Backup (DNS and Mail)

Hello,
I have a question.
I have 2 ISPConfig3 installs running, both are standalone (and I want to keep that) but I want to use both servers (where ISPConfig is running on) as eachother's backup DNS and mail.
Is this possible? (I use BIND as DNS server)
And if so, how should I do this.
Both servers are installed as standard, not expert.

Thank you in advance.

 

Backup DNS is doable, depends on how you want to set it up. Straight forward but laborius way is to enter same DNS info on both and set them both as name servers for your DNS zones.
Backup e-mail server is quite complicated, and if you have two separate ISPConfig servers I'm not sure it is reasonable to make them each others backup e-mail. Old discussions about two e-mail server setups are in this forum.

 

Thank you very much.
By hand, yes that's doable, but I was hopeing this could be done automaticly (it's easy to forget to update you "secondary" DNS and proablly you will never notice untill... )
Actually I think I can make someting for the mail, I'm thinking to "sync" both mysql servers and make a relay domain map in postfix (that doesn't seem to be very dificult)
However Bind is a litle bit more complecated I think.

 

I made a cronscript that does the job.
Get the origin's from the SOA list, put it in a different database (so that the other server can be restricted to that database)
Other server will get it from the different database and put the domain (origin) in the dns_slave database
The script can be ran on any (ispconfig3) machine.
One question, how can I command ISPConfig3 to update the DNS/Bind?

BTW, if anybody is intersted doing the same, I'm happy to share the script

 

I do not understand what you mean by that question.
If you have setup the DNS in ISPConfig Panel, the changes you enter in ISPConfig panel are written to bind settings on that server.
Do you mean updating bind on the other server? In ISPConfig panel you can enter IP address of secondary name servers, they can then update their data with the usual way with zone transfers. Configure the other server to be secondary server for the zones where you need two name servers.

 

Thank you for the answers.
I'm not familiar with ISPConfig's API's, so I wrote a script run by cron, it just adds the dns_soa's records from one server to the other's dns_slave records (and visa versa if you run the scripts on both servers)
The only thing I have to do is after writing in the database (dns_slave table) have ISPConfig to update the DNS server.

 

I don't see how two standalone ISPConfig servers may help you to achieve what you want on mail server backup easily.

But with cluster setup, I think you may, so try reading this tutorial.
https://www.howtoforge.com/tutorial...e-cluster-on-debian-8.4-with-ispconfig-3/amp/

Edited: About dns backup as secondary server, what @Taleman said is clear enough, I think. The mirroring of master and slave in the above cluster setup (which is also part of a multi server setup) should take care of primary and secondary dns server as well.

 

I don't want to sync users with both servers, no websites, they must not be connected, the only thing they should do is being each others backup.
For DNS I can use the scripts I made, for mail, I can easily do the same and make relay maps, with postfix I can get this information out of each others database, same as I did with DNS.
What do a cluster share with each other? Can I do the same with a cluster, or are all the user info etc. also be shared over 2 servers?

 

PHP:

<?php
/*
Copyright (c) 2020 B. Wubben

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

Script for updating the Slave DNS zone records (create and remove)
requirments: other sever mysql is accessable



*/
// Config the Secondary DNS servers here where
// array (ServerID (does not have to be the ispconfig ID, but must be unique),IP,Database,MysqlUser,MysqlPass)
$secondaryservers=array(array(1,'IP','DNS','User','Password'));

include ("/usr/local/ispconfig/server/lib/mysql_clientdb.conf");
$SecDNSIP=array();
$errorServer=array();
$dnslist=array();
$cnt=0;

foreach ($secondaryservers as $secondaryserver) {
  // Connect to the database
  try {
    $db = new \PDO('mysql:dbname='.$secondaryserver[2].';host='.$secondaryserver[1], $secondaryserver[3], $secondaryserver[4],array(
        PDO::ATTR_TIMEOUT => 5, // in seconds
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
    ));
  } catch (PDOException $e) {
    echo ('MYSQL connect error on '.$secondaryserver[1].' error: '.$e.' \r\n');
    $errorServer[]=$secondaryserver[1];
    continue;
  }
  // Get the DNS list from the other server
  $mr = $db->prepare("SELECT origin FROM dns_slave WHERE active = 'Y'");
  $mr->execute();
  $dns = $mr->fetchall();
  foreach ($dns as $d) {
    $origin = $d["origin"];
    if (!array_key_exists($origin,$SecDNSIP)) {
        $dnslist[] = $origin;
    $SecDNSIP += array($origin=>$secondaryserver[1]);
   }
  }
  $db=null;
}
if (count($dnslist) == 0) {
  // got nothing
  exit;
}


// All DNSlist are received, now update the slave list
// Get the local dns_slave and dns_soa list

try {
  $db = new \PDO('mysql:dbname=dbispconfig;host='.$clientdb_host, $clientdb_user, $clientdb_password);
} catch (PDOException $e) {
  echo ('MYSQL connect error: '.$e.'\n');
}

// Get the slave_dns list
$zonelist = array_keys( $SecDNSIP);
$query = "SELECT origin FROM dns_slave WHERE active = 'Y'";
$mr = $db->prepare($query);
$mr->execute();
$secdlu = $mr->fetchall();
$secdnslist = array();
foreach ($secdlu as $d) {
  $secdnslist[] = $d["origin"];
}
// Get the dns_soa list (master)
$query = "SELECT origin FROM dns_soa WHERE active = 'Y'";
$mr = $db->prepare($query);
$mr->execute();
$soadlu = $mr->fetchall();
$soadnslist = array();
foreach ($soadlu as $d) {
  $soadnslist[] = $d["origin"];
}

// Check if every domain is not in the dns_slave and soa list
foreach ($zonelist as $zone) {
  if (!in_array($zone,$secdnslist)) {
    // Check if it's not a primary domain
    if (!in_array($zone,$soadnslist)) {
      // add the dns to the dns_slave
      echo "Add $zone , DNS {$SecDNSIP[$zone]} to slave list  \r\n";
      $query = "INSERT INTO dns_slave (sys_userid,sys_groupid,sys_perm_user,sys_perm_group,origin,ns,active,xfer) VALUES (1,0,'riud','riud',:DNS,:NS,'Y',:XFER)";
      $mr = $db->prepare($query);
      $mr->execute(['DNS'=>$zone,'NS'=>$SecDNSIP[$zone],'XFER'=>$SecDNSIP[$zone]]);
    } else {
      echo "WARNING: conflicting domain $zone on DNS {$SecDNSIP[$zone]}  \r\n";
    }
  }
}
// Now check if there are domains in dns_slave that are not in the zone_list, only when we have successfull retreived the list from the server

$errorserverlist = implode(",",$errorServer);
foreach ($secdnslist as $secdns) {
  if (!in_array($secdns,$zonelist)) {
      if (count($errorServer) > 0) {
        echo ("$secdns not in list, delete it when the DNS is not in $errorserverlist \r\n");
        $query = "DELETE FROM dns_slave WHERE origin = :ORIGIN AND ns NOT IN :ERRORSERVER";
        $mr = $db->prepare($query);
        $mr->execute(['ORIGIN'=>$secdns,'ERRORSERVER'=>$errorserverlist]);
      } else {
        echo ("$secdns not in list, delete it \r\n");
        $query = "DELETE FROM dns_slave WHERE origin = :ORIGIN";
        $mr = $db->prepare($query);
        $mr->execute(['ORIGIN'=>$secdns]);
      }
   }
}
// Now check if we need to update the local DNS list
// add
$query = "SELECT origin,xfer FROM dbispconfig.dns_soa WHERE active = 'Y' AND origin NOT IN (SELECT origin FROM DNS.dns_slave)";
$mr = $db->prepare($query);
$mr->execute();
$DNS_dns_slave = $mr->fetchall();
foreach ($DNS_dns_slave as $DNS) {
  echo ("ADD {$DNS["origin"]} to DNS IP {$DNS["xfer"]} \r\n");
  $query = "INSERT INTO DNS.dns_slave (sys_userid,sys_groupid,sys_perm_user,sys_perm_group,origin,ns,active,xfer) VALUES (1,0,'riud','riud',:ORIGIN,:NS,'Y',:XFER)";
  $mr = $db->prepare($query);
  $mr->execute(['ORIGIN'=>$DNS["origin"],'NS'=>$DNS["xfer"],'XFER'=>$DNS["xfer"]]);
}
// delete
$query = "DELETE FROM DNS.dns_slave WHERE origin not in (SELECT origin FROM dbispconfig.dns_soa)";
$mr = $db->prepare($query);
$mr->execute();

echo ("DNS UPDATE DONE \r\n");
?>


 

If that is your preference, after considering the multi server setup with clustering ability of ISPConfig, then it is fine.

Clustering is just another form of backup, which if one server is down, the other services will still work (except for ISPConfig Web Panel, which you still need to restore).

What the tutorial I mentioned is about?

 

I'm going to read the documentation and see if I can rewrite the code as an API, if it is re-written as API, should I share it again?

I know ISPConfig can cluster, but that's not what I'm looking for, It should be 2 independent ISPConfig's but I need for both servers a DNS backup and preferred also mail backup.

 

Thanks for pointing to the API, I have looked through it, luckily DNS salve has been added, however the only API commands are list and delete, there is no add command.

 

I went through the code and found out the add command is there, however it's not in the documentation it's called dns_slave_add

 

No problem and no offense at all.

Although I personally think that you are trying to reinvent the wheel since your purpose is "for the servers to backup each other", I won't advocate against it as you might have personal reasons for doing it this way.

I am following this to know how it ends as I have no doubt this could also work.

Good luck.

 

No offense taken.
How could I expain? Both ISPConfigs have different customers I do not want to share, you could compare it with two different companies, you don't want to share your customers with each other.
Actually I want to have them independent, but having only 1 DNS server and only 1 Mail server is not a good idea, so that's why I want to have a backup.
I'm new to ISPConfig, you probally know, otherwise I would have used the API in the first place, but I haven't seen this function in ISPConfig other then share all accounts over 2 or more servers, I'm I right?