multiserver setup with two servers on ubuntu 20.04 using ispconfig 3.2.1

hello everyone from the ISPconfig team and fans/forum helpers and many thanks for your efforts in this awesome panel.

i have two servers that i would like to setup ispcofig multiserver setup on them, my goal is to have:
- 1st server for (mail, webmail, dns)
- 2nd server for (web, dns)

i used ubuntu 20.04 and followed the perfect server guide [https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/], and followed the mail server guide [https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/] and also followed ispconfig manual to get an idea about the multiserver setup.

so i have installed every thing as discriped in the perect guide in the 1st server inculding the ispconfig panel, while only installed wnated services in the 2nd server and this is the end result as displayed in ispconfig panel:

Code:

  - Name                Mail    Web    DNS    File    DB    VServer    XMPP
  - mail.my-domain.com   Yes    Yes    Yes    Yes    Yes    No           No
  - web.my-domain.com    No     Yes    Yes    Yes    Yes    No           No

1. adding (mail instance for 1st-web-site) in the first server:
   • created subdomain mail.1st-web.com (to be redirected to /webmail/)
   • created the dns zone for 1st-website
2. adding (web instance for 1st-web-site) in the second server:
   • created domain 1st-web.com
   • couldn't figure how to created the dns zone for 1st-website in this server
3. adding (mail instance for 2nd-web-site) in the first server:
   • created subdomain mail.2nd-web.com (to be redirected to /webmail/)
   • created the dns zone for 2nd-website
4. adding (web instance for 1st-web-site) in the second server:
   • created domain 1st-web.com
   • couldn't figure how to created the dns zone for 2nd-website in this server

now if i tried to access mail.1st-web.com it resolves correctly to its index.html and mail.2nd-web.com also resolves correctly to its index.html
but 1st-web.com and 2nd-web.com resolves to the last entry i.e the index.html of 2nd-web.com.

so what should i do to solve this issue

 

Is the mail server the master ISPConfig server where its GUI is accessible? Are both dns server verified as fully working?

 

thank you @ahrasis for your reply

yes the mail server is the master server i.e the one with ISPConfig panel

iam not sure how to verify that dns server is working , but when creating a zone from ispconfig panel i can choose which server is the one that will hold this zone records and i only created the zones in the master server and did not find a way to do the same for the second server.

 

If I read your first post correctly, you have ISPConfig manual, so I believe proper multiserver setup mentioned in there is that you have to use expert install option when you install ISPConfig on slave server, did you go through this?

For proper ISPConfig dns server setup, do read and follow all the tips, tricks and guides in @Taleman 's dns tutorial: https://www.howtoforge.com/tutorial/setting-up-your-own-name-service-with-ispconfig/

 

yes i have the ISPConfig manual and yes i have been following the multi server setup which requires the expert option not the standard and that is what i did it even did connect to the master database.

i have reviewed my dns setup by looking at the link you provided and didn't find problems
when testing any of my two domains against 1st server (master) with host 1st-web.com x.x.x.58 it returns the correct A record address
when testing any of my two domains against 1st server (master) with host 2nd-web.com x.x.x.58 it returns the correct A record address
when testing any of my two domains against 2nd server (slave) with host 1st-web.com x.x.x.59 it returns the correct A record address
when testing any of my two domains against 2nd server (slave) with host 2nd-web.com x.x.x.59 it returns the correct A record address

but when i checked the /etc/bind/ in the 2nd server i didn't find any file related to 1st-web.com, all files are related to 2nd-web.com
while the /etc/bind/ in the 1st server contains files related to each domain 1st-web.com, 2nd-web.com
can this be the issue.

 

thank you @Th0m for your reply

after more reviewing of what is in DNS i did find that i miss typed an octet of the ip in the two zones and now i corrected it yet the issues still exists.
i did create the two zones on the master server but i didn't add secondary zones so now i added it but still no change in the issue.
but now when testing any of my two domains against 2nd server (slave) with host 1st-web.com x.x.x.59 it returns the Host 1st-web.com not found: 2(SERVFAIL)

one thing i forgot to mention, that i also use the registrar's DNS for now, till i find that i can use these two servers as name servers.
also iam using the real ip for all data in dns records even though the servers are behind nat. shoud i use the local ips?

 

i have found error when checking the logs in 2nd server (slave)

Code:

Jan  2 02:38:05 web named[746]: zone 1st-web.com/IN: Transfer started.
Jan  2 02:38:05 web named[746]: transfer of '1st-web.com/IN' from x.x.x.58#53: connected using 192.168.0.102#57811
Jan  2 02:38:05 web named[746]: transfer of '1st-web.com/IN' from x.x.x.58#53: failed while receiving responses: REFUSED
Jan  2 02:38:05 web named[746]: transfer of '1st-web.com/IN' from x.x.x.58#53: Transfer status: REFUSED
Jan  2 02:38:05 web named[746]: transfer of '1st-web.com/IN' from x.x.x.58#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
Jan  2 02:49:10 web named[746]: zone 2nd-web.com/IN: Transfer started.
Jan  2 02:49:10 web named[746]: transfer of '2nd-web.com/IN' from x.x.x.58#53: connected using 192.168.0.102#45147
Jan  2 02:49:10 web named[746]: transfer of '2nd-web.com/IN' from x.x.x.58#53: failed while receiving responses: REFUSED
Jan  2 02:49:10 web named[746]: transfer of '2nd-web.com/IN' from x.x.x.58#53: Transfer status: REFUSED
Jan  2 02:49:10 web named[746]: transfer of '2nd-web.com/IN' from x.x.x.58#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.003 secs (0 bytes/sec)

i also checked that port 53/tcp and udp are open what could be the issue ???

 

I am out of clue except for may be a typo in your post on the servers ip address ending which both seems to be 59?

 

it took me a while to figure out how to allow transfer to slave server ip (as i thought that the allow is to be done from the secondary dns form but it turned out to be in the zone form itself) and now i can see the transfer in the logs

Code:

Jan  3 13:37:02 web named[774]: zone 1st-web.com/IN: Transfer started.
Jan  3 13:37:02 web named[774]: transfer of '1st-web.com/IN' from 192.168.0.101#53: connected using 192.168.0.102#53267
Jan  3 13:37:02 web named[774]: zone 1st-web.com/IN: transferred serial 2021010302
Jan  3 13:37:02 web named[774]: transfer of '1st-web.com/IN' from 192.168.0.101#53: Transfer status: success
Jan  3 13:37:02 web named[774]: transfer of '1st-web.com/IN' from 192.168.0.101#53: Transfer completed: 1 messages, 44 records, 3816 bytes, 0.001 secs (3816000 bytes/sec)
Jan  3 13:37:02 web named[774]: zone 1st-web.com/IN: sending notifies (serial 2021010302)
...
Jan  3 13:37:02 web named[774]: zone 2nd-web.com/IN: Transfer started.
Jan  3 13:37:02 web named[774]: transfer of '2nd-web.com/IN' from 192.168.0.101#53: connected using 192.168.0.102#45463
Jan  3 13:37:02 web named[774]: zone 2nd-web.com/IN: transferred serial 2021010301
Jan  3 13:37:02 web named[774]: transfer of '2nd-web.com/IN' from 192.168.0.101#53: Transfer status: success
Jan  3 13:37:02 web named[774]: transfer of '2nd-web.com/IN' from 192.168.0.101#53: Transfer completed: 1 messages, 9 records, 280 bytes, 0.001 secs (280000 bytes/sec)
Jan  3 13:37:02 web named[774]: zone 2nd-web.com/IN: sending notifies (serial 2021010301)

but even though the transfer succeeded i don't see in slave server the /etc/bind/files that i see in the master /etc/bind/files, can i copy these file from the master to slave or use rsync?

these are the files inside /etc/bind/ (from master server)

Code:

ls -la /etc/bind/
total 104
drwxr-sr-x   3 root bind  4096 Jan  3 15:46 .
drwxr-xr-x 128 root root 12288 Dec 30 11:53 ..
-rw-r--r--   1 root bind   339 Dec 16 18:12 K1st-web.com.+013+51373.key
-rw-------   1 root bind   187 Dec 16 18:12 K1st-web.com.+013+51373.private
-rw-r--r--   1 root bind   340 Dec 16 18:12 K1st-web.com.+013+55391.key
-rw-------   1 root bind   187 Dec 16 18:12 K1st-web.com.+013+55391.private
-rw-r--r--   1 root root  1991 Sep 28 12:30 bind.keys
-rw-r--r--   1 root root   237 Dec 17  2019 db.0
-rw-r--r--   1 root root   271 Dec 17  2019 db.127
-rw-r--r--   1 root root   237 Dec 17  2019 db.255
-rw-r--r--   1 root root   353 Dec 17  2019 db.empty
-rw-r--r--   1 root root   270 Dec 17  2019 db.local
-rw-r--r--   1 root bind    96 Jan  3 14:15 dsset-1st-web.com.
-rw-r--r--   1 root bind   463 Dec 17  2019 named.conf
-rw-r--r--   1 root bind   498 Dec 17  2019 named.conf.default-zones
-rw-r--r--   1 root bind   262 Jan  3 14:15 named.conf.local
-rw-r--r--   1 root bind   976 Dec 16 17:35 named.conf.options
-rw-r--r--   1 root bind   759 Jan  3 14:14 pri.2nd-web.com
-rw-r--r--   1 root bind  1450 Jan  3 14:15 pri.1st-web.com
-rw-r--r--   1 root bind  6597 Jan  3 14:15 pri.1st-web.com.signed
-rw-r-----   1 bind bind   100 Dec 16 16:16 rndc.key
drwxrws---   2 root bind  4096 Dec 16 17:35 slave
-rw-r--r--   1 root root  1317 Dec 17  2019 zones.rfc1918

these are the files inside /etc/bind/ (from slave server)

Code:

ls -la /etc/bind/
total 92
drwxr-sr-x   3 root bind  4096 Jan  3 13:43 .
drwxr-xr-x 123 root root 12288 Dec 30 14:30 ..
-rw-r--r--   1 root bind   342 Dec 31 13:16 K2nd-web.com.+013+39141.key
-rw-------   1 root bind   187 Dec 31 13:16 K2nd-web.com.+013+39141.private
-rw-r--r--   1 root bind   341 Dec 31 13:16 K2nd-web.com.+013+40972.key
-rw-------   1 root bind   187 Dec 31 13:16 K2nd-web.com.+013+40972.private
-rw-r--r--   1 root root  1991 Sep 28 12:30 bind.keys
-rw-r--r--   1 root root   237 Dec 17  2019 db.0
-rw-r--r--   1 root root   271 Dec 17  2019 db.127
-rw-r--r--   1 root root   237 Dec 17  2019 db.255
-rw-r--r--   1 root root   353 Dec 17  2019 db.empty
-rw-r--r--   1 root root   270 Dec 17  2019 db.local
-rw-r--r--   1 root bind    97 Dec 31 14:34 dsset-2nd-web.com.
-rw-r--r--   1 root bind   463 Dec 17  2019 named.conf
-rw-r--r--   1 root bind   498 Dec 17  2019 named.conf.default-zones
-rw-r--r--   1 root bind   315 Jan  3 14:14 named.conf.local
-rw-r--r--   1 root bind   976 Dec 24 02:47 named.conf.options
-rw-r--r--   1 root bind  3632 Dec 31 14:34 pri.2nd-web.com.signed
-rw-r-----   1 bind bind   100 Dec 23 17:04 rndc.key
drwxrws---   3 root bind  4096 Jan  3 13:37 slave
-rw-r--r--   1 root root  1317 Dec 17  2019 zones.rfc1918

the result is that all sites in slave server like:
- 1st-domain.com or subdomain.1st-domain.com or 2nd-domain.com it resolves to 2nd-web.com
but sites in master server like:
- mail.1st-domain.com resolves correctly to mail.1st-web.com
- mail.2nd-domain.com resolves correctly to mail.2nd-web.com

my servers are behind NAT so they both have local IPs, but i do use different static public IP for each server, assigned through port forwarding in my router.

when i define a DNS zone (zone settings, zone records, secondary DNS zone) in ISPConfig i use the public IP instead of the local one.
right now i am trying to setup the servers that i have to practice and learn how to do the task and later i will have another remote host to hold the second DNS.
also when defining a zone in ISPConfig i typed in the NS field = the name server of my registrar ... is this right?

 

i have found the fix for my issue that was very unreasonable to if some have an explanation please enlighten me.
all i did was uncheck the SSL and Let's Encrypt SSL check boxes then recheck them back again for every site that is on the slave server, (all the sites had the SSL and Let's Encrypt SSL working already, which is strange why it stoped working)

another issue or bug i did notice when reapplying the Let's Encrypt SSL for a site that is built with python and i have installed the mod-wsgi apache module for it to work, after disable then enable the SSL for this site Apache gave an error "Name duplicates previous WSGI daemon definition."
but i have had this site working correctly with ISPConfig 3.1 on Ubuntu 18.04 without facing this issue !

 

Something could be wrong during your upgrade, so double check with the PST for Ubuntu 20.04, just to be sure.

Resync thereafter is always good to me.