If I change or add something in IspConfig -> DNS -> Domain.com ->Records -> How many time Bind need to be updated ? After more than 10 minutes, nano /etc/bind/pri.domain.com still have the TXT field not updated thanks
Max 60 seconds. Check if there is a file with .err ending for this domain in the bind folder, this means that bind rejected your changes, you can then use named-checkzone command to get a more detailed error message in case you don't know what you did wrong.
Great, so the problem is on my side Code: root@vps123456:~# named-checkzone domain-name.com /etc/bind/pri.domain-name.com Return Code: dns_master_load: /etc/bind/pri.domain-name.com:31: Kdomain-name.com.+007+08055.key: file not found dns_master_load: /etc/bind/pri.domain-name.com:33: Kdomain-name.com.+007+24209.key: file not found zone domain-name.com/IN: loading from master file /etc/bind/pri.domain-name.com failed: file not found zone domain-name.com/IN: not loaded due to errors. If I change manually in this file: /etc/bind/pri.domain-name.com Code: $INCLUDE Kdomain-name.com.+007+08055.key $INCLUDE Kdomain-name.com.+007+24209.key and add manually /etc/bind/ Code: $INCLUDE /etc/bind/Kdomain-name.com.+007+08055.key $INCLUDE /etc/bind/Kdomain-name.com.+007+24209.key I get Code: root@vps123456:~# named-checkzone domain-name.com /etc/bind/pri.domain-name.com zone domain-name.com/IN: loaded serial 2019100310 OK root@vps123456:~# But that's not the right way to do ? How to do not get this error and do not add manually /etc/bind/ ?
That's probably related to the other wrong tutorial that you followed before for DNSSEC. I explained there that it's likely that operations will fail for DNS if not everything is properly reversed. The issue you had there occurred on page 4 of the guide, so you must undo all steps on page 1 - 3 that you did before to fix your system.
Please sure that I have done nothing more in this tutorial than this below, That's the first step in this page 4 and only one step has been done in page 4, and absolutly nothing with the page 1, 2 , 3 : Code: rollinit -zonefile /etc/bind/pri.example.org.signed -keyrec /etc/bind/example.org.krf -admin [email protected] example.org >> all.rollrec And I get this Code: -bash: rollinit: command not found Do you mean only this step broken all my conf ? I cannot reversed something not done..
If you did not follow the guide and just run this non-existing command, then there should be no problem. The key files get included automatically, I just tested it here in ISPConfig 3.1.15. So the question is why they can't be included in your case. Is there a file: /etc/bind/pri.domain-name.com.err on your server? Is there still a blinking red dot in the ISPConfig UI which indicates that there are pending changes?
nano /etc/bind/pri.domain-name.com.err give an empty file Code: /etc/bind/pri.domain-name.com give me Code: $TTL 3600 @ IN SOA ns1.domain-name.com. vps123.myvps.com. ( 2019100414 ; serial, todays date + todays serial # 7200 ; refresh, seconds 540 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; domain-name.com. 3600 A 12.13.456.78 mail.domain-name.com. 3600 A 12.13.456.78 ns1.domain-name.com. 3600 A 12.13.456.78 ns2.domain-name.com. 3600 A 10.11.123.456 ftp.domain-name.com. 3600 CNAME domain-name.com. www.domain-name.com. 3600 CNAME domain-name.com. domain-name.com. 3600 CAA 0 issue "letsencrypt.org" domain-name.com. 3600 MX 10 mail.domain-name.com. domain-name.com. 3600 NS ns1.domain-name.com. domain-name.com. 3600 NS ns2.domain-name.com. 78.456.13.12.in-addr.arpa. 3600 PTR domain-name.com. 78.456.13.12.in-addr.arpa. 3600 PTR mail.domain-name.com. ns1.domain-name.com. 3600 PTR 12.13.456.78 ns2.domain-name.com. 3600 PTR 10.11.123.456 domain-name.com. 3600 TXT "v=spf1 mx a ip4:12.13.456.78/32 a:mail.domain-name.com -all" default._domainkey.domain-name.com. 3600 TXT "v=DKIM1; t=s; p=MIIBIjBNBgkqhkiG9w0BAQEFBBOCAQ8AMIIBCgKCAQEArwOGvmWFTtVgkMpiD3WDoLbnb2HyTyGmRcru45OcUs2kRZFiFmnt3RqIk68fpNFQ8EFiqT7UWNffcjXrmQAD1PxiM5ElPAL6975OWZ12sHTH4nstgV7xPu9UTX9xdNBo9+IuSyUjvUs21Wrc0tssG64ZkOuRa6jxW4lpTsrcT9Y2j2L2tk85nBdGeuy9fs3FNnI" "hQIDIsD2tEVEHt9LeFWekfjE1/aPhTtsgxOhmiaqOVkJ0SFzkiXbuNhrqsvGnSUj2U/tnN4jKUbL/kHES4iKZBiohsbWLvUuFokV0BZWMS9tElSrsRaxtIwT+gVa64BOaqO9d4UrTNbX23x09MQIDAQAB" ownercheck.domain-name.com. 3600 TXT "fd3e5411" _dmarc.domain-name.com. 3600 TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0:1:d:s; adkim=s; aspf=s; rf=afrf:iodef; sp=reject" $INCLUDE Kdomain-name.com.+007+08055.key $INCLUDE Kdomain-name.com.+007+24209.key No following your previous instruction, I am always waiting 60 seconds, means 2 minutes to be sure... Maybe when we setup the Dns with IspConfig evething is ok, later when we change something with in the Dns Zone with Ispconfig, etc/bind/ disappears. I don't know...
Yes I agree But Code: named-checkzone domain-name.com /etc/bind/pri.domain-name.com Report errors even if /etc/bind/pri.domain-name.com is existing Code: named-checkzone domain-name.com /etc/bind/pri.domain-name.com dns_master_load: /etc/bind/pri.domain-name.com:31: Kdomain-name.com.+007+08055.key: file not found dns_master_load: /etc/bind/pri.domain-name.com:33: Kdomain-name.com.+007+24209.key: file not found zone domain-name.com/IN: loading from master file /etc/bind/pri.domain-name.com failed: file not found zone domain-name.com/IN: not loaded due to errors. To do not get this error I must add manually /etc/bind/ Code: named-checkzone domain-name.com /etc/bind/pri.domain-name.com dns_master_load: /etc/bind/pri.domain-name.com:31: Kdomain-name.com.+007+08055.key: file not found dns_master_load: /etc/bind/pri.domain-name.com:33: Kdomain-name.com.+007+24209.key: file not found zone domain-name.com/IN: loading from master file /etc/bind/pri.domain-name.com failed: file not found zone domain-name.com/IN: not loaded due to errors. $INCLUDE /etc/bind/Kdomain-name.com.+007+08055.key $INCLUDE /etc/bind/Kdomain-name.com.+007+24209.key I get Code: root@vps123456:~# named-checkzone domain-name.com /etc/bind/pri.domain-name.com zone domain-name.com/IN: loaded serial 2019100310 OK root@vps123456:~#
Add the include lines for the keys manually for now, I don't know why they could not be added in your case as it works flawlessly here on Debian 10. It might also be that something is missing on your setup in case you left other things out from perfect server guide during install, at least it seems that you have left out fail2ban according to your other thread, so maybe you missed installing other packages from perfect server guide as well? or is the server with fail2ban a different, non-ispconfig, system?
Ok I will, that's not a big problem No, this thread is just asking for a specific rules with advanced users, it mean I'm using Fail2ban...I think this better to ask than applied some specific rules without enough knowledge. I can confirm that I have followed perfectly this tutorial: The Perfect Server - Debian 10 (Buster) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1 and installed everything as recommanded, even mailman and I don't need it. But it's ok for me, I can add /etc/bind/ manually, I just wanted to be sure to do not broken anything in the Ispconfig if I am doing this.
