Hi! I've installed and configured my new multiserver setup with 8 servers. Everything working like expected so far, however i have a quick question regarding the nameserver config. Do i simple make ns02 the mirror server of ns01 to achieve a typical master/slave DNS setup? Or is there any further bind config necessary to do so? And in this multiserver setup guide a bug gets mentioned There is currently a bug in ISPConfig that causes DNSSEC signed zones to be signed with different keys if you mirror nameservers.is this still relevant?
yes yes There are basically two ways of a DNS setup: a) You choose ns2 to be a mirror of ns1, in this case DNS mirroring happens automatically, but you an't use dns. b) You do not set ns2 to be a mirror of ns2. Instead you add a secondary (slave) DNS record in ISPConfig DNS module on ns2 for each domain that you add a zone in ns1. In this case, BIND and not ISPConfig will do the mirroring and then DNSSEC will work.
Thank you for the quick response. I'm not familiar with DNSSEC so i guess i go the ISPConfig route. Is there any fix for this DNSSec Bug in sight or is it a technical issue with just how DNSSec itself works thats causing the problems here?
There is no solution to be expected in the near future. The issue is actually not a bug, DNSSEC is a feature that we can't implement easily for ISPConfigs internal mirroring mode due to the way the internal mirroring works. We might either have to implement mirroring in a different way or open a direct communication channel between DNS nodes, which currently does not exist as all nodes get their data from the master.
In this case the ns1 and ns2 are not master and slave in DNS sense. They both act like master, ns2 is a copy of ns1. Using the secondary zones makes ns2 a slave for the zones that are configured to it.
Thank you for the heads up. As we don't use DNSSec yet, i don't worry too much right now. We'll see in the future maybe there is a hacky way around this limitation
