I was reading through the following article to setup a secondary DNS server using ispconfig. https://www.howtoforge.com/how-to-r...and-secondary-with-ispconfig-3-debian-squeeze Currently the main server is ispconfig single server setup. It is in a data center. I want to setup the secondary ispconfig server with all the services but only the DNS is mirrored with the primary ispconfig. The secondary ispconfig will in my office. The office does have static ip address. Is it possible to setup a secondary ispconfig server in a different network from the primary ispconfig? What ports need to be open in the primary ispconfig for the secondary to work? Anything else I should be aware off?
The tutorial you want to use is very old; please use the current multiserver setup instead: https://www.howtoforge.com/tutorial/ispconfig-multiserver-setup-debian-ubuntu/5/ Yes. The secondary DNS must be able to reach MySQL on your primary server and also BIND to copy the DNS zones. No.
If it's just a secundary dns you want, why not use one of the free ones out there? I'm using NS-Global DNS Service and Hurricane Electric as secundaries for my personal domains, next to my own ispc primary (and secundary) dns server(s). No need to install a whole server just for that functionality.
One more question, can I have the secondary ispconfig have all the services? Like mail and web not mirrored. Only the DNS is mirrored.
Yes, when you mirror DNS using secondary zones in BIND, as shown in the tutorial that I posted the link to.
It seems that the primary ispconfig was setup as a standalone. So mariadb is serving by socket file. Need some guidence on how to configure mariadb to serve by tcp on port 3306. Will it break the current setup? Also is there a way to make mariadb only reply to one ip address? For example the static ip address of the secondary ispconfig. A bit scary to expose 3306 to the internet.
To let mariadb listen on tcp, enable or add in /etc/mysql/mariadb.conf.d/50-server.cnf under [mysqld] Code: bind-address = 0.0.0.0 port = 3306 This can co-exist next to the unix socket settings you already have. You can't do firewalling within mariadb but of course you can on your ispc server's firewall and your router/firewall connecting it to the big bad internet.
And check that you do not have 'skip-networking' in the MariaDB config. Besides what @remkoh mentioned, the MariaDB users require a password, and the request must come from the correct IP, as the IP is part of the authentication process, so even if an attacker had the right password, they wouldn't be able to log in if he is not connecting from your other server.
Where do I set the ip address in the secondary mariadb server to only allow login using only the ip listed?
you are correct. All the information was in the documentation. Thank you for your advice. The secondary dns is working now.
Just to confirm, I have to create a secondary zone for each of the zones, correct? It will not just sync all the domains automatically, correct?
