Automatically add a domain to the backup zone on the second backup DNS server.

Discussion in 'HOWTO-Related Questions' started by Wojtek@T, Mar 11, 2026 at 8:05 PM.

Tags:
  1. Wojtek@T

    Wojtek@T New Member

    My question is directed to the creators, and by the way congratulations!
    I've been using the Ispconfig system to organize my domains for many years. I use the Multiserver option, have all my own system components, and have three address pools. Everything works fine, and if it doesn't work, I always find a solution on the mailing list.
    In my system, I use three DNS servers in three different address zones, and three mail servers in a similar manner. All under the control of a single Ispconfig system and a single Proxmox virtualization system in three different locations.
    I am an amateur and self-taught person and I decided to ask you about the problem of automating entries in DNS servers that bothers me.
    I try to help myself with additional scripts that copy zones to second servers, but it is semi-automatic and does not always work correctly.
    If we have a perfectly working form for creating a DNS zone for a new domain and can select two DNS servers: ns1 and ns2. (Why not extra ns3? That's a different question.)
    I'm assuming these are the primary and secondary servers. And we can define their IP addresses and names – great. And we have two physical or virtual DNS servers in a multiserver system, why can't we automatically add the same domain to the secondary zone on the second DNS server when adding a new domain to the primary DNS server?
    As everyone probably knows, using the MIROR function for a second DNS server always generates several errors for a minute because the zone on the second server isn't updated yet.
    Furthermore, enabling the MIROR function blocks the use of other services on that server.
    Why, for example, couldn't a secondary DNS be a secondary MX? I'll leave this question and the logic of filtering mail and storing it on a backup server when the primary mail server is unreachable for another thread.
    I'm very curious to hear your thoughts on how you handle this. Manually rewriting 150 domains to a backup DNS server and updating them isn't a viable approach for the 21st century.
    Best regards.
     
    Wojtek@T, Mar 11, 2026 at 8:05 PM
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This is actually not the case. If this happens on your system, then the server is not installed properly and you should investigate what's wrong with your setup. Also, mirroring is typically not used anymore in DNS today; one uses master and slave zones in ISPConfig as they are compatible with DNSSEC. I suggest reading the multiserver install guide before installing a multiserver setup. It covers the whole installation incl. proper setup of your DNS servers: https://www.howtoforge.com/tutorial/ispconfig-multiserver-setup-debian-ubuntu/

    Nobody is adding records to secondary zones manually in ISPConfig. ISPConfig offers two ways to mirror DNS records automatically. One is the general mirror function, which mirrors all functions of one server to another server. This mirror function works for all services incl. DNS. But this also means that the nodes you mirror must have the same services installed. The mirror function has one downside, though, when it comes to DNS, and that's that you can not use DNSSEC with it. If you want to use DNSSEC to sign zones, you use the second option (which is used in all current multiserver setups by default), and that's to use primary and secondary zones. In this setup, BIND takes care to mirror all records of the zone incl. the signing keys, so you do not add any records manually on the secondary. All you have to do is create the primary zone in ISPConfig and a secondary zone record once, which will then automatically mirror the primary zone.

    And its also planned to add an option to the DNS wizard to automatically add secondary zones as part of the creation process, which would make the second mirror option as easy to use as the first one without the one-time step of adding a secondary zone.

    You can have as many DNS servers as you want in ISPConfig; many have more than 2.
     
    Last edited: Mar 12, 2026 at 8:11 AM
    till, Mar 12, 2026 at 8:05 AM
    #2

Share This Page