Hello, If I add a second server to be used as DNS, but it is hosted in a different datacenter than where the primary DNS (and the rest of the ISPConfig3 cluster) is, are there any ports I need to have open in order for this second DNS server to work properly when made a mirror of the first DNS server? The primary DNS server is behind a firewall whereas the secondary is not (but has a firewall script running on that currently has only tcp/22, tcp/53, and udp/53 open.
The nodes need database connection to each other. This is described in the installation guides for multiserver setups: https://www.howtoforge.com/tutorial/ispconfig-multiserver-setup-debian-ubuntu/ It does not matter where the nodes are located, you just need to make sure they can access each others database as described in the article.
is there a particular reason for making it a mirror of the first dns server? perhaps it would be better to configure it as a proper secondary bind server so that bind handles the zone transfer rather than the zones being created from the mysql data. this would allow you to enable dnssec, which can't currently be used with ispconfig mirroring. whilst it might not be necessary right now, it does seem to be getting increasingly important.. also, as @pyte mentions, the new server will need access to port 3306 of the master ispconfig server. at the very least, you'll want your firewall to restrict external access to the master ispconfig database to just the new servers ip's. ideally, you'd want to use a vpn for your connection between the datacentres, or look at enabling ssl encryption for the mysql connection from the new server. don't really want unencrypted db data going across the internet.
There's no good reason to mirror dns servers! It brings you more troubles than benefits. Just setup a primary dns and one or more slave dns servers.
