How To Run Your Own DNS Servers (Primary And Secondary) With ISPConfig 3 (Debian Squeeze)
Version 1.0
Author: Falko Timme
Follow me on Twitter
This tutorial shows how you can run your own DNS servers (primary and secondary) with ISPConfig 3. To do this, you need two servers with two different public IP addresses and with ISPConfig 3 installed. I will use Debian Squeeze for both DNS servers here to demonstrate the base system setup process and ISPConfig 3 installation, but once you have ISPConfig 3 installed on your servers, the configuration inside ISPConfig 3 is identical, no matter what distribution you use.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
Our current situation is as follows: we have
- ISPConfig server #1 (server1.example.com): IP address 1.2.3.4; this one will be our primary name server.
- ISPConfig server #2 (server2.example.com): IP address 1.2.3.5; this one will be our secondary name server.
server1.example.com will be a full ISPConfig 3 installation. It will be the master ISPConfig 3 server (which runs the ISPConfig control panel interface) and act as an email, web, DNS, and MySQL server (this is the most common setup - one server that has all the services). server2.example.com will be a slave ISPConfig 3 server (no ISPConfig control panel interface) and will act only as the secondary DNS server. Of course, you can split up services between your servers as you like - the tutorial Installing A Multiserver Setup With Dedicated Web, Email, DNS And MySQL Database Servers On Debian 5.0 With ISPConfig 3 should give you the idea.
DNS A records for server1.example.com and server2.example.com must already exist (you can create them through your domain registrar's control panel). We will use server1.example.com and server2.example.com as the name servers for our zones later on; if you prefer something like ns1.example.com and ns2.example.com instead of server1.example.com and server2.example.com, you can use these, but make sure that there are DNS A records for ns1.example.com and ns2.example.com as well (that point to the same IPs as server1.example.com or server2.example.com).
I will show how to create a zone for the domain mydomain.com - this domain must already be registered through a domain registrar. After I have created the mydomain.com zone and verified that both server1.example.com and server2.example.com serve all mydomain.com records correctly, I will show how to make server1.example.com and server2.example.com the authoritative name servers for mydomain.com (see chapter 8).
More details about how to create DNS zones/records can be found in chapters 4.8 and 5.12 of the ISPConfig 3 Manual.
2 Setting Up server1.example.com (Primary DNS)
server1.example.com:
Please set up server1.example.com as shown in The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3], but stop before the ISPConfig 3 installation.
To allow the other MySQL instances to connect to the MySQL database on this node during ISPConfig 3 installation, we have to add MySQL root user records in the master database for every slave server hostname and IP address. Log into MySQL:
mysql -u root -p
On the MySQL shell, run the following queries:
CREATE USER 'root'@'1.2.3.5' IDENTIFIED BY 'yourrootsqlpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'1.2.3.5' IDENTIFIED BY 'yourrootsqlpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'server2.example.com' IDENTIFIED BY 'yourrootsqlpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'server2.example.com' IDENTIFIED BY 'yourrootsqlpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
FLUSH PRIVILEGES;
quit;
Make sure you replace 1.2.3.5 with the IP address and server2.example.com with the hostname of your secondary DNS server!
Now we can install ISPConfig 3 on server1.example.com as follows:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php
root@server1:/tmp/ispconfig3_install/install# php -q install.php
--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
--------------------------------------------------------------------------------
>> Initial configuration
Operating System: Debian 6.0 (Squeeze/Sid) or compatible
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]: <-- ENTER
Installation mode (standard,expert) [standard]: <-- expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER
MySQL server hostname [localhost]: <-- ENTER
MySQL root username [root]: <-- ENTER
MySQL root password []: <-- yourrootsqlpassword
MySQL database to create [dbispconfig]: <-- ENTER
MySQL charset [utf8]: <-- ENTER
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- ENTER
Adding ISPConfig server record to database.
Configure Mail (y,n) [y]: <-- ENTER
Configuring Postfix
Generating a 2048 bit RSA private key
............................................................................................+++
..........................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd Bytecode: Security mode set to "TrustSigned".
.
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
Stopping Courier IMAP server: imapd.
Starting Courier IMAP server: imapd.
Stopping Courier IMAP-SSL server: imapd-ssl.
Starting Courier IMAP-SSL server: imapd-ssl.
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
Stopping Courier POP3-SSL server: pop3d-ssl.
Starting Courier POP3-SSL server: pop3d-ssl.
Configure Jailkit (y,n) [y]: <-- ENTER
Configuring Jailkit
Configure FTP Server (y,n) [y]: <-- ENTER
Configuring Pureftpd
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -8 UTF-8 -H -D -b -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -A -B
Configure DNS Server (y,n) [y]: <-- ENTER
Configuring BIND
Hint: If this server shall run the ISPConfig interface, select 'y' in the 'Configure Apache Server' option.
Configure Apache Server (y,n) [y]: <-- ENTER
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configure Firewall Server (y,n) [y]: <-- ENTER
Configuring Firewall
Install ISPConfig Web Interface (y,n) [y]: <-- ENTER
Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER
Enable SSL for the ISPConfig web interface (y,n) [y]: <-- ENTER
Generating RSA private key, 4096 bit long modulus
.................................................................................................................++
..................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting web server: apache2 ... waiting .
Installation completed.
root@server1:/tmp/ispconfig3_install/install#
If you have chosen to enable SSL for the ISPConfig web interface, you can reach the ISPConfig web interface at https://server1.example.com:8080, otherwise at http://server1.example.com:8080.
