Hello, I updated my ISPConfing to version 3.1, everything works as it has up to DNSSEC. The setup DNS zone DNSSEC item at all I do not see what is wrong? Thank you.
DNSSEC is disabled in multi-server setups, is that what you have? Edit: more correctly, in ispconfig 3.1 dnssec is disabled for mirrored dns servers, not every multi-server setup
No, it did not work correctly, so all user interface pieces were removed, and you cannot enable it. I had a single test zone using dnssec prior to that point which I had to manually make consistent between two mirrored dns servers, and after the interface changes I added a test A record, and the configuration reverted to an unsigned zone. Bug issue to fix this: https://git.ispconfig.org/ispconfig/ispconfig3/issues/4179 This seems to be strictly in a mirrored DNS server setting though, not just "multi-server". I suspect a workaround would be to take your second nameserver which is currently a mirror of the first and set it to be not mirrored, and then you'd need to add all your zones as secondary zones on the second server (with the first server as primary). I have not tested this, but comments in https://git.ispconfig.org/ispconfig/ispconfig3/issues/4166 makes me think it might work.
Well, I turned off mirroring and entry DNSSEC there is now but as of right now I add a secondary DNS server?
Yes, add a secondary zone under DNS > Secondary DNS-Zones, select your second server the `Server` field and use your first server's ip address in the `NS (IP-address)` field. You setup the zone with DNSSEC on the primary server, and you should be done - the zone will transfer already signed. At least that's what this guide says, I've not actually done this yet:
Well I set it but now that will change some of the DNS record and I look through "dig @ ns2.mydomain.net any mydomain.net" so the records to secondary servers, but does not change the primary yes.
Ensure the slave server is allowed to zone transfer, either globally in the named.conf on the primary or under the 'Allow zone transfers to these IPs (comma separated list)' setting for each zone. After adding the secondary DNS zones, you can regenerate the files on the primary if needed. Make sure DNSSEC is enabled for domains that need it, then go to Tools > Resync > DNS Records. After the primary server recreates the zones with a new serial number, the slave should perform zone transfers.
I set the DNS> Primary DNS Zone> Zone> Allow zone transfer to these IP addresses to the IP address of my secondary DNS server and the DNS> Secondary DNS Zone> Zone> Allow zone transfer to these IP address of my primary dns server and buhužel when I change the record is changed only on the primary server to the secondary but not even give resynchronization
The primary server shows: http://pastebin.com/Nwg1aYu6 and secondary shows only that http://pastebin.com/b3ecWV1G
I have upgraded to ispconfig 3.1 using powerdns as dns server. I have a multiserver configuration but only one DNS server in the same server as the administration panel(I replicate DNS data using mysql native replication to another ispconfig independent DNS servers). How can I enable the dns signing via panel? I can do it via command line and works perfectly. I can see in the database that dnssec_initialized stays as "N". I think that the creation routing is disabled, how can I enable it?