ISPConfig with 2nd DNS and DNSSec

Discussion in 'ISPConfig 3 Priority Support' started by Tuumke, Nov 30, 2017.

  1. Tuumke

    Tuumke Member HowtoForge Supporter

    As mentioned in this thread, @till is talking about slave records?

    I was wondering how this is setup. I did a reinstall of my ISPConfig since i had some LE Cert issues which i couldnt resolve. Now i also want DNS Sec working, but i dont really understand how i have to set this up.
    The 2nd DNS server is already installed and connected to ISPConfig main server. I had it installed as mirror of the primary, but that doesn't seem to be how this is supposed to be setup.

    p.s.
    I thought it was time i became HTF Supporter ;) i really enjoy ISPConfig and HTF support! Keep up the good work.
     
    till likes this.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    In general, that's the correct setup but at the moment, you won't be able to use DNSSEC in this kind of setup due to a problem in the way we implemented it in ISPConfig. What I mentioned in the other thraed is the alternative way to set this up.

    1) Disable the mirroring in ISPConfig under System > server services.
    2) Now both dns servers should show up in the dns manager.
    3) Create a primary dns zone in ISPConfig as usual, choose the first dns server as server for this record. In the "Allow transfer to" field, set the IP address of your second DNS server.
    4) Now create a dns slave record in the ispconfig DNS manager for this zone, here you choose the second dns server as target for this dns records.
    Now BIND will take care toy keep the record in sync between the servers.

    Thank you for supporting us! :)
     
  3. Tuumke

    Tuumke Member HowtoForge Supporter

    What type of record is DNS Slave Record?
    Or do you just mean dns2.domain.tld and set it as secondary NS?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Tuumke likes this.
  5. Tuumke

    Tuumke Member HowtoForge Supporter

    Okai, i was already looking into that. So it comes down to:
    - Delete what i have now (zones etc)
    - Dont make 2nd DNS Server a mirror of main
    - Add zone on the primary
    - Make the "Allow transfer to" the ip of secondary server.
    - Add Secondary zone on 2nd server.
     
  6. Tuumke

    Tuumke Member HowtoForge Supporter

    Alright, i figured it out :) Thnx!
    There is no way yet to automate this? In the Zone template somehow also add Secondary zone?
    Noticed you dont need Secondary Zone, just set the Also Notify field is enough?
    Also, can you set the Allow Transfer in the template?

    -edit-
    Hm i do need secondary zone? Was looking at wrong server.. Any way to automate this?
     
    Last edited: Nov 30, 2017
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. The secondary zone tells BIND on the second server that it shall connect to the first server to fetch the zone data and to keep it updated.

    No, not yet as this is basically a workaround for a problem in the regular mirroring which get fixed in the next major release 3.2
     
    Tuumke likes this.
  8. Tuumke

    Tuumke Member HowtoForge Supporter

    Nice! Thanks buddy, keep up the good work! :)
     

Share This Page