I followed the howto at http://www.ispconfig.org/news/tutori...ebian-squeeze/. The secondary ns just sits there with it's thumb... there are no errors in /var/log/ispconfig/cron.log there is no related messages in /var/log/syslog I don't even know what to post to help you folks help me figure out what the deal is. I'm on debian 7 (wheezy)
I've run primary and secondary DNS from ISPConfig for a while, I may be able to assist, but you're gonna have to explain what you mean by "The secondary ns just sits there with it's thumb..."
well, I suppose the confusion is a result of a very annoyed brad posting! below you will see a shell session to demonstrate the level of nothingness that occurs. It appears that parts are missing from the install, however I've ran the install multiple times. Code: Linux ns2 3.2.0-4-686-pae #1 SMP Debian 3.2.35-2 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Mar 4 23:37:03 2013 from 255.sub-75-221-94.myvzw.com bradboy@ns2:~$ sudo /usr/local/ispconfig/server/server.sh [sudo] password for bradboy: Unable to load the server configuration from database. bradboy@ns2:~$ sudo /usr/local/ispconfig/server/cron_daily.sh finished. bradboy@ns2:~$ tail /var/log/ispconfig/ispconfig.log 04.03.2013-17:27 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ 04.03.2013-17:28 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ 04.03.2013-17:29 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ 04.03.2013-17:30 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ 04.03.2013-17:31 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ 04.03.2013-17:32 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ 04.03.2013-17:33 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ 04.03.2013-17:34 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ 04.03.2013-17:35 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ 04.03.2013-17:36 - ERROR - Plugins directory missing: /usr/local/ispconfig/server/plugins-core/ bradboy@ns2:~$ tail /var/log/ispconfig/cron.log chmod: cannot access `/var/log/ispconfig/httpd/*': No such file or directory chmod: cannot access `/var/log/ispconfig/httpd/*': No such file or directory chmod: cannot access `/var/log/ispconfig/httpd/*': No such file or directory chmod: cannot access `/var/log/ispconfig/httpd/*': No such file or directory bradboy@ns2:~$ sudo ls /usr/local/ispconfig/ interface server bradboy@ns2:~$ sudo ls /usr/local/ispconfig/server/ aps_packages conf-custom cron_daily.sh mods-available mods-enabled plugins-enabled server.php temp conf cron_daily.php lib mods-core plugins-available scripts server.sh bradboy@ns2:~$ On the ISPConfig interface, in System > Server > Services ns2 is there. Clicking it reveals that it does have a checkmark next to DNS, and Is mirror of server ns1 is selected. bradboy@ns2:~$ ls /etc/bind/zones does not reveal any zones from ns1 bradboy@ns2:~$ cat /etc/bind/named.conf.local does not reveal any entries either. Basically, it sits there with it's thumb in it's backside, taunting me, teasing me because I haven't figured out what I'm sure will be a simple solution. The only thing ns2 runs is ssh and bind9. Please let me know what other info you need.
Please see first post in this forum for debug instructions: http://www.howtoforge.com/forums/showthread.php?t=58408 Follow the instructions and post the result. And dont run the ispconfig scripts with sudo, this can result in wrong output. Run sudo su to become root user first.
rather than sudo su, which does it's intended job, you might consider sudo -i that some people argue is the correct way of doing it. Additionally, in a hardened linux system that has root disabled, sudo su will not work, whereas sudo -i will. After reading the Read This Before Posting again, and paying attention to the DNS problem section, I find the following: The title of my original post indicated that I'm using ISPConfig 3 The content of my original post indicated that I'm on Debian wheezy Although I have not waited 24 hours, I have inspected /etc/bind/named.conf/local and /etc/bind/zones for the appropriate changes, bypassing the dns cache issue. This was stated in my previous post. I did indeed show the tail of syslog immediately after executing the scripts in my previous post. if you would like more syslog, just ask. To be complete and follow your instructions precisely, I took another look at the ISPConfig not writing changes to disk section.. I was happy that my memory of the article was correct, it gives instructions only for those affected servers who are running the web gui. Page two of the howto which covers installing on the secondary DNS has the users set it up without the gui. I also agree with this logic, there is no need to have web interfaces everywhere. I'm afraid I have absolutely no new content to add, other than this post which restates my first two posts. Perhaps the problem I'm having is not clear. ns2 is for some reason not reflecting the updates that I make with the web interface that this forum addresses, which is installed and working on ns1.
The debugging guide covers all kind of setups, it does not matter if you have a single server or a few hundred servers as the instructions are the same. So please follow the debug instructions if you like to get help with your issue. 1) Enable debugging in the ispconfig interface (which is on the server that runs the interface of course) 2) Run the server.sh script on the server that is not writing the changes.
Ok... I made the change. My deepest apologies. When I read the article, my interpretation of it is that if you have a problem on srvX you need to access https://srvX.com:8080 and make the adjustment there. I've changed the problem ns2 to debug. I've left the every minute crontab uncommented. I also ran /usr/local/ispconfig/server/server.sh as root. I notice two interesting things, one of which I commented on already in a previous post. Code: root@ns2:~# /usr/local/ispconfig/server/server.sh Unable to load the server configuration from database. The other, on ISPConfig > Monitor > Overview, it shows (Debian Wheezy/Sid) ISPConfig 3.0.5.1 beside ns1. ns2 however does not have ~anything~ beside it's name.
The slave is not able to connect to the master database, so it can not fetch changes or update the status. The most common reason for that are wrong or missing entroies in /etc/hosts on master and / or slave server. It is important that all servers of a cluster have all other servers in their /etc/hosts files and that only the fqdn is listed there as it is decribed in the multiserver guides. You can verify this by trying to login on the commandline from slave server to master with the mysql master login details from file /usr/local/ispconfig/server/lib/config.inc.php As you most likely dont want to reinstall the slave if the hosts were wrong during install, you will have to fix the hostname of the ispcsrv[ID] mysql user of this slave in the mysql master database. Thats related to the connection issue.
I opened /usr/local/ispconfig/server/lib/config.inc.php on the problem ns2 to retrieve the username and password. I used the information as seen below from the file... Code: //** Database settings for the master DB. This setting is only used in multiserver setups $conf['dbmaster_type'] = 'mysql'; $conf['dbmaster_host'] = 'ns1.46-10.com'; $conf['dbmaster_database'] = 'dbispconfig'; $conf['dbmaster_user'] = 'ispcsrv2'; $conf['dbmaster_password'] = 'OBSCURED'; $conf['dbmaster_new_link'] = false; $conf['dbmaster_client_flags'] = 0; Back on ns1, I did the following: Code: bradboy@ns1:~$ mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4773 Server version: 5.5.29-1 (Debian) Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use mysql; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A mysql> UPDATE mysql.user SET Password=PASSWORD('OBSCURED') WHERE User='ispcsrv2'; Query OK, 2 rows affected (0.00 sec) Rows matched: 3 Changed: 2 Warnings: 0 mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye bradboy@ns1:~$ Over to ns2, I got: Code: root@ns2:~# /usr/local/ispconfig/server/server.sh Unable to load the server configuration from database. Just to make sure the /etc/hosts wasn't causing the problem, I added: x.x.x.x ns1.46-10.com to the host file on ns2. Although the changes are supposed to take effect immediately, I rebooted anyway. On ns1 I added y.y.y.y ns2.46-10.com Once ns2 came back up and I kicked all of the other users off, I rebooted ns1 as well. I still have the same problem. Your idea of the password issue gave me an idea though. I wanted to know if the ispcsrv2 user had host access in sql. Here is the result: Code: mysql> use mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> select host, user from user; +---------------+------------------+ | host | user | +---------------+------------------+ | % | ispconfig | | % | ispcsrv2 | | % | root | | 127.0.1.1 | ispcsrv2 | | ::1 | root | | localhost | | | localhost | debian-sys-maint | | localhost | root | | ns1 | | | ns1 | root | | ns1.46-10.com | ispconfig | | ns2.46-10.com | ispcsrv2 | +---------------+------------------+ 13 rows in set (0.00 sec) mysql> Puzzled, I rebooted the thing again before it started filling up with users. When it came back, the web interface now reports ns2's OS info. ( Silly cache ) We are getting somewhere. I took a look in ns2's /etc/bind... and find it filled with the pri.domain.tld zone files. I remember the BIND zonefiles directory and wanted to make sure that it's set correctly for ns2, and it is. I added a 000test.tld using the add zone wizard. ns2's named.conf.local got re-written with only the new test entry I added, and it's zone file went into /etc/bind/zones as expected. ALMOST THERE!!!! Do I just need to let it sit for a while to play catchup with all the other zones, or do I need to somehow force a complete reload?
Found it. I chose the "new" ns2 server node on ISPConfig Cluster panel dropdown menu and from Tools used the Sync Tools and forced a Resync DNS records. Works like a charm. Thank's Till.
Something weird is happening with the "new" ns2 server. I had to enable recursion for it to work outside of our local network. Now it seems that ns3.nic.fr is constantly "spamming" our ns2 with bogus requests. Is there a way to disable recursion and still make the "mirrored" ns2 to work from anywhere?
These 4 were consuming over 1Mbit bandwidth each. Firewall shows that they have used more than 1Gb bandwidth each in a very short time. I blocked them with these commands...
We were able to disable recursive option after reboot. Looks like the attack did not originate from the IP in question but rather the attacker was using IP spoofing to attack it.
