DNS Import Problems

Discussion in 'General' started by pyte, Apr 11, 2022.

  1. pyte

    pyte New Member

    Hey!
    i'm trying to import around 1500 DNS Zonefiles into my new ISPConfig DNS with a PHP Soap Script. The Script seems to work fine.
    It reads the DNS Entries from an MSSQL Server, converts the neccesary entries and import the data to the ISPConfig Server. Here is a part of the Script:

    PHP:
    $zone_params = array(
                    
    'server_id' => 3,
                    
    'origin' => $tmp_domain ".",
                    
    'ns' => "ns1.XXXXXXX.de",
                    
    'mbox' => str_replace("@""."$id['email']) . ".",
                    
    'refresh' => "28800",
                    
    'retry' => "7200",
                    
    'expire' => "604800",
                    
    'minimum' => "86400",
                    
    'ttl' => "86400",
                    
    'xfer' => "",
                    
    'also_notify' => "",
                    
    'update_acl' => "",
                    
    'active' => 'y',
                );
                
    $zone_id $GLOBALS['client']->dns_zone_add($GLOBALS['session_id'], $cr['client_id'], $zone_params);
    However after doing so with a few test zones and checking back with nslookup on the host itself it seems to not work correctly. On the Server under /etc/bind/ the zonefiles are created like "pri.test123.com.err" and not like "pri.test1.com" (which got created manually), and in the file "named.conf.local" the zones are not added at all. Checking these new zones with nslookup results in a "SERVFAIL". The Entries in the ISPConfig Webpanel however are identical to the ones working, so the importing in itself seem to work.

    Any ideas what might be wrong here?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The zones are invalid and therefore saved with .err file ending as BIND rejected them. Only valid zone files get included into named.conf.local. You can test the .err zone files yourself with the named-checkzone command to get a detailed error message.

    In BIND, any fully qualified domain name ends with a dot, e.g. here:

    ns' => "ns1.XXXXXXX.de",

    you missed that dot. It has to be:

    ns' => "ns1.XXXXXXX.de.",

    and probably you missed dots in other records that you added as well. if a dor is missing, then BIND adds the zone name to the record, ns1.XXXXXXX.de becomes ns1.XXXXXXX.de.somedomain.tld.
     
  3. pyte

    pyte New Member

    Till thank you again for the quick response! You were right i missed the "." at the end. But after fixing this i've checked again and the zonefile has errors which is correct. The entries are not getting created within the zonefile, see here:

    Code:
    $TTL        86400
    @       IN      SOA     ns1.XXXXXXX.com. xxx.xxx.com. (
                            0       ; serial, todays date + todays serial #
                            28800              ; refresh, seconds
                            7200              ; retry, seconds
                            604800              ; expire, seconds
                            86400 )            ; minimum, seconds
    ;
    
    But in the Webpanel they are there:
    [​IMG]
    [​IMG]

    Is this a error within my script? Or what am i missing here?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. pyte

    pyte New Member

    Well i've checked back. The log is empty there nothing gets logged while importing. However after checking the script i've tried creating a DNS Zone within the ISPConfig Webpanel, i've created a testzone with "New DNS Zone (SOA)" but it also gets created as .err file.
    The file contains the following:
    Code:
    $TTL        3600
    @       IN      SOA     ns1.XXXXXXXX.com. webmaster.XXXXXXXX.com. (
                            0       ; serial, todays date + todays serial #
                            7200              ; refresh, seconds
                            540              ; retry, seconds
                            604800              ; expire, seconds
                            3600 )            ; minimum, seconds
    ;
    
    I don't understand why this is happening. Any ideas?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Then you did not use debug mode. Reread the article I posted and follow it step by step. Btw. Debug mode is not a log!
     
  7. pyte

    pyte New Member

    Thank you. I've managed to fix a few things with the debug output and i am a step closer to fixing the problem.
    After checking whats going on, i've noticed that the database where i export the Zonedata from does not contain NS values, so i added that section to my script by simply doing this:

    PHP:
        if(strlen($tmp_sub_domain) == 0) {
                        
    //add both NS values
                        
    print("    ==> Add NS Record for domain: {$dom}\n");
                        
    // dns_ns_add
                        
    $dom $tmp_domain ".";
                        
    $params['name'] = $dom;
                        
    $params['type'] = 'ns';
                        
    $params['data'] = 'ns1.xxxxx.com.';
                        
    $GLOBALS['client']->dns_ns_add($GLOBALS['session_id'], $cr['client_id'], $params);
                        
    $params['data'] = 'ns2.xxxxx.com.';
                        
    $GLOBALS['client']->dns_ns_add($GLOBALS['session_id'], $cr['client_id'], $params);
                    }
    It works. There are only 3 domains that have a diffrent NS entry but i will fix this manually afterwards. However, altough the zones and records are visible in ISPConfig the zonefile still gets not written properly. After some digging around i noticed that as soon as i click on any record that is visible in ISPConfig and just hit save, the zonefile gets updatet correctly, ".err" is gone and the zone works correctly.

    So any idea why this happens? The DNS Entries for a zone get created correlty with the script in ispconfig but only after manually going into each record and pressing the save button the records get written to the file.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Post the debug output from adding a zone and also the result that named-checkzone returns for that .err file. And does your script update the serial of the zone when adding a new record?
     
  9. pyte

    pyte New Member

    Here is the Output of adding the zone with the script:

    Code:
    Tue Apr 12 11:51:01 CEST 2022 12.04.2022-11:51 - DEBUG - Writing BIND named.conf.local file: /etc/bind/named.conf.local
    Tue Apr 12 11:51:01 CEST 2022 12.04.2022-11:51 - DEBUG - Processed datalog_id 4126
    Tue Apr 12 11:51:01 CEST 2022 12.04.2022-11:51 - DEBUG - Replicated from master: REPLACE INTO `dns_soa` (`id`,`sys_userid`,`sys_groupid`,`sys_perm_user`,`sys_perm_group`,`sys_perm_other`,`server_id`,`origin`,`ns`,`mbox`,`serial`,`refresh`,`retry`,`expire`,`minimum`,`ttl`,`active`,`xfer`,`also_notify`,`update_acl`,`dnssec_initialized`,`dnssec_wanted`,`dnssec_algo`,`dnssec_last_signed`,`dnssec_info`) VALUES ('53','253','253','riud','riud','','3','xxxxx.com.','ns1.xxxxx.com.','xxxxx.com.','0','28800','7200','604800','86400','86400','Y','','','','N','N','','0','')
    Tue Apr 12 11:51:01 CEST 2022 12.04.2022-11:51 - DEBUG - Calling function 'soa_insert' from plugin 'bind_plugin' raised by event 'dns_soa_insert'.
    Tue Apr 12 11:51:01 CEST 2022 12.04.2022-11:51 - DEBUG - safe_exec cmd: named-checkzone 'xxxxx.com.' '/etc/bind/pri.xxxxx.com' - return code: 1
    Tue Apr 12 11:51:01 CEST 2022 12.04.2022-11:51 - WARNING - Writing BIND domain file failed: /etc/bind/pri.xxxxx.com zone xxxxx.com/IN: has no NS records zone xxxxx.com/IN: not loaded due to errors.
    Tue Apr 12 11:51:01 CEST 2022 12.04.2022-11:51 - WARNING - Reason for Bind restart failure: zone xxxxx.com/IN: has no NS records
    Tue Apr 12 11:51:01 CEST 2022 zone xxxxx.com/IN: not loaded due to errors.
    Tue Apr 12 11:51:01 CEST 2022 12.04.2022-11:51 - DEBUG - Writing BIND named.conf.local file: /etc/bind/named.conf.local
    Tue Apr 12 11:51:01 CEST 2022 12.04.2022-11:51 - DEBUG - Processed datalog_id 4132
    
    As expected named-checkzone reports errors because the zonefile does not contain a NS record. The script does not change the serial. However i don't see the creation of the records in the output, but they are within ISPConfig.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    First, you must increase the serial after a record. Then, something with your API call to add the records must be wrong, otherwise, they would get added to the file. And as they get added when editing and saving them in ISPConfig, this means that the wrong API call got corrected by ISPConfig UI, so you should compare a record before editing it and after editing it to see which data you set wrong in $params array and adjust that to fix the issue. Maybe you e.g. set a wrong server_id for the records?
     
    pyte likes this.
  11. pyte

    pyte New Member

    Till, i really appreciate you. I've check the whole script again and found a line where i've overwritten the correct server_ID as it was used for an older ISPConfig Instance beforhand after chaning $parmas[server_id] which is "3" for the DNS Server in my case, the zone got created successfully.

    So for everyone that may stumble upton this post:
    Make sure to check every paramter that you hand over to the dns_XXX_add function and dump it in a print for debugging. Check twice if these settings are correct, may check by reading out the data of a working one created within ISPConfig.

    @till Thank you so much for the great support you've been doing here over the years. Cheers!
     
    Jesse Norell, till and ahrasis like this.

Share This Page