secondaryserver[1].' error: '.$e.' \r\n');
        
    $errorServer[]=$secondaryserver[1];
        continue;
      }
      
    // Get the DNS list from the other server
      
    $mr $db->prepare("SELECT origin FROM dns_slave WHERE active = 'Y'");
      
    $mr->execute();
      
    $dns $mr->fetchall();
      foreach (
    $dns as $d) {
        
    $origin $d["origin"];
        if (!
    array_key_exists($origin,$SecDNSIP)) {
            
    $dnslist[] = $origin;
        
    $SecDNSIP += array($origin=>$secondaryserver[1]);
       }
      }
      
    $db=null;
    }
    if (
    count($dnslist) == 0) {
      
    // got nothing
      
    exit;
    }


    // All DNSlist are received, now update the slave list
    // Get the local dns_slave and dns_soa list

    try {
      
    $db = new \PDO('mysql:dbname=dbispconfig;host='.$clientdb_host$clientdb_user$clientdb_password);
    } catch (
    PDOException $e) {
      echo (
    'MYSQL connect error: '.$e.'\n');
    }

    // Get the slave_dns list
    $zonelist array_keys$SecDNSIP);
    $query "SELECT origin FROM dns_slave WHERE active = 'Y'";
    $mr $db->prepare($query);
    $mr->execute();
    $secdlu $mr->fetchall();
    $secdnslist = array();
    foreach (
    $secdlu as $d) {
      
    $secdnslist[] = $d["origin"];
    }
    // Get the dns_soa list (master)
    $query "SELECT origin FROM dns_soa WHERE active = 'Y'";
    $mr $db->prepare($query);
    $mr->execute();
    $soadlu $mr->fetchall();
    $soadnslist = array();
    foreach (
    $soadlu as $d) {
      
    $soadnslist[] = $d["origin"];
    }

    // Check if every domain is not in the dns_slave and soa list
    foreach ($zonelist as $zone) {
      if (!
    in_array($zone,$secdnslist)) {
        
    // Check if it's not a primary domain
        
    if (!in_array($zone,$soadnslist)) {
          
    // add the dns to the dns_slave
          
    echo "Add $zone , DNS {$SecDNSIP[$zone]} to slave list  \r\n";
          
    $query "INSERT INTO dns_slave (sys_userid,sys_groupid,sys_perm_user,sys_perm_group,origin,ns,active,xfer) VALUES (1,0,'riud','riud',:DNS,:NS,'Y',:XFER)";
          
    $mr $db->prepare($query);
          
    $mr->execute(['DNS'=>$zone,'NS'=>$SecDNSIP[$zone],'XFER'=>$SecDNSIP[$zone]]);
        } else {
          echo 
    "WARNING: conflicting domain $zone on DNS {$SecDNSIP[$zone]}  \r\n";
        }
      }
    }
    // Now check if there are domains in dns_slave that are not in the zone_list, only when we have successfull retreived the list from the server

    $errorserverlist implode(",",$errorServer);
    foreach (
    $secdnslist as $secdns) {
      if (!
    in_array($secdns,$zonelist)) {
          if (
    count($errorServer) > 0) {
            echo (
    "$secdns not in list, delete it when the DNS is not in $errorserverlist \r\n");
            
    $query "DELETE FROM dns_slave WHERE origin = :ORIGIN AND ns NOT IN :ERRORSERVER";
            
    $mr $db->prepare($query);
            
    $mr->execute(['ORIGIN'=>$secdns,'ERRORSERVER'=>$errorserverlist]);
          } else {
            echo (
    "$secdns not in list, delete it \r\n");
            
    $query "DELETE FROM dns_slave WHERE origin = :ORIGIN";
            
    $mr $db->prepare($query);
            
    $mr->execute(['ORIGIN'=>$secdns]);
          }
       }
    }
    // Now check if we need to update the local DNS list
    // add
    $query "SELECT origin,xfer FROM dbispconfig.dns_soa WHERE active = 'Y' AND origin NOT IN (SELECT origin FROM DNS.dns_slave)";
    $mr $db->prepare($query);
    $mr->execute();
    $DNS_dns_slave $mr->fetchall();
    foreach (
    $DNS_dns_slave as $DNS) {
      echo (
    "ADD {$DNS["origin"]} to DNS IP {$DNS["xfer"]} \r\n");
      
    $query "INSERT INTO DNS.dns_slave (sys_userid,sys_groupid,sys_perm_user,sys_perm_group,origin,ns,active,xfer) VALUES (1,0,'riud','riud',:ORIGIN,:NS,'Y',:XFER)";
      
    $mr $db->prepare($query);
      
    $mr->execute(['ORIGIN'=>$DNS["origin"],'NS'=>$DNS["xfer"],'XFER'=>$DNS["xfer"]]);
    }
    // delete
    $query "DELETE FROM DNS.dns_slave WHERE origin not in (SELECT origin FROM dbispconfig.dns_soa)";
    $mr $db->prepare($query);
    $mr->execute();

    echo (
    "DNS UPDATE DONE \r\n");
    ?>
     
    Last edited: Sep 27, 2020
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    As @Th0m mentioned, use the remote API instead of writing to the ISPConfig database directly. He posted a link in #9 to some examples.
     
  14. ahrasis

    ahrasis Well-Known Member

    If that is your preference, after considering the multi server setup with clustering ability of ISPConfig, then it is fine.

    Clustering is just another form of backup, which if one server is down, the other services will still work (except for ISPConfig Web Panel, which you still need to restore).

    What the tutorial I mentioned is about?
     
  15. PDJ

    PDJ Member

    I'm going to read the documentation and see if I can rewrite the code as an API, if it is re-written as API, should I share it again?
    I know ISPConfig can cluster, but that's not what I'm looking for, It should be 2 independent ISPConfig's but I need for both servers a DNS backup and preferred also mail backup.
     
  16. PDJ

    PDJ Member

    Thanks for pointing to the API, I have looked through it, luckily DNS salve has been added, however the only API commands are list and delete, there is no add command.
     
  17. PDJ

    PDJ Member

    I went through the code and found out the add command is there, however it's not in the documentation it's called dns_slave_add
     
  18. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Not all functions are documented, feel free to add a example for it and create a MR to include it.
     
  19. ahrasis

    ahrasis Well-Known Member

    No problem and no offense at all.

    Although I personally think that you are trying to reinvent the wheel since your purpose is "for the servers to backup each other", I won't advocate against it as you might have personal reasons for doing it this way.

    I am following this to know how it ends as I have no doubt this could also work.

    Good luck.
     
  20. PDJ

    PDJ Member

    No offense taken.
    How could I expain? Both ISPConfigs have different customers I do not want to share, you could compare it with two different companies, you don't want to share your customers with each other.
    Actually I want to have them independent, but having only 1 DNS server and only 1 Mail server is not a good idea, so that's why I want to have a backup.
    I'm new to ISPConfig, you probally know, otherwise I would have used the API in the first place, but I haven't seen this function in ISPConfig other then share all accounts over 2 or more servers, I'm I right?
     

Share This Page