Good day all! Okay so the time came to rebuild entire system from scratch, old hardware, old OS's, and 2 bastardized ispc's. Of course I've moved since I first started using ispc many years ago and my printed manual is somewhere in a box, UGH! So going from memory for now, todays topic is DNS. Infrastructure: Ubuntu 20.04.3 LTS (all) 3.3.0p3 in a multi-server setup (panel, mx1, ns1, ns2, web01, webmail) Routers being slowly replaced by OPNSense (currently old ns1 using OPN (basic setup)) as I build out to harden security DNS: all are using 8.8.8.8 and 8.8.4.4 in netplan config's Should I change to the following? ns1 and ns2 stay using 8.8.8.8 and 8.8.4.4 panel, mx1, web01, webmail using ns1 and ns2 internal ip's Then once I add records to the new ns1 (pri) and ns2 (sec) and put ns1 into production (probably get serial descrepancy until ns2 goes into production) should I change ns1 nameserver to use it's gateway (opn-ns1) to better secure it or leave it with google's? or should I be asking this over at opn's forums? Jim..
Have you modified ISPConfig so it can not run on newer OS? Standard support for Ubuntu 20.04 ended in May. If you have running ISPConfig system, you can install a new set of hosts and use ISPConfig Migration tool to move the data over. You need to have both systems running during migration. I did not much understand your name server questions. Do you mean ns1 and ns2 are forwarding queries to Google name servers? Forwarding to your ISP name servers might give faster answers.
Taleman, thks for the reply! Lol, I've let the OS's be for far to long, 1 ispc system (multiserver) only has ns and web in production of the 6 servers on os v20.04, then the older ispc is 'down' to 1 server os v18.04 (barely running) but of course it has the most important data 'email', I've already created the dns entries manually (looks much cleaner now) and grabbed the backup of website. So that part is out the the way, email boxes (5) will be next by grabbing backups of each or try Fetch. There's actually not much to justify the migration toolkit. As for the dns question, from the os perspective, only the ns servers require actual internet dns queries, the rest of the servers, to reduce 'internet traffic' and speed up the process is that they should use the ns1 and ns2 as nameservers in their respective network config's. eg1: [email protected] (located on mx1) emails [email protected] - mx1 queries 8.8... and returns record for mail.yahoo.com to route email to. but now eg2: [email protected] (located on mx1) emails [email protected] (located on mx2) they dont know about each other so mx1 queries 8.8.. to find out it goes next door at mx2. So if os netwok config was setup for ns1 and ns2 (except those 2) then the eg2 scenario would find out from ns1/ns2 to route that email to mx2 , thus no dns internet traffic. The opnsense part not really important, just extra info. Am I flawed in this thinking? plus if I decided to use malware protected fwd'ers like quad9 I only have to adjust ns1 and ns2. Jim.. PS: My brain hurts - had to reread and adjust this over and over again to make sure it made sense.
lol, i just noticed in my 1st post that I wrote the wrong os info, yes the fresh install is on 24.04.3
Ubuntu 24.04 makes much more sense. Name servers for your intranet must be your own name servers, other name servers know nothing about the hosts in your intranet. So configure your hosts to use ns1 and ns2 as name servers. You can configure ns1 and ns2 forward queries to that quad9, but I know nothing about that service. Mailboxes can be copied, it should work. If not, sure way to get e-mail boxes to the other host is using imapsync. https://www.howtoforge.com/how-to-migrate-mailboxes-between-imap-servers-with-imapsync https://imapsync.lamiral.info/
thanks Taleman. I knew I was thinking right, just wasn't 100%. maybe put that in a 'Prerequisites section like the hosts file' imapsync sounds like more reading lol tks for the pointer Jim..
the imapsync worked great, tested on a old small mailbox. I did run into issues doing the install on ubuntu from the 'how to' but the other link had enough info to get it going plus of course I ran into an issue getting the new webmail working since it's pre-production so dns was issue and the edits in the roundcube/config-inc.yaml had to be set for ip's to make the new connection just so I could see the emails in browser. But once I mudddled thru all that the script itself worked flawlessly. a big thanks for that
