Slave DNS functionality

Discussion in 'Developers' Forum' started by dcy, Jul 13, 2010.

  1. dcy

    dcy New Member

    - adds DNS slave functionality
    - requires either Bind or PowerDNS as the name server

    Code is now in the svn.

    A new MySql table is created (dns_slave) and 2 tables (client, client_template) have one new column (limit_dns_slave_zone) each.

    Bind needs a small change also - a new subdirectory named "slave" is created under $conf['bind']['bind_zonefiles_dir']. A chown to $conf['bind']['bind_user']:$conf['bind']['bind_group'] is done and a chmod to 770 on the same directory. The rationale for that is simply that the default permissions on /etc/bind prohibit the 'bind' user to write into it.

    The PowerDNS plugin has also been changed to accomodate the secondary zone functionality. As with the bind plugin it also relies on the new table and the added columns. The PowerDNS database had it's MySQL engine changed from MyISAM to InnoDB (http://doc.powerdns.com/generic-mypgsql-backends.html - MyISAM with slave functionality can cause DB corruption). This change is also performed seamlessly when upgrading (and is created as InnoDB with new installations).

    If MyDNS is installed no secondary zone functionality is available (although the UI displays the new items). All other functionality is retained and works properly.

    Crosschecks have been added - you are unable to add a secondary zone if a primary zone with the same name already exists and vice versa - you can't add a primary zone if a secondary zone already exists with the same name. The crosschecks will allow you to add a secondary zone even if there's is a primary zone with the same name known to the server, as long as it's not hosted on the same server (and vice versa).

    The code has been tested and I have found no bugs.

    The installation routine has now been altered to allow for a seamless upgrade to slave dns functionality. The upgrade scenario has been tested and works correctly. A fresh install scenario has also been tested and works correctly.

    Ideally, another change would need to be performed:
    In /interface/web/dns/lib/module.conf.php it would be ideal to add a check whether the bind_dns or powerdns plugin is loaded and only display the following nav item in case they are.
    I would appreciate a hint how to check for the presence of the loaded plugin in module.conf.php.

    With PowerDNS there is also a small catch 22. Due to the fact that I'm unable to find out where PowerDNS is installed in the operating system (without running a resource intense search each time we're writing the configuration (specifically the allow-axfr-ips parameter is written into the file)), it is assumed that your local PowerDNS configuration is stored in /etc/powerdns/pdns.d/ - should this not be the case, a symlink would need to be placed so that /etc/powerdns/pdns.d/ points to the correct path on your system. Typically however, PowerDNS keeps it's configuration files in /etc/powerdns (and by default includes all files from /etc/powerdns/pdns.d/).

    Sincerely,
    Damir Cifer.
     
    Last edited: Jul 17, 2010
  2. dcy

    dcy New Member

    Well replying to myself ...

    Updated the code now so it also support DNS slave functionality if powerdns is used as the DNS server.

    D.
     
    Last edited: Jul 17, 2010
  3. dcy

    dcy New Member

    Commited as svn rev. 1900 :)

    In case I've missed a bug - don't hesitate to PM me :)

    D.
     
  4. Nicram

    Nicram New Member

    It would be super to have some solution, that adds automatic slave support on the mashines wuthout IPSConfig.

    I mean i got computers without ISPC running bind, and it would be greate to use them as secondary DNS, with automatically added zones from master DNS running under ISPC. But i;m not sure if it;s possible (ispc then had to somehow tell the secondary dns mashines, that they got new zones to add right after adding them on master server).
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    How should that work if you do not install ispconfig on that server? If ispconfig sends a command and there is nothin on the other end to recive that command, how shall the secondary then do something. Or in otherw ords, just install ispconfig on the secondary server and the records will get mirrored automatically.
     
  6. Nicram

    Nicram New Member

    This is good question. Well some cron job, script, that is checking and connecting "from" the secondary server could be some way. But it had to somehow know how to ask the ispconfig for such info, get them, and save as slaves inside bind.

    Another solution may be some script inside ispconfig, that for example, use ftp or ssh to connect and upload zone files on the secondary dns. Then cron job is checking, if the file is added, then use it as config to input data into slave zones.

    Or maybe some simple daemon that listen on some port, but it;s more advanced thing that just a script.

    You know, installing ispconfig isn't good solution for secondary dns server for many reasons:
    - it need database, web server and php running (i got dns server that works only as dns servers and no other services i run there because of security and time to handle everything)
    - it supports only some linux variants (not all of them, but it is not ispconfig fault, i think it;s linux fault - that it has no unified standards for accesing config files, using libs, and using same kenrel versions etc. etc.)
    - it do not support many other OS's that sometimes used only for that (for example i use OpenBSD for routers and DNS servers, and i would have to learn and hack ispconfig to make it work well on that <where bind, apache, and maany other services there run in chroot enviroment, that works different than linux chroot of reebsd jail>, and my programming skills are close to null :( and ofcourse changing OS is not the way to go, Linux will be never as good and have same good quality like OpenBSD, and i think i don;t have to say about security :) )
    - more services like www or database means more memory and cpu power needed, while some simple DNS server, working as secondary DNS for not too many domains may work n CF card as HDD with 32MB RAM :)

    Too bad i'm not coder, but i will aks some riends, maybe they will help, because it is really needed i think, many ppl ask for such things here on forum.
     
  7. matty

    matty New Member

    The script is the easy bit. Here's one I posted the other day to add zones to a secondary BIND server.
    http://www.howtoforge.com/forums/showpost.php?p=237715&postcount=4

    What would be useful, instead of building functionality directly into ISPC3, how about a couple of places where we can call our own scripts so that we can use our own addon customisations? That would extend some functionality out into the community supported arena and let the devs get on with core functionality.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You should never modify the ispconfig core!

    ISPConfig is event based and uses plugins and loadable modules. So you can add all kinds of scripts easily in ISPConfig.
     

Share This Page