Currently we have main server + 2 dns servers on single location, but I don't quite understand how synchronization between main server (containing ispconfig) and DNS server works. Is DNS connecting to main server database ? Currently we have 4 external IP's and have no problems with multiple DNS servers, but things are about to change when moving to another location, since I can get only one external IP. So there came the idea that one of DNS servers will be left on old location. I assume when using lan2lan VPN between locations sync should work normally. But without VPN ? P.S. I am not the one who installed these servers, but have to maintain them the best I can. So forgive me if some question sounds stupid. All I know is servers were installed using "The perfect server" tutorial
You can just have the two dns servers on different locations. You make one of the servers a mirror of the other. So all data gets synced between them and you have 2 DNS Servers that always hold the same data. You must make sure that these servers can reach each other on the ports needed e.g. mysql. Make these firewall rules as restirctive as possible for example make port 3306 only accessible by the public ip of the respective other server
ispconfig mirrored dns servers in different networks is no problem at all. i've done that myself. the mirrored servers do not need to be able to connect to each other in any way, they just need to be able to connect to the master dbispconfig database. good strong passwords for the mysql accounts. and restrict the external access to the specific ip(s) of the remote dns server (don't forget you'll also need mysql root access from the remote dns server as well) you could also use ssl/tls to encrypt the mysql connection from the remote dns server to the master... but that's obviously going to be more complicated to configure. if you use dnssec, you can't use ispconfig mirroring for the dns servers. so then you would need to configure the normal bind zone transfer settings between the dns servers.
I assumed that MySQL connection to main server is required. On both locations I will have lan2lan L2TP over IPSEC capable routers, so I think this is most secure and simple solution. Thanks.
