ISPConfig slave as backup MX and NS2

Discussion in 'General' started by Th0m, Jan 8, 2020.

  1. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Better setup the 2nd server as a normal (mirror) mail-server and let dovecot do the replication.
     
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  4. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    the tutorial should but i did not test it with newer version so you have to adjust some commands.
    set the 2nd dns as a mirror of dns1 - ispconfig takes of the rest (beside dnssec - afaik you can't use it on mirrors).
     
    Th0m likes this.
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I don't want to configure it as a full mirror because DNSSEC wouldn't work. I can use DNSSEC if i set it up like this: https://www.howtoforge.com/communit...-to-switch-secondary-dns-to-standalone.83529/
    But would the failover MX still be working if the second server is no mirror?
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    So i've been thinking and I thought maybe this was possible:
    - 2nd server as ISPConfig slave (no mirror)
    - Install MySQL replication as described in: https://www.howtoforge.com/tutorial...abase-cluster-on-debian-8.4-with-ispconfig-3/
    - Using postfix backup MX as described in: https://blog.schaal-24.de/ispconfig/backup-mx-mit-mysql-und-ispconfig/?lang=en
    - Using NS2 as described in: https://www.howtoforge.com/communit...-to-switch-secondary-dns-to-standalone.83529/

    It just seems kind of messy to me. Someone who has a better idea for this?
     
  7. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    you dont need mysql-replication for a 2nd mail-server. just set the 2nd server as a mirror of server 1 and let dovecot do the replication.
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    But if I set the 2nd server as mirror, DNSSEC will not be working. Also, isn't the MySQL replication needed to verify the existence of the mailboxes?
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    If i setup the master-master replication, it would be able to get the recipients out of the ispconfig db replication on server2 when server1 is down and mails go to server2, right? And then I will use dsync to sync the mailboxes. Or is there a way to do this without the replication (and server2 not being a mirror)?
     
  10. nhybgtvfr

    nhybgtvfr Active Member

    without replication, I guess you could just add install the server as just another ispconfig mailserver and dns server, no mirroring.
    then edit the MySQL-virtual-*.cf files to point to the master server, and use dsync as normal.
    not sure if those files can be put into conf-custom or similar to stop such changes getting overwritten.
    it's not something I've ever attempted though, so I can't guarantee it won't cause other issues., so i'd recommend creating a test setup of it first, and it'll fail to authenticate anything if it loses network connection to the master server for any reason.
     
  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    It wouldn't work as backup MX since the database is on the same server as the main MX, so if the main goes down the backup MX wouldn't be able to check if the mailbox exists.

    I think I'll set it up with a database replication to the backup MX, so postfix can acces the recipient table when the main server is down. Then i'll use dsync to synchronize the mailboxes. The nameserver will be set up as secondary zone, to make DNSSEC work. I'm just uncertain about how to do the database replication, because it should only replicate the related tables since it's not a mirror server.
     
    Last edited: Jan 16, 2020
  12. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    instead of using backup-mx i would just run two mx-servers. dovecot the mail-base in sync. just enable mail-service on both servers, set server2 as a mirror of server1 and add the replication to dovecot.
    if you want to run dns on the 2nd server too, this is a little bit tricky with dnssec. i did not configure dns on server2 and let bind do the replication. as long as bind does not allow auto-adding zones on a slave, you have to adjust the bind-config on slave by yourself.
    https://git.schaal-it.com/ispconfig/dnssec-slave
     
  13. xrstokes

    xrstokes Member

    I have the following working fine - Ispconfig server1 running from home on powerful machine[proxmox/kvm]. Ispconfig server2 running on another country VPS a bit overloaded but mirrored to the first. Gateway/proxy running vps in about the middle location. NS1.... & MX1.... points to first server and NS2..... and MX2..... point to second server. web traffic comes through the middle prox. If the middle goes down I'm stuffed for web bar a quick DNS change. But that's the service I pay the most for albeit has the least resources. All three databases are synced with Galera cluster. This is my third ISPConfig deployment and it has been by far the least bumpy. Open to suggestions where I might be wrong though. Ohh. The prox puts all traffic to the home server if it is up. So much power available at home you'd pay a mint for in the cloud.
     

Share This Page