How To Run Your Own DNS Servers (Primary And Secondary) With ISPConfig 3 (Debian Squeeze)

Version 1.0
Author: Falko Timme
Follow me on Twitter

This tutorial shows how you can run your own DNS servers (primary and secondary) with ISPConfig 3. To do this, you need two servers with two different public IP addresses and with ISPConfig 3 installed. I will use Debian Squeeze for both DNS servers here to demonstrate the base system setup process and ISPConfig 3 installation, but once you have ISPConfig 3 installed on your servers, the configuration inside ISPConfig 3 is identical, no matter what distribution you use.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

Our current situation is as follows: we have

ISPConfig server #1 (server1.example.com): IP address 1.2.3.4; this one will be our primary name server.
ISPConfig server #2 (server2.example.com): IP address 1.2.3.5; this one will be our secondary name server.

server1.example.com will be a full ISPConfig 3 installation. It will be the master ISPConfig 3 server (which runs the ISPConfig control panel interface) and act as an email, web, DNS, and MySQL server (this is the most common setup - one server that has all the services). server2.example.com will be a slave ISPConfig 3 server (no ISPConfig control panel interface) and will act only as the secondary DNS server. Of course, you can split up services between your servers as you like - the tutorial Installing A Multiserver Setup With Dedicated Web, Email, DNS And MySQL Database Servers On Debian 5.0 With ISPConfig 3 should give you the idea.

DNS A records for server1.example.com and server2.example.com must already exist (you can create them through your domain registrar's control panel). We will use server1.example.com and server2.example.com as the name servers for our zones later on; if you prefer something like ns1.example.com and ns2.example.com instead of server1.example.com and server2.example.com, you can use these, but make sure that there are DNS A records for ns1.example.com and ns2.example.com as well (that point to the same IPs as server1.example.com or server2.example.com).

I will show how to create a zone for the domain mydomain.com - this domain must already be registered through a domain registrar. After I have created the mydomain.com zone and verified that both server1.example.com and server2.example.com serve all mydomain.com records correctly, I will show how to make server1.example.com and server2.example.com the authoritative name servers for mydomain.com (see chapter 8).

More details about how to create DNS zones/records can be found in chapters 4.8 and 5.12 of the ISPConfig 3 Manual.

2 Setting Up server1.example.com (Primary DNS)

server1.example.com:

Please set up server1.example.com as shown in The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3], but stop before the ISPConfig 3 installation.

To allow the other MySQL instances to connect to the MySQL database on this node during ISPConfig 3 installation, we have to add MySQL root user records in the master database for every slave server hostname and IP address. Log into MySQL:

mysql -u root -p

On the MySQL shell, run the following queries:

CREATE USER 'root'@'1.2.3.5' IDENTIFIED BY 'yourrootsqlpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'1.2.3.5' IDENTIFIED BY 'yourrootsqlpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'server2.example.com' IDENTIFIED BY 'yourrootsqlpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'server2.example.com' IDENTIFIED BY 'yourrootsqlpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

FLUSH PRIVILEGES;

quit;

Make sure you replace 1.2.3.5 with the IP address and server2.example.com with the hostname of your secondary DNS server!

Now we can install ISPConfig 3 on server1.example.com as follows:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

php -q install.php

[email protected]:/tmp/ispconfig3_install/install# php -q install.php

--------------------------------------------------------------------------------
_____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
_| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------

>> Initial configuration

Operating System: Debian 6.0 (Squeeze/Sid) or compatible

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.

Select language (en,de) [en]: <-- ENTER

Installation mode (standard,expert) [standard]: <-- expert

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- ENTER

Adding ISPConfig server record to database.

Configure Mail (y,n) [y]: <-- ENTER

Configuring Postfix
Generating a 2048 bit RSA private key
............................................................................................+++
..........................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd Bytecode: Security mode set to "TrustSigned".
.
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
Stopping Courier IMAP server: imapd.
Starting Courier IMAP server: imapd.
Stopping Courier IMAP-SSL server: imapd-ssl.
Starting Courier IMAP-SSL server: imapd-ssl.
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
Stopping Courier POP3-SSL server: pop3d-ssl.
Starting Courier POP3-SSL server: pop3d-ssl.
Configure Jailkit (y,n) [y]: <-- ENTER

Configuring Jailkit
Configure FTP Server (y,n) [y]: <-- ENTER

Configuring Pureftpd
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -8 UTF-8 -H -D -b -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -A -B
Configure DNS Server (y,n) [y]: <-- ENTER

Configuring BIND

Hint: If this server shall run the ISPConfig interface, select 'y' in the 'Configure Apache Server' option.

Configure Apache Server (y,n) [y]: <-- ENTER

Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configure Firewall Server (y,n) [y]: <-- ENTER

Configuring Firewall
Install ISPConfig Web Interface (y,n) [y]: <-- ENTER

Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER

Enable SSL for the ISPConfig web interface (y,n) [y]: <-- ENTER

Generating RSA private key, 4096 bit long modulus
.................................................................................................................++
..................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting web server: apache2 ... waiting .
Installation completed.
[email protected]:/tmp/ispconfig3_install/install#

If you have chosen to enable SSL for the ISPConfig web interface, you can reach the ISPConfig web interface at https://server1.example.com:8080, otherwise at http://server1.example.com:8080.

view as pdf | print

Share this page:

Sub pages

30 Comment(s)

Add comment

Comments

By: sree

This is really informative....thank you...

By: romans

Great post, thanks for sharing. i am wondering whether a hosting company allow its clients to do such a DNS setting.

By: Nilpo

Why wouldn't they?

By:

Please tell us what you mean by 2 servers.

Does this work on 1 dedicated server that has no virtualization if you have 2 IP addresses, please?

Thanks

By: Tloader11

Hello there,

I followed this tutorial, and tried to set-up my nameservers (ns1.new-internet.org and ns2.new-internet.org) but after i created them and added a record for new-internet.org they didn't worked at all:

:~$ dig @ns1.new-internet.org any new-internet.org

; DiG 9.7.1-P2 @ns1.new-internet.org any new-internet.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45793
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;new-internet.org. IN ANY

;; Query time: 99 msec

please, i know, i must post this at the forum, but PLEASE help me out ! All my (20) domain's don't work right now, becouse of this

By: Hostingex.net

Is it possible to use 4 nameservers? Is it better or not necessarily?

By: till

You may use as many nameservers as you like with this setup. Having 4 nameservers is only necessary if you have a really huge setup and you either expect that more than one nameserver fails at the same time or that you have so many dns requests that 2 servers can't handle the load.

By: Hostingex.net

In want to use 4 DNS servers (with this setup) just for faster accessibility (for visitors).

For example DNS servers at:USAEUROPEAFRICAASIA

..will be better/faster accessible (for visitors from any country) than 2 DNS servers in one country?

Thank you for your reply:)

By: Hostingex.net

Make sure you replace 1.2.3.5 with the IP address and server2.example.com with the hostname of your secondary DNS server!

- This line are added below/after wrong data CREATION. HOW HOW EDIT WRONG DATA NOW?

By: Jesse Norell

You would change the 'users' table in the mysql database; it should be something like:

update users set Host='4.4.4.4' where User='root' and Host='1.2.3.5'; flush privileges;

By: Hostingex.net

Make sure you replace 1.2.3.5 with the IP address and server2.example.com with the hostname of your secondary DNS server!

- This line are added below/after wrong data CREATION. HOW HOW EDIT WRONG DATA NOW?

By: Hostingex.net

I have installed "Install ISPConfig Web Interface (y,n) [y]: <-- n" by mistake on second DNS server. How I can remove this? Or is it not necessary/not important?

By: Aivaras

Please HELP! :)

I have installed 2 dns servers, and now.. How to add/connect 3 server (clients hosting server) to these DNS servers? Do clients accounts (web sites) will be found automaticaly (when created) in server 3 using these DNS servers 1 and 2?

By: Aivaras

6. Step "dig @server2.example.com any mydomain.com"

Returns NOT the same records... Anyone can help please?

----------------------

; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 46408;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0;; WARNING: recursion requested but not available

By: Sam Fas

Hello,

is it can be the same IP address used for both, Ns1 and n2 domain names ?!

Regards

By: bluethunder82

Just looking to setup a secondary (Slave) DNS server and was wondering if this would work with an existing ISPConfig 3 install? Could I just run the updater after entering the root mysql commands? Thanks

By: 1+0=1

How do u create ur own dns control panel server from scratch?

By: JENDER ZAVALA

Excuse my ignorance, I have installed ISPConfig 3.1 automatic in ubuntu 16.04 and I have problems to add new domains, I would like to have ns1.mydomain.com and ns2.mydomain.com. In order to register new domains, how is this possible?

By: Ajayi David

I want to point out this line, maybe it needs correction, although it seems to affect nothing. I believe A records are created through your hosting control panel, and not your domains registrar.

Note: DNS A records for server1.example.com and server2.example.com must already exist (you can create them through your domain registrar's control panel)

By: Ajayi David

Any help!

I have gone through the whole process and everything seems to be working fine and thats why I'm surprised, cos I was unable to create dns A records at my Web Host Company as stated in the tutorial but the welcome page is well displayed fine.

Secondly some registrars wont authorize my nameservers, dont know why

By: Jose

I am running ISPConfig 3.1.13 but in the control panel when I go to (Step 4.) System > Server Services. And Select the server it doesn't show Is a mirror of Server.

Thanks for all your work!

By: till

This option must be there, it is hard coded. Maybe you clicked on System > server config instead of System > server services?

By: Ed

Hello,

We are trying to set this up on stretch with mariadb 10.1 and php7.1 and teh slave server can't connect to the master. I think the problem may be that on both servers, the command mysql -u root -p does not allow mysql login, even though the password is correct when supplied. To login to mysql only the command mysql -u root -p'password' (with no space after the -p and the password which must be in single quotes). 1) Is this a mariadb error? 2) Is this the cause of the failure of the ispconfig3 install on the slave server when it can't connect to the master? Thanks for help. Wa are proud ispconfig3 users and manual owners!

By: Ed

We had earlier problems connecting to mysql on the command line. Further research indicated that passwords longer than 70 characters were problematic, so a shortened password solved that problem (in the installation of the dns slave). Now we have a different problem - we tried with php7.1 and then downgraded the entire server to 7.0 and we still get the following error at the last step of the ispconfig3 installation on the dns slave server:

MySQL master server database name [dbispconfig]:

PHP Fatal error: Uncaught Error: Call to undefined function mb_detect_encoding() in /tmp/ispconfig3_install/install/lib/mysql.lib.php:448

Stack trace:

#0 /tmp/ispconfig3_install/install/lib/mysql.lib.php(166): db->escape('validate_passwo...')

#1 /tmp/ispconfig3_install/install/lib/mysql.lib.php(231): db->_build_query_string('SELECT plugin_n...', Array)

#2 /tmp/ispconfig3_install/install/lib/mysql.lib.php(270): db->_query('SELECT plugin_n...', Array)

#3 /tmp/ispconfig3_install/install/lib/mysql.lib.php(319): db->query('SELECT plugin_n...', Array)

#4 /tmp/ispconfig3_install/install/lib/installer_base.lib.php(238): db->queryAllRecords('SELECT plugin_n...', Array)

#5 /tmp/ispconfig3_install/install/install.php(297): installer_base->configure_database()

#6 {main}

thrown in /tmp/ispconfig3_install/install/lib/mysql.lib.php on line 448

[email protected]:/tmp/ispconfig3_install/install#

Is there a fix for this? What do you recommend? Thanks.

By: till

The PHP mbstring extension is missing in the PHP that you installed. Install php mbstring for the used php version.

By: Jesica

Hello! I'm trying in a debian to do a hosting but I can not get the dns to spread. In the DNS zone which IP has to be set? I have put the public IP (the one that gives me in a web called which is my ip). Is that I have tried both ways and I do not get it in any of the ways, do I have to do some more configuration so that the hosting is accessible from the internet? Thank you very much for your manual and I hope you can help me.

By: Tijmen

Since we run with php7.2, do we still need php5-cli php5-mysql php5-mcrypt? 7.2 doesnt have mcrypt as far as i can find...

By: Mohammad

Thanks for your great tutorial

I have a VPS with ISPConfig 3.1 on Centos 7.7

I have a master domain name that I use it as my DNS Server address alias (teslagps.com)

multiple Domain uses this as name server (ns1.teslagps.com, ns2.teslagps.com) and everything works fine from the localhost.

I use DNS-Wizard to add a new domain to the DNS server so I did n't change any default value but now

sometime I can reach my domains sometime I can't! I can not get PING from these domains but nameserver has PING.

and Sometime when I open one of my domains I'll face with ("503 Service Unavailable" Error)!

and finally sometime my Alias domain for .COM domains like .IR not working!!!

I'm in wonder! please guide me!

it's dig report for one of my domains(teslacnc.com)

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @ns1.teslagps.com any teslacnc.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64955

;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 2

;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;teslacnc.com. IN ANY

;; ANSWER SECTION:

teslacnc.com. 3600 IN MX 10 mail.teslacnc.com.

teslacnc.com. 3600 IN NS ns2.teslagps.com.

teslacnc.com. 3600 IN NS ns1.teslagps.com.

teslacnc.com. 3600 IN TXT "v=spf1 mx a ~all"

teslacnc.com. 3600 IN A 5.196.58.90

teslacnc.com. 3600 IN SOA ns1.teslagps.com. info.teslaelectronic.ir. 2019122801 7200 540 604800 3600

;; ADDITIONAL SECTION:

mail.teslacnc.com. 3600 IN A 5.196.58.90

;; Query time: 0 msec

;; SERVER: 5.196.58.90#53(5.196.58.90)

;; WHEN: Mon Dec 30 17:21:28 +0330 2019

;; MSG SIZE rcvd: 227

By: Ed

Hello,

We have this running great for the master and the first slave, but we have not been able to get the ns3.slave to work. Does this tutorial also work for a master and 2 slave setup? Whenever we try to use the 2nd slave as nameserver, the request is denied. Is there a table in the db to check on this?

the second slave is also reported as "not available" on differend servers/systems using pdnsd dns cache server, for example, but the master and 1st slave are reported as working!

By: till

> Does this tutorial also work for a master and 2 slave setup?

yes, you can add as many slave servers as you want. Just install them in the same way you installed the first slave server and always choose the master server to be the master of that slave.

Log in or Sign up

On this page