Hi all, Is been quite confusing the way the DNS works under ISPconfig or at least to me. I've got 2 DNS servers. All my servers in the past were able to sync from master to slave without having to add the same records on the slave. Under ISPconfig I believe if I'm not wrong that I have to add them manually to the slave? When I click under "Secondary DNS zone" and add new zone afterward the form among others is asking the server name and the IP address. Which one I should add? The one on the master (ns1) dns or the details of the secondary? Also, the "Allow zone transfers to these IPs (comma separated list)" what's the point of it when it doesn't transfer the zones from the master? Thanks a lot
You can set up a server in your setup to be a mirror from another server, but in that case, it will mirror all services. There is a feature request to a server up to mirror only one service, see https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/990 You have to add them as secondary zone if you want to use DNSSEC, because zone signing is currently broken on mirrors. There is a bug report: https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4179
That's wrong, you never have to add individual records of a zone twice in ISPConfig. Either use server mirroring, which does not support dnssec yet, or simply add a secondary zone record, which then automatically mirrors all zone changes.
@till I've added the main DNS entry on dns1 which works fine. I've added as a secondary DNS on dns1 an entry with the same DNS-zone name, the IP of the dns1 under NS (Ip-address), and selected my dns2 server from the drop-down menu. The active is also checked. I click saved, wait a little bit until it gets done but nothing is happening on dns2. Bind is running fine on that; it just doesn't transfer nor create any zone file. I've checked under /etc/bind and /etc/bind/slaves --> empty. Thanks
The only relative entry is under named.conf.local which has: Code: root@dns2:/etc/bind# cat named.conf.local zone "status-guru-host.com" { type slave; masters {my-dns1-ip;}; allow-transfer {none;}; file "/etc/bind/slave/sec.mydomain.com"; }; but sec.mydomain.com doesn't exist under /etc/bind/slave/
That#s ok and all what ISPConfig has to do, the remaining thing is bind internals. Have you set the IP of the slave node in the allow transfer field of the primary dns zone in ispconfig? If not, the secondary server is not allowed to copy the zone data.
@Th0m on dns2 when I create the zone? To add the IP of the dns1 under "Allow zone transfers to these IPs" This is what you mean? @till the primary zone has enabled the allow transfer field with the IP of the dns2
I had the wrong IP on allow transfer......sorry for this. It works fine now. Thank you all for your help. The assistant on the forum is amazing.
