I am confused abaut primary and secondary dns servers configuration. i have read a lot of manuals tutorials abaut how to do it, but i think they do not adapt to my needs. I set up two servers (like a tell on previous post). I now have configured second server (slave secondary dns server) to run in multiserver mode. I configure two server entries in my administration panel. If i mark "Is mirror of Server" on second server configuration i lost the posibility of create new websites into it. If i unmark seems dns replication in secondary dns server dont work. I want to have two servers, controlled by one control panel in multisite mode I can get it if i not mark "Is a mirror site" in server configuration, i think this is the corret way. Mirror is for redundant purposes (i think) not for two independent server alocating diferent websites. So i have to active other services also like mail, etc in the second server. I want also have my own nameservers ns1.domain.com ns2.domain.com. So i have created a zone with A record "ns1" pointing to primary server ip, and NS record domain.com pointing to ns1.domain.com. I have the same records for the other server with secondary server ip (A ns1 second ip and domain.com to ns2.domain.com). Is this correct?, i have to do anything in secondary dns?. What i have to do in order to get the ns1.domains.com zones transfered to ns2.domain.com? without mirror one server into other one (i dont want mirror sites, etc). I could get zone transfer by hand one by one, but i dont want to do this because i think this is not the way, the way is tranfer all zones froms ns1.domain.com to ns2.domain.com automatically. Thanks for your responses and your help. I really need help with this.
For secondary DNS i`m using: puck.nether.net. If i learned right, the secondary server need be in another IP. The secondary as mirror i think will work as load balance for your internal network, frst requisition will ask ns1.server.com, second will ask ns2.server.com, etc... Not sure if is it. For the second DNS (puck.nether.net), i just set to allow zone transfer. On the primary DNS you need add an A record point for your domain to your public IP ns1.yourdomain.com
Yes, thats correct. You can create primary and secondary dns that gets synced automatically like this: 1) Create a new primary zone on the ns1 server, this zone has one ns recod for the ns1 server and a second ns record for the ns2 server plus a A-record for ns1 that points to the ip address of the first server and a A-record for ns2 which points to the IP address of the second server. In the field "Allow zone transfers to these IPs (comma separated list)" of this zone, add the IP address of the secondary ns server. In the first step, we created the full primary dns record. 2) In this step, wer create the record for the ns2. Go to DNS > Secondary DNS > Secondary zones and click on the add button. Enter the zone name in the zone field (the zone is the same that we created in 1) and in the ns field you add the IP address of the primary dns server (your first server) and click on save. Bind will now transfer the zone data automatically between the servers and will get updates from the primary server automatically.
Thanks Till and Wisdown Thanks Till and Wisdown. Till your response is the solution. Thanks, i was trying for hours. Now works perfectly. So my conclusion is that althought i installed first server as standar mode, setting up second as an expert mode connected to first work fine, and do not have to reinstall first server ispconfig in expert mode. And second conclusion is your response, "how to setup two dns servers master and slave" could be a good title on how-to forge. I think if i want, in the future, add a third dns slave server i will only have to do the same with the third server (add an entry to secondary dns of first server and add the zones needed in zones). Thanks a lot. Best regards Till and Wisdown.
Can't get the slave to sync Hi all, I followed this howto: http://www.howtoforge.com/how-to-ru...-secondary-with-ispconfig-3-debian-squeeze-p2 And this section post: 2) In this step, wer create the record for the ns2. Go to DNS > Secondary DNS > Secondary zones and click on the add button. Enter the zone name in the zone field (the zone is the same that we created in 1) and in the ns field you add the IP address of the primary dns server (your first server) and click on save. Bind will now transfer the zone data automatically between the servers and will get updates from the primary server automatically. In ispconfig >DNS>secondary DNS I have Server: it's the primary or master ( I can't see the secondary) Client : any DNS zone: ns2.domain.com NS : IP of primary server/DNS Allow: IP of secondary DNS Active : check The two server just don't sync... In the ns2 log I have Jan 15 16:51:02 dns2 named[28492]: client xx.xx.xx.xx#12282: received notify for zone 'domain.com' But there is no pri.file in the /etc/bind or /etc/bind/slave If I query the ns2 IT doesn't answer for the domain.com How can I know if they sync? Is it in the log somewhere? I'm just lost here, please any solution idea or trail to look... Thanks
Any other lines in the log of the ns2 server? There should be either a success or a failure message after this line. You might also want to check if the bind server can write to /etc/bind/slave
Here is the full log of ns2 from the notify line until the error: I was able to sync the 2 ns at one time 4 month ago when I set everything up but the SOA mismatch since then so I deleted all the /etc/bind/pri.* file hoping that bind would resync them. AS you can see that came without succes. As far as I can see there is probably a config error now... Jan 15 16:51:02 Server named[28492]: client xx.xx.xx.xx#12282: received notify for zone 'domain3.com' Jan 15 16:51:42 Server named[28492]: client 93.113.174.225#14424: query (cache) 'adobe.com/A/IN' denied Jan 15 16:52:01 Server CRON[7674]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log) Jan 15 16:52:11 Server named[28492]: received control channel command 'stop -p' Jan 15 16:52:11 Server named[28492]: shutting down: flushing changes Jan 15 16:52:11 Server named[28492]: stopping command channel on 127.0.0.1#953 Jan 15 16:52:11 Server named[28492]: stopping command channel on ::1#953 Jan 15 16:52:11 Server named[28492]: no longer listening on ::#53 Jan 15 16:52:11 Server named[28492]: no longer listening on 127.0.0.1#53 Jan 15 16:52:11 Server named[28492]: no longer listening on 10.0.9.2#53 Jan 15 16:52:11 Server named[28492]: exiting Jan 15 16:52:35 Server named[7724]: starting BIND 9.8.1-P1 -u bind Jan 15 16:52:35 Server named[7724]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' Jan 15 16:52:35 Server named[7724]: adjusted limit on open files from 4096 to 1048576 Jan 15 16:52:35 Server named[7724]: found 2 CPUs, using 2 worker threads Jan 15 16:52:35 Server named[7724]: using up to 4096 sockets Jan 15 16:52:35 Server named[7724]: loading configuration from '/etc/bind/named.conf' Jan 15 16:52:35 Server named[7724]: reading built-in trusted keys from file '/etc/bind/bind.keys' Jan 15 16:52:35 Server named[7724]: using default UDP/IPv4 port range: [1024, 65535] Jan 15 16:52:35 Server named[7724]: using default UDP/IPv6 port range: [1024, 65535] Jan 15 16:52:35 Server named[7724]: listening on IPv6 interfaces, port 53 Jan 15 16:52:35 Server named[7724]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 15 16:52:35 Server named[7724]: listening on IPv4 interface eth0, 10.0.9.2#53 Jan 15 16:52:35 Server named[7724]: generating session key for dynamic DNS Jan 15 16:52:35 Server named[7724]: sizing zone task pool based on 183 zones Jan 15 16:52:35 Server named[7724]: using built-in root key for view _default Jan 15 16:52:35 Server named[7724]: set up managed keys zone for view _default, file 'managed-keys.bind' Jan 15 16:52:35 Server named[7724]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones Jan 15 16:52:35 Server named[7724]: automatic empty zone: 254.169.IN-ADDR.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: D.F.IP6.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: 8.E.F.IP6.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: 9.E.F.IP6.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: A.E.F.IP6.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: B.E.F.IP6.ARPA Jan 15 16:52:35 Server named[7724]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jan 15 16:52:35 Server named[7724]: command channel listening on 127.0.0.1#953 Jan 15 16:52:35 Server named[7724]: command channel listening on ::1#953 Jan 15 16:52:35 Server named[7724]: zone 0.in-addr.arpa/IN: loaded serial 1 Jan 15 16:52:35 Server named[7724]: zone 127.in-addr.arpa/IN: loaded serial 1 Jan 15 16:52:35 Server named[7724]: zone 255.in-addr.arpa/IN: loaded serial 1 Jan 15 16:52:35 Server named[7724]: zone domain.com/IN: loading from master file /etc/bind/pri.domain.com failed: file not found Jan 15 16:52:35 Server named[7724]: zone domain.com/IN: not loaded due to errors. Jan 15 16:52:35 Server named[7724]: zone domain2.com/IN: loading from master file /etc/bind/pri.domain2.com failed: file not found Jan 15 16:52:35 Server named[7724]: zone domain2.com/IN: not loaded due to errors. As for the /etc/bind/slave folder Here is the dir ls -al drwxrws--- 2 root bind 4096 Sep 15 12:50 slave So yes it should have the right to write. Thanks Till
At first I put miror mode like in the howto. And then after when I saw It didn't work I tried with secondary zone without more succes. In any case, is there a question of user or password to create to grand acces. How the sync is supposed to occure. By witch mean the sync is done? By ssh, ftp, port 52 by bind? I just don't understand this process... There is no connection possible by ssh. I don't have any users created. A sync log would be a nice to have! Or an option like sync now. I saw there is something in option but I don't know what that thing sync... Not the DNS...
Ok. You can not use both together. The problem is that you deleted the pri.* files manually,as tehy will not be generated again. Instead of deleting them, you could have used the resync tool to force a update. Please remove the secondary dns records that you added as they will cause a conflict in bind so that the dns server must fail. The slave server connects to the mysql database on the master server, fetcehs the changes that wer made trough the ispconfig interface and miirors them to the mysql database of the slave and then changes the config files. I described this in several posts here in the forum in the past. There is a sticky post that describes what to do when your server is not writing changes to disk: http://www.howtoforge.com/forums/showthread.php?t=58408 That log exists, all you have to do is enable debugging for the slave as explained in the sticky post.
I took out the secondary dns entry. Tried resyn in ispconfig>>tools without succes I have no pri.* files in the ns2 server either in /etc or /etc/bind What are the ports I need open on both server: Here is what I have now: On primary: tcp: 20,21,22,25,53,80,110,143,443,463,587,993,995,3306,8080,8081 UDP: 53,3306 On secondary: TCP : 22,53 UDP : 53 What is the data flow? Is it the ns2 that connect to ns1 or the other way around?
ns2 is connecting to ns1. i posted a link that conatins the instructions to debug this in my last post. Please follow the instructions to debug your issue.
I followed what you said and reconfigured miror as the howto said. Rsync the pri.* files manually in /etc/bind on ns2. Everything is ok if I querry any dns but when I change dns entry on master server it doesn't sync the ns2 and I'm back with SOA mismatch and dns entry not in sync... I'm kind a back to square one, If I modify a zone on the master this is the log on the slave ns2: Jan 21 10:17:13 server named[883]: client xx.xx.xx.xx#33142: received notify for zone 'domain.com' Here is the log for ns1 master: Jan 21 10:17:02 Server named[839]: received control channel command 'reload' Jan 21 10:17:02 Server named[839]: loading configuration from '/etc/bind/named.conf' Jan 21 10:17:03 Server named[839]: reading built-in trusted keys from file '/etc/bind/bind.keys' Jan 21 10:17:03 Server named[839]: using default UDP/IPv4 port range: [1024, 65535] Jan 21 10:17:03 Server named[839]: using default UDP/IPv6 port range: [1024, 65535] Jan 21 10:17:09 Server named[839]: reloading configuration succeeded Jan 21 10:17:09 Server named[839]: reloading zones succeeded Jan 21 10:17:12 Server named[839]: zone domain.com/IN: domain.com.domain.com/NS 'ns5.domain.com.domain.com' has no REQUIRED GLUE address records (A or AAAA) Jan 21 10:17:12 Server named[839]: zone domain.com/IN: loaded serial 2013012102 Jan 21 10:17:13 Server named[839]: zone domain.com/IN: sending notifies (serial 2013012102) Any suggestion...
1) Did you delete all secondary zones in ispconfig like I suggested? If no, then do it now. if Yes, then you have a general problem with your ispconfig multiserver setup, e.g. the /etc/hosts file was not configured in the way described in the tutorial before ispconfig was installed on the master and slave server. If the file is not setup corrcetly before you install ispconfig, the sync must fail later as the slave server is not able to conect to the mysql master database then to get the required domain infos for the sync. To test this, enable loglevel debug for the slave server in ispconfig, disable the server.sh script in the root crontb of the slave and run it manually. See sticky post in this forum for detailed instructions.
This post is directed to Wisdown, or anyone else who is/was using puck.nether.net as a secondary DNS server. WHAT HAPPENED TO PUCK.NETHER.NET? I have been using puck.nether.net secondary DNS for several years, recently I noticed some dns errors on my domain. I traced it to puck.nether.net using the cool free DNS tool http://ww2.infoblox.com/services/dns_advisor_tool.cfm It seems as though this service has fallen off the face of the internet. Is this true or am I being stupid? My last status message from puck.nether.net was on Nov 29, 2012. Any comments? -John
