Discussion started by chief, Aug 22, 2021.

  chief

    chief

    Hi all..
    configured multiserver with 7 real machines, had and issue with letsencrypt (thanks for the help in solving), now they are working - but with issues. As last post, used the nightly dev and followed tutorial to configure and link nodes together.
    Have some questions.
    1.Does the nightly build still have the DNSSEC bug? is do i need to do this
    There is currently a bug in ISPConfig that causes DNSSEC signed zones to be signed with different keys if you mirror nameservers. To set up your zones, first create the zone under DNS ->DNS Zones on your first nameserver, and allow transfer + also notify to the IP address of your secondary nameserver. Then add the zone under "Secondary DNS zones" on your second nameserver and allow transfer from the IP of your first nameserver.
    Your secondary nameserver is now set up. If you want to add another nameserver, just repeat the instructions from this step, and adjust the hostname and IP address accordingly. In the next step, we will install the webmail server.
    2. ====EDIT====
    tested on my mobile phone, it shows up, gonna wait another 24 hr hours. check tomorrow = 48hrs
    currently i have created glue records at fasthosts pointing my nameservers - and, i made the changes in the control panel yesturday morning and today have done a whos lookup in terminal and it shows the 2 name servers, but when i ping it shows fasthosts ip -
    PING ( 56(84) bytes of data.
    My dns in ispconfig so far has - see image
    questions are.. i will need to add panel, web01, mx1, mx2, ns1, ns2, webmail to the list. but with the tutorial, it states i have to create a record for the ns1, surely i have to create 1 zone for all? (confused). its been less than 24 hours (in 3 hrs it will be the 24 mark.. 12pm uk time.
    3. in dns the mail record points to ip of main mailserver (, isnt the name wrong? do i need to change mail to mx1 and create mx2
    4. same for www - it points to - - is the name also wrong?

    thats all for now folks.. many thanks
  Taleman

    Taleman

    1. I believe so. To use DNSSEC: do not use mirrroring name servers, instead create secondary zones.
    For the other questions, I tried ping and it looks to me it does ping the intended host, and the name servers and glue redords seem set up OK.
    As for if the names are wong, I can not know that. What IP should they point to? Surely you are the only person to be able to know that. Maybe I am just too tired now and my fuzzy brain does not function.
  chief

    chief

    Turns out my ISP has a very long dns update time. the next day it was all working. I just had to wait.
    now on to the next problem..
    thanks Taleman
