I have four secondary name servers available. They run tinydns and can be updated from the ISPConfig's bind settings by a cron job. I can't see how to set more than two name servers in ISPConfig, and I want to have five. It may be something I should do in the DNS Manager section, but there is nothing about this in the documentation at all.
Currently ISPConfig has only input fields for 2 nameservers. Maybe you cann add your other namesevers statically in the master templates of the zonefiles in /root/ispconfig/isp/conf/
Unfortunately not. If I add the entries in the ;;;; MAKE MANUAL... section of the template, bind fails to load the file. If I put exactly the same entry in the pri.domainname.com file I get the same problem, but if I put the entry right after the other two NS records, it works just fine. Looks as if it is max two name servers.
Have you tried to change the template for the pri.domainname.com file in /root/ispconfig/isp/conf/. You can make the changes in these files anywhere you want, the make manual section is not meant for the templates, it is meant for the resulting BIND conf files.
Yes, that's where I made the initial change, and when that propogated to a conf file, it was in the same place. Whether I made the change in the template or in the resulting file, the error was the same. Seems that bind doesn't like NS records n two places in one file.
And why didnt you make the changes in the templates right below the other NS records? You posted above that it works when you made the changes there.
Yes, that's where I made the initial change, and when that propogated to a conf file, it was in the same place. Whether I made the change in the template or in the resulting file, the error was the same. Seems that bind doesn't like NS records n two places in one file.
You can change /root/ispconfig/isp/conf/pri.domain.master. Now it looks like this: Code: $TTL {DNS_TTL} @ IN SOA {DNS_NS1}. {DNS_ADMINMAIL}. ( {SERIAL} ; serial, todays date + todays serial # {DNS_REFRESH} ; refresh, seconds {DNS_RETRY} ; retry, seconds {DNS_EXPIRE} ; expire, seconds {DNS_TTL} ) ; minimum, seconds ; NS {DNS_NS1}. ; Inet Address of name server 1 NS {DNS_NS2}. ; Inet Address of name server 2 ; <!-- BEGIN DYNAMIC BLOCK: mxrecords --> {MX_HOST} MX {MX_PRIORITAET} {MX_MAILSERVER}. <!-- END DYNAMIC BLOCK: mxrecords --> {DNS_SOA}. A {DNS_SOA_IP} <!-- BEGIN DYNAMIC BLOCK: arecords --> {A_HOST} A {A_IP} <!-- END DYNAMIC BLOCK: arecords --> <!-- BEGIN DYNAMIC BLOCK: cnamerecords --> {CNAME_HOST} CNAME {CNAME_ZIEL}. <!-- END DYNAMIC BLOCK: cnamerecords --> <!-- BEGIN DYNAMIC BLOCK: spfrecords --> {SPF_HOST}. TXT "v=spf1 {SPF}" <!-- END DYNAMIC BLOCK: spfrecords --> ;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;; You can change it to Code: $TTL {DNS_TTL} @ IN SOA {DNS_NS1}. {DNS_ADMINMAIL}. ( {SERIAL} ; serial, todays date + todays serial # {DNS_REFRESH} ; refresh, seconds {DNS_RETRY} ; retry, seconds {DNS_EXPIRE} ; expire, seconds {DNS_TTL} ) ; minimum, seconds ; NS {DNS_NS1}. ; Inet Address of name server 1 NS {DNS_NS2}. ; Inet Address of name server 2 [B]NS your_third_ns.[/B] [B]NS your_fourth_ns.[/B] ; <!-- BEGIN DYNAMIC BLOCK: mxrecords --> {MX_HOST} MX {MX_PRIORITAET} {MX_MAILSERVER}. <!-- END DYNAMIC BLOCK: mxrecords --> {DNS_SOA}. A {DNS_SOA_IP} <!-- BEGIN DYNAMIC BLOCK: arecords --> {A_HOST} A {A_IP} <!-- END DYNAMIC BLOCK: arecords --> <!-- BEGIN DYNAMIC BLOCK: cnamerecords --> {CNAME_HOST} CNAME {CNAME_ZIEL}. <!-- END DYNAMIC BLOCK: cnamerecords --> <!-- BEGIN DYNAMIC BLOCK: spfrecords --> {SPF_HOST}. TXT "v=spf1 {SPF}" <!-- END DYNAMIC BLOCK: spfrecords --> ;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;;
Thanks. That seems to work. I suppose if I ever need to change the name servers I'd have to edit it back, but this seems unlikely.
Sorry for resurecting this old thread. I have run across the same problem (wanted to add more name servers), and traced it back to the fact that ISPConfig does cut away the whitespace after the manual entered content in the zone files, including newlines. And BIND likes that the zone file ends with a newline. Sometimes that will not cause the zone file failing to load, but sometimes it will. It produces a warning at load: Jan 18 23:08:33 mars named[10837]: pri.domain.tld:31: file does not end with newline
It is a warning, though in about a third of my test cases it causes BIND to refuse loading the zone file. In the other two thirds of cases the zone file gets loaded. If I ensure the zone file ends up with a newline, all the zone files that BIND rejected were working normaly. Did confuse me, too. It seems wise to ensure a zone file for BIND always ends with a newline. I seem to have also a problem with the reverse DNS zone ISPConfig generates: Code: $TTL 86400 @ IN SOA dns.sf-labs.com. hostmaster.inovabit.com. ( 2006011804 ; serial, todays date + todays serial # 28800 ; Refresh 7200 ; Retry 604800 ; Expire 86400) ; Minimum TTL NS dns.sf-labs.com. NS ns1.everydns.net. 111 PTR traxus.info. 111 PTR *.traxus.info..traxus.info. The last line is problematic: Code: Jan 18 23:37:37 mars named[12351]: dns_rdata_fromtext: pri.249.95.193.in-addr.arpa:11: near '*.traxus.info..traxus.info.': empty label
You can put a newline into the template files in /root/ispconfig/isp/conf. This line looks totally wrong. Maybe you entered wrong data in the ISPConfig interface?
The problem I had is, like the threat starter, that I wanted to add 2 additional nameservers. First I added those directly into the generated zone file, bellow the line ";;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;;". Whenever I changed the DNS records through the ISPConfig interface, the re-generated zone file has had its trailing whitespaces (including newlines) removed. I have now a temporary solution for my problem, I just added the DNS servers to the template, like it was sugested to the starter. In time I would like to tackle with IPSConfigs code myself and propose a patch, if I am allowed, offcourse. It is offcourse possible I entered wrong data. Though, what could have caused such an odd line? There is no wildcard record at all in my definition of the original DNS zone, and there is little influence I have on the reverse one.
The first problem (with the newline) lays in the function 'manual_entries' in '/root/ispconfig/scripts/lib/classes/ispconfig_bind.lib.php', line 105, '$manual = "\n".trim($parts[1]);'. This function trims before and after the string whitespace including newlines and spaces. That will for example break the zone file if the manual entry is a DNS record that lexicaly starts with spaces (like for example a NS record of the type " NS ns1.domain.tld", and it also causes that the zone file doesnt end with a newline if it has custom content. Why not replacing it with '$manual = "\n".rtrim($parts[1])."\n";', that would only remove trailing whitespace, should not break formating relying on spaces, and it ensures that the file ends with a newline even after custom content?
That other error with the reverse DNS was caused by an old fully qualified wildcard record the traxus.info domain had - and because it was a fully qualified it caused problems when ISPConfig attached the domain ending to it, making out of *.traxus.info. + traxus.info *.traxus.info..traxus.info. Now, the odd part of the story was I deleted that record out of the DNS a week ago, I emptied the garbage bin, the record was not anymore displayed in the ISPConfig interface, but it was still in the database, and it was used in the generation of the reverse DNS. I fixed that by cleaning the database manualy, and now I am triing to repeat that bug, to see if I can trace it. No success in repeating this so far.
Be aware that if you delete a record in the database manually and dont delete the corresponding records in dns_dep, dns_nodes for this records may cause database corruption.
Thank You for the hint. I have deleted the rampart A record and the dns_dep entry that links to it. Still triing to reproduce the event that caused the lost record, no success so far.
So we attepted to add our 3rd and 4th nameservers using the method in his Thread. Not only it did not work but after restoring the original pri.domain.master Bind refuses to start. This is how we tought it should work: Code: $TTL {DNS_TTL} @ IN SOA {DNS_NS1}. {DNS_ADMINMAIL}. ( {SERIAL} ; serial, todays date + todays serial # {DNS_REFRESH} ; refresh, seconds {DNS_RETRY} ; retry, seconds {DNS_EXPIRE} ; expire, seconds {DNS_TTL} ) ; minimum, seconds ; NS {DNS_NS1}. ; Inet Address of name server 1 NS {DNS_NS2}. ; Inet Address of name server 2 NS ns3.minimalist.ro. NS ns4.minimalist.ro. ; <!-- BEGIN DYNAMIC BLOCK: mxrecords --> {MX_HOST} MX {MX_PRIORITAET} {MX_MAILSERVER}. <!-- END DYNAMIC BLOCK: mxrecords --> {DNS_SOA}. A {DNS_SOA_IP} <!-- BEGIN DYNAMIC BLOCK: arecords --> {A_HOST} A {A_IP} <!-- END DYNAMIC BLOCK: arecords --> <!-- BEGIN DYNAMIC BLOCK: cnamerecords --> {CNAME_HOST} CNAME {CNAME_ZIEL}. <!-- END DYNAMIC BLOCK: cnamerecords --> <!-- BEGIN DYNAMIC BLOCK: spfrecords --> {SPF_HOST}. TXT "v=spf1 {SPF}" <!-- END DYNAMIC BLOCK: spfrecords --> ;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;; Also, /var/log/messages has these strange lines: Code: Jan 22 20:18:47 minimalist kernel: [1412934.696667] Failure registering capabilities with primary security module. Jan 22 20:33:35 minimalist kernel: [1413821.530649] Failure registering capabilities with primary security module. Jan 22 20:35:57 minimalist kernel: [1413963.327872] Failure registering capabilities with primary security module. Jan 22 20:37:38 minimalist kernel: [1414065.076018] Failure registering capabilities with primary security module. Jan 22 20:41:20 minimalist kernel: [1414286.907556] Failure registering capabilities with primary security module. Jan 22 20:43:22 minimalist kernel: [1414408.769400] Failure registering capabilities with primary security module. Jan 22 20:46:44 minimalist kernel: [1414610.537729] Failure registering capabilities with primary security module. Jan 22 20:51:46 minimalist kernel: [1414911.465393] Failure registering capabilities with primary security module. Any help is appreciated!