Hi Guys, First many thanks for ISPConfig – an amazing product. Secondly, many thanks to Till and all who contribute here – fantastic work. I will try and outline my issue as briefly as possible! server.abc.com (IP 111.111.111.111) (hosting Apache, PHP, DBs, FTP, Email, MASTER DNS etc) slave-server.abc.com (IP 222.222.222.222) (hosting Apache, PHP, DBs, SECONDARY DNS) All setup as Multi Server and all working well. My only problem is that the MASTER DNS is not updating the SECONDARY DNS. MASTER DNS will update SECONDARY DNS if I select the slave-server.abc.com as MIRROR but I don’t want to do this as I loose control of slave-server.abc.com for other services such as creating new websites, DBs etc. On the MASTER DNS (IP 111.111.111.111) Zone I have added: - Allow zone transfers to these IPs (comma separated list) : 222.222.222.222 Also Notify: 222.222.222.222 I have read the manual and looked hi and low on here and google but I cannot seem to find the answer. Would be grateful if anyone could point me in the right direction please. Thanks in advance Kind regards to all Nick MAIN SERVER Debian 9 - Stretch ISPConfig 3.1.13p1 Web-Server, FTP-Server, SMTP-Server, POP3-Server, IMAP-Server, DNS-Server, mySQL-Server SLAVE SERVER Debian 10 - Buster ISPConfig 3.1.15p3 Web-Server, FTP-Server, DNS-Server, mySQL-Server
not sure about the dns, I've never done it that way, I've always set it as a mirror. but one thing I noticed, you say main server is deb9 isp 3.1.13p1 and slave is deb10 isp 3.1.15p3 the deb9 - deb10 difference is ok AFAIK, but running 3.1.13.p1 on the master and 3.1.15.p3 on the slave is going to cause you problems. there are likely (definitely if you've updated the slave using git-stable) extra columns in some database tables. between those versions there are changes to the datalog functionality to allow undo's, and I've found an extra field in the webdomain table on 3.1.15.p3 when updated using the git-stable branch rather than just stable, and those are just the ones I know of, that last one blocked some MySQL inserts to that table on a slave server, when both master and slave were running 3.1.15p3. you shouldn't install a newer version on the slave than you have on the master. i'm not saying it's the cause of your dns problems, but it is possible some configuration changes/updates aren't getting applied to the slave server because of this.
Secondary zones are not setup automatically like mirrored servers are; thou need to add each secondary zone to the slave server. If your policy is such that every domain on the main server should always be added to the secondary, you could probably create a server plugin that runs on the main server and creates the secondary zone when a new zone is inserted. (Add to the main db table(s) as well as create a sys_datalog entry to propagate it to the slave. )
Hi @nhybgtvfr, Thanks for the heads-up - very kind of you. I just ran the ispconfig_update.sh script to update the MASTER server. The update *seemed* to go OK but it is still showing as 3.1.13.p1! Not sure why the update didn't seem to work? Kind regards Nick
Hi @jesse-norell, Many thanks for the info. If I setup a new zone on the MASTER server and then switch SLAVE-SERVER to mirror it updates the SLAVE-SERVER with the new domain zone without any problem. I would just like to keep these in sync. Kind regards Nick
Hi again @nhybgtvfr, Ignore my comment about the update not working - it is Both servers now showing ISPConfig 3.1.15p3 Kind regards Nick
have you thought of just using a very small server/vps, with only dns enabled/configured on it in ispconfig? that way you could still set it as a mirror of the master server. then way ispconfig keeps everything in sync for you with dns changes pulled into the slave dns servers database and the zone files created from that on every change. this way it's just a small additional server just for dns, that way you could put it anywhere, you can have it on a completely different network in a different country. eg master and webslave on aws in Europe, slave dns server on digitalocean in US. it's always best to keep dns servers geographically/topologically separate. i have to admit, i'm keen to start using dnssec, which isn't possible on mirrored dns, and i don't want to rebuild/reconfigure it all. hopefully it'll be supported on mirrored ispconfig dns servers soon. once that's available i don't see any need/benefit in configuring bind in a master/slave configuration at all.
Hi again, Once again thanks for your input and time. I was just trying to see if it was possible to do what I wanted without the added cost and agro of an additional small VPS! Seems sort of strange that with all the complicated stuff that ISPConfig can do so brilliantly that it cannot replicate / copy DNS zone info to a secondary server. I thought it was me that was missing something simple. All the best Nick
ISPConfig can do that, but you have to tell it to do so by creating a slave record for that zone in ISPConfig DNS module. All initial and also further syncing of the zone is then done automatically.
You could add a feature request to set a slave dns server to automatically add slave zones when they are added to a different non-mirror server. Ie. basically the server plugin I described above with a configuration ui.
under system - main config - dns you set the default dns server. would it not make sense to have a checkbox there to enable default secondary dns servers? when enabled, show a dropdown of all the remaining known dns servers, and allow to select the default secondary server there. can have a + option to enable multiple secondary dns servers. then ispconfig knows about them, if a new dns zone is created on the default dns server, it can automatically create the secondary zones. and configure zone transfers etc. sorry @till, looks like we keep on thinking up new ways to make more work for you.....
Thanks for your kind help guys - I appreciate the help. Will look in more detail tomorrow - my head is scrambled now Kind regards to all Nick
keep it flexible enough that more than one secondary could have zones added, and that any secondary server could be set to have zones added from multiple other dns servers.
Hey, I just came across exactly this: https://git.ispconfig.org/ispconfig/Modules/-/tree/master/dns_slave_auto It doesn't have a ui for configuration like other discussion in this thread here, but probably could get you by until a proper implementation is completed. (Did a feature request for this ever get added?)
Hi @Jesse Norell many thanks for the update. Very interesting solution. To be honest I have gone with setting up another dedicated secondary DNS server as @nhybgtvfr suggested. Would be a great new feature for future updates of ISOConfig. With kind regards to all Nick
I'm hoping this will be implemented soon: https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/990
