ISPConfig on one server , easy ? so DNS issue (second one!)

Discussion in 'ISPConfig 3 Priority Support' started by ledufakademy, Mar 13, 2022.

Page 1 of 2
  1. ledufakademy

    ledufakademy Member

    Someone here ( ;-) ) say that setting up ispconfig on just one server , is the best way to work with it ... easy way.
    i'm not totally agree with that , because how do you solve the problem the need to have 2 disctinct dns server for your domain ?
    Registrar often need two different public IP for DNS server of a zone ...
    ispconfig install .. create just one dns server ... :-(
     
    Last edited: Mar 13, 2022
    ledufakademy, Mar 13, 2022
    #1
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Who says that?

    Personally I think it's best to spread all services over several servers. And of course you need 2 nameservers in separate countries and networks.
     
    Th0m, Mar 14, 2022
    #2
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    I use ISPConfig as a multiserver setup since 2008, with no issues at all. So claiming that ISPConfig only works or works best as a single server system is a complete nonsense. You want to run your own DNS services and therefore you need multiple DNS servers, then install a multi-server system.
     
    till, Mar 14, 2022
    #3
    Th0m likes this.
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I don't know that you're referring to exactly, but perhaps they meant it is the best way to give it a quick test drive? Personally I do run a couple single server systems, but prefer the multi server systems, as it is a more secure design.
     
    Jesse Norell, Mar 14, 2022
    #4
  5. ledufakademy

    ledufakademy Member

    ok , ok ... far ago far ago : i asked for 11 servers setup , and Till (oups i sayd that ;-) said it's better to build one server setup.
    But for an ISP we need ... 3 web servers, 3 db , 3 mail and 2 dns ... VM
    But yes it's work pretty well except for transferring certficate (LE) to our mailserver , from web server ...
    We don't have 11 public IPV4 .. that was the deal .
    Easy with one public public by server : easy ! (and if only we have money for SSL certficate wildcard )

    But today i need to build one homeserver for doing mail and dns ... ;)
     
    ledufakademy, Mar 14, 2022
    #5
  6. ledufakademy

    ledufakademy Member

    ... but you got more than one public ipv4 ... (or ipv6 stuff );-)
     
    ledufakademy, Mar 14, 2022
    #6
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Yes, every server needs it's own IPv4 address. Maybe look for a different provider if you can't get what you need right now.
     
    Th0m, Mar 14, 2022
    #7
  8. ledufakademy

    ledufakademy Member

    pfff ... not easy . Reading ISPCONFIG manual , page 221 ...
    i'm trying to make my first ispconfig dns servers to host ... slave zone / secondary dns-zone of my new domain "dufour.cloud"
    So easy to "configure" on first ispconfig panel :
    DNS-Zone : dufour.loud. ,
    then
    NS (IP-address) (my primary dns server) : 80.67.179.181
    then Active ...

    On primary (my new ispconfig instance/panel) :
    create zone dufour.cloud , then "Allow zone transfers to these IPs (comma separated list)" : 89.234.140.100 (my ns2.dufour.cloud server ...
    and then ... tadadad , not working again.
    on ns2.dufour.cloud bind log (in fact ns1.auvergnux.org):
    on ns1.dufour.cloud
    what is not ok again ? AXFR transfer is not working, what must be done in panel in order to make this working ?
     
    Last edited: Mar 17, 2022
    ledufakademy, Mar 17, 2022
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    You did not set ns2 to be a mirror of ns1 in ISPConfig under System > server services, correct? Because when you want to use BIND zone transfers instead of mirroring, then ns1 and ns2 may not be set to be mirrored in ISPConfig.
     
    till, Mar 17, 2022
    #9
  10. ledufakademy

    ledufakademy Member

    ISPConfig instance 1 : auvergnux.org (with ns1 VM and ns2 VM which is a mirror of ns1 - in ispconfig terminology- ) ... and then 2 NS record
    ISPConfig new instance (2) : with ns server activated ..hosting secondary zone for dufour.cloud.
    In order to have two DNS server with 2 different IPv4 with, instance 2 should send dufour.cloud zone to ns1.auvegnux.org , which i want to host the slave zone (and yes ns2.auvergnux.org is a mirror of ns1.auvergnux.org, together hosted on instance 1.
    ... i hope to be clear enought.
    And for me this is a logical and simple setup :
    - primary server for dufour.cloud = ns1.dufour.cloud => ISPconfig instance 2 (new single server setup)
    - secondary zone on ns1.auvergnux.org ns server configured with a secondary zone ... named dufour.Cloud with primary server , above.
     
    Last edited: Mar 17, 2022
    ledufakademy, Mar 17, 2022
    #10
  11. ledufakademy

    ledufakademy Member

    ... even if only i'm using ns1.auvergnux.org to receive instance 2 dufour.Cloud zone via axfr transfert ?
     
    ledufakademy, Mar 17, 2022
    #11
  12. ledufakademy

    ledufakademy Member

    ... i just want to have a simple setup with one ISPConfig server for hosting my MAIL server and DNS (dufour.cloud) panel config : that's a very simple request ... i think.
     
    ledufakademy, Mar 17, 2022
    #12
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    You must decide if you want to use DNS Mirroring in ISPConfig or BIND AXFR for zone transfer between the servers, you can not use both ways to transfer zones at the same time as this would make records collide on the ns2 server as a zone with the same name may not exist twice on the same server.

    If you set up your ns2 to be a mirror of ns1 in ISPConfig, then internal DNS mirroring is used and not BIND axfr. You must remove the secondary DNS record in ISPConfig in this case as the record has already been mirrored automatically and no secondary record is needed at all (or to be more precise, adding a secondary record for an already mirrored domain will make it fail).

    Or you disable mirroring in ISPConfig and use AXFR instead. using mirroring in ISPConfig is easier than AXFR, but you can't use DNSSEC with ISPConfig's internal mirroring, for DNSSEC you will have to use AXFR. So you must decide which features you want to use and which method to use then.
     
    till, Mar 17, 2022
    #13
  14. ledufakademy

    ledufakademy Member

    ns1.dufour.cloud (primary server for dufour.cloud zone - instance 1 ISPconf ) == AXFR ==> ns1.auvergnux.org - instance 2 ISPconf (with ns2.auvergnux.org : mirror of ns1.auvergnux.org)

    And : ns1.auvergnux.org had Secondary zone for dufour.cloud.

    On my registrar i put :
    ns1.dufour.Cloud = 80.67.179.181 (new instance of ispconfig)
    ns2.dufour.Cloud = 89.234.140.100 (which is ns1.auvergnux.org on instance 1 of ispconfig another town site)
    And i don't to break mirroring which is working perfectly since 2 years !

    It's not possible to do that ? (i don't understand why ns1.auvergnux.org can't continued to be mirrored on ns2.auvergnux.org ... only the secondary zone will be modified on ns1.auvegrnux.org)

    Or i must create a a standard zone (dufour.cloud) on ns1.auvergnux.org ... but manually need to update, this is not cool.
     
    Last edited: Mar 17, 2022
    ledufakademy, Mar 17, 2022
    #14
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    You don't need AXFR when you are using mirroring already. You claim you have set up mirroring, that's perfect, so all you have to do now is to delete the secondary record as AXFR is not used on your system for mirroring.
     
    till, Mar 17, 2022
    #15
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Mar 17, 2022
    #16
  17. ledufakademy

    ledufakademy Member

    delete AXFRfr , ok : but my zone dufour.cloud also hosted on ns1.auvergnux.org , wouldn't be updated automatically from ns1.dufour.cloud when changed will be made ...
     
    ledufakademy, Mar 17, 2022
    #17
  18. ledufakademy

    ledufakademy Member

    ... and somehow is ?

    if read this "how to" .... i need 3 VM for ... only hosting 1 MAIL and 1 DNS services. :oops:
     
    ledufakademy, Mar 17, 2022
    #18
  19. ledufakademy

    ledufakademy Member

    And in a ns1.auvergnux.org log i can see ns1.dufour.cloud sending data !
    Code:
    Mar 17 17:20:14 ns1 named[3456513]: client @0x7f2768634f98 80.67.179.181#64998: received notify for zone 'dufour.cloud'
Mar 17 17:20:14 ns1 named[3456513]: zone dufour.cloud/IN: notify from 80.67.179.181#64998: no serial
Mar 17 17:20:44 ns1 named[3456513]: zone dufour.cloud/IN: refresh: retry limit for master 80.67.179.181#53 exceeded (source 0.0.0.0#0)
Mar 17 17:20:44 ns1 named[3456513]: zone dufour.cloud/IN: Transfer started.
     
    ledufakademy, Mar 17, 2022
    #19
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    Take care that port 53 on master is open and allows both UDP/TCP. Then take care that you set the IP address of the slave server in the allow transfer to field of the master DNS zone, otherwise the secondary server is not allowed to pull data.

    You can also try to transfer the zone manually and see what you get. The command must be run on the secondary name server.

    dig -t AXFR dufour.cloud @1.2.3.4

    replace 1.2.3.4 with the IP address of the primary name server.
     
    till, Mar 17, 2022
    #20
Page 1 of 2

Share This Page