ispconfig 3 based DNS server install

Discussion in 'Installation/Configuration' started by ACDII, Sep 23, 2011.

  1. ACDII

    ACDII Member

    Small snafu I ran into. I need to change the names on the servers, thought I could reuse the existing NS1 and NS2 to build them, but found the point where it does the lookup and well, it doesnt work.

    Can I change the hostname of the main server and rerun the ISPConfig install? Also would I be able to have 2 hostnames in DNS to resolve to the same server once they are up, so I can reuse NS1? Reason being the IP for the current NS1 wont change, I am building the master using a different public IP and will switch to the actual one when we cut it in, it resides behind a firewall and is mapped to the actual internal IP of the server.

    I want to avoid changing NS1 at all if I can, NS2 has to change due to the IP going away, so doesn't matter what I name it.
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Yes, you can do that.

    I suggest you use a new hostname for your DNS server if the IP changes, for example ns3 instead of ns2 (you need to change that in all zones the use this nameserver as well). This is to avoid trouble with caching nameservers that don't get that the IP has changed.
     
  3. ACDII

    ACDII Member

    Thanks, I think I am going to go a different route with the names and use NServ1 & NServ2 instead. Maybe I'll get lucky and finally get these completed today. Been at it for at least a month now trying to get the time to work on them.
     
  4. ACDII

    ACDII Member

    Dangit , still having connection issues, even with properly setup hostnames and DNS. I can ping each other using the hostname, but it still fails to connect from server 2 when setting up the SQL in ISPConfig install.


    Unable to connect to mysql server


    These machines are NATted behind firewalls, and are in different locations, would that have an affect on this? Wondering if the NAT is what is causing the problem.
     
  5. falko

    falko Super Moderator ISPConfig Developer

    Is port 3306 (MySQL) open in your firewall? Do your routers forward port 3306 to your servers? Is MySQL listening on all interfaces?
     
  6. ACDII

    ACDII Member

    I found a work around since I can route internally to each other for now. I put the machines host names with real IP's in the hosts files and got it working. I think what was happening was the real IP was being seen by the master and replying asynchronously. As soon as I made the addition to the hosts files the install on the slave hooked right up.

    It helps that I am also in control of the core routing for our network and all the firewalls. I currently have all ports open on the firewalls for both machines, since that was my first thought that mysql was blocked, but that wasn't the case, pings showed me the problem.

    When I pinged the internal IP it responded with the public IP. Once I put the names in the hosts file, then pings resolved correctly.

    I'm finally at the stage where I can add a zone file through the ISPConfig interface.

    So far so good.
     
  7. ACDII

    ACDII Member

    Almost, but not quite there

    Well I followed the howto for perfect server FC15 with ISPConfig 3, and the DNS howto, and can add a zone, but it appears NAMED is not working.

    # dig @nserv1 yahoo.com

    ; <<>> DiG 9.8.1-RedHat-9.8.1-1.fc15 <<>> @nserv1 yahoo.com
    ; (1 server found)
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached


    ps -ef | grep named
    named 18831 1 0 14:33 ? 00:00:00 /usr/sbin/named -u named

    Now if I use localhost, it works.

    dig @localhost any yahoo.com

    ; <<>> DiG 9.8.1-RedHat-9.8.1-1.fc15 <<>> @localhost any yahoo.com
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16492
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 7, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;yahoo.com. IN ANY

    ;; ANSWER SECTION:
    yahoo.com. 1371 IN MX 1 mta7.am0.yahoodns.net.
    yahoo.com. 1371 IN MX 1 mta5.am0.yahoodns.net.
    yahoo.com. 1371 IN MX 1 mta6.am0.yahoodns.net.
    yahoo.com. 3171 IN A 98.139.180.149
    yahoo.com. 3171 IN A 209.191.122.70
    yahoo.com. 3171 IN A 67.195.160.76
    yahoo.com. 3171 IN A 72.30.2.43
    yahoo.com. 3171 IN A 98.137.149.56
    yahoo.com. 1371 IN SOA ns1.yahoo.com. hostmaster.yahoo-inc.com. 2011092822 3600 300 1814400 600
    yahoo.com. 172371 IN NS ns6.yahoo.com.
    yahoo.com. 172371 IN NS ns1.yahoo.com.
    yahoo.com. 172371 IN NS ns5.yahoo.com.
    yahoo.com. 172371 IN NS ns2.yahoo.com.
    yahoo.com. 172371 IN NS ns3.yahoo.com.
    yahoo.com. 172371 IN NS ns8.yahoo.com.
    yahoo.com. 172371 IN NS ns4.yahoo.com.

    ;; AUTHORITY SECTION:
    yahoo.com. 172371 IN NS ns4.yahoo.com.
    yahoo.com. 172371 IN NS ns3.yahoo.com.
    yahoo.com. 172371 IN NS ns2.yahoo.com.
    yahoo.com. 172371 IN NS ns5.yahoo.com.
    yahoo.com. 172371 IN NS ns1.yahoo.com.
    yahoo.com. 172371 IN NS ns6.yahoo.com.
    yahoo.com. 172371 IN NS ns8.yahoo.com.

    ;; Query time: 0 msec
    ;; SERVER: ::1#53:):1)
    ;; WHEN: Wed Sep 28 14:45:11 2011
    ;; MSG SIZE rcvd: 467
     
  8. falko

    falko Super Moderator ISPConfig Developer

    Is nserv1 the same as localhost?
    What's the output of
    Code:
    netstat -tap
    ?
    Can you post your named.conf?
     
  9. ACDII

    ACDII Member

    Code:
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    
    options {
            listen-on port 53 { 127.0.0.1; };
            listen-on-v6 port 53 { ::1; };
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            allow-query     { localhost; };
            recursion yes;
    
            dnssec-enable yes;
            dnssec-validation yes;
            dnssec-lookaside auto;
    
            /* Path to ISC DLV key */
            bindkeys-file "/etc/named.iscdlv.key";
    
            managed-keys-directory "/var/named/dynamic";
    };
    
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    
    zone "." IN {
            type hint;
            file "named.ca";
    };
    
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    
    include "/etc/named.conf.local";
    
    Something tells me this didnt get configured correctly.

    Code:
    # netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
    tcp        0      0 *:41861                     *:*                         LISTEN      853/rpc.statd
    tcp        0      0 localhost:10024             *:*                         LISTEN      25718/amavisd (mast
    tcp        0      0 localhost:10025             *:*                         LISTEN      20385/master
    tcp        0      0 *:mysql                     *:*                         LISTEN      2704/mysqld
    tcp        0      0 *:sunrpc                    *:*                         LISTEN      821/rpcbind
    tcp        0      0 localhost:domain            *:*                         LISTEN      20776/named
    tcp        0      0 *:ftp                       *:*                         LISTEN      20717/pure-ftpd (SE
    tcp        0      0 *:ssh                       *:*                         LISTEN      966/sshd
    tcp        0      0 localhost:rndc              *:*                         LISTEN      20776/named
    tcp        0      0 *:smtp                      *:*                         LISTEN      20385/master
    tcp        0   1004 nserv1.com:ssh    office.com:62007  ESTABLISHED 6016/sshd: tah [pri
    tcp        0      1 nserv1.com:mysql  nserv2.com:52558  FIN_WAIT1   -
    tcp        0      1 nserv1.com:mysql  nserv2.com:52559  FIN_WAIT1   -
    tcp        0      1 nserv1.com:mysql  nserv2.com:52561  FIN_WAIT1   -
    tcp        0      1 nserv1.com:mysql  nserv2.com:52560  FIN_WAIT1   -
    tcp        0      0 *:https                     *:*                         LISTEN      12244/httpd
    tcp        0      0 *:imaps                     *:*                         LISTEN      20655/couriertcpd
    tcp        0      0 *:pop3s                     *:*                         LISTEN      20667/couriertcpd
    tcp        0      0 *:pop3                      *:*                         LISTEN      20661/couriertcpd
    tcp        0      0 *:imap                      *:*                         LISTEN      20648/couriertcpd
    tcp        0      0 *:44271                     *:*                         LISTEN      853/rpc.statd
    tcp        0      0 *:sunrpc                    *:*                         LISTEN      821/rpcbind
    tcp        0      0 *:webcache                  *:*                         LISTEN      12244/httpd
    tcp        0      0 *:http                      *:*                         LISTEN      12244/httpd
    tcp        0      0 *:tproxy                    *:*                         LISTEN      12244/httpd
    tcp        0      0 localhost:domain            *:*                         LISTEN      20776/named
    tcp        0      0 *:ftp                       *:*                         LISTEN      20717/pure-ftpd (SE
    tcp        0      0 *:ssh                       *:*                         LISTEN      966/sshd
    tcp        0      0 localhost:rndc              *:*                         LISTEN      20776/named
    tcp        0      0 *:smtp                      *:*                         LISTEN      20385/master
    
    Cleaned up of course.
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Your named is listening on localhost only instead of all interfaces. Please comment out the lines
    Code:
    listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    allow-query     { localhost; };
    and restart BIND.
     
  11. ACDII

    ACDII Member

    I had a feeling something wasnt right there. Trying it out now. I need to do this on both servers, correct?
     
  12. ACDII

    ACDII Member

    OOOh New error.

    can't find yahoo.com: Query refused

    Where's that brick wall at.
     
  13. ACDII

    ACDII Member

    I found it, allow-query { localhost; }; changed localhost to any and now it resolves.
     

Share This Page