As mentioned in this thread, @till is talking about slave records? I was wondering how this is setup. I did a reinstall of my ISPConfig since i had some LE Cert issues which i couldnt resolve. Now i also want DNS Sec working, but i dont really understand how i have to set this up. The 2nd DNS server is already installed and connected to ISPConfig main server. I had it installed as mirror of the primary, but that doesn't seem to be how this is supposed to be setup. p.s. I thought it was time i became HTF Supporter i really enjoy ISPConfig and HTF support! Keep up the good work.
In general, that's the correct setup but at the moment, you won't be able to use DNSSEC in this kind of setup due to a problem in the way we implemented it in ISPConfig. What I mentioned in the other thraed is the alternative way to set this up. 1) Disable the mirroring in ISPConfig under System > server services. 2) Now both dns servers should show up in the dns manager. 3) Create a primary dns zone in ISPConfig as usual, choose the first dns server as server for this record. In the "Allow transfer to" field, set the IP address of your second DNS server. 4) Now create a dns slave record in the ispconfig DNS manager for this zone, here you choose the second dns server as target for this dns records. Now BIND will take care toy keep the record in sync between the servers. Thank you for supporting us!
What type of record is DNS Slave Record? Or do you just mean dns2.domain.tld and set it as secondary NS?
You can find slave zones in the menu on the left side. Slave zones are described in the ISPConfig manual https://www.howtoforge.com/download-the-ispconfig-3-manual in chapter 4.8.3
Okai, i was already looking into that. So it comes down to: - Delete what i have now (zones etc) - Dont make 2nd DNS Server a mirror of main - Add zone on the primary - Make the "Allow transfer to" the ip of secondary server. - Add Secondary zone on 2nd server.
Alright, i figured it out Thnx! There is no way yet to automate this? In the Zone template somehow also add Secondary zone? Noticed you dont need Secondary Zone, just set the Also Notify field is enough? Also, can you set the Allow Transfer in the template? -edit- Hm i do need secondary zone? Was looking at wrong server.. Any way to automate this?
Yes. The secondary zone tells BIND on the second server that it shall connect to the first server to fetch the zone data and to keep it updated. No, not yet as this is basically a workaround for a problem in the regular mirroring which get fixed in the next major release 3.2
